Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   VirTool:Win32/Obfuscator.ALA (https://www.trojaner-board.de/159334-virtool-win32-obfuscator-ala.html)

Marion1604 03.10.2014 08:39
VirTool:Win32/Obfuscator.ALA
 
Hallo zusammen,

ich benutze Windows 7, 64Bit Version. ich habe seit ein paar Tagen das Problem daß mir von Microsoft Essential das VirTool:Win32/Obfuscator.ALA angezeigt wird.

Habe als Virusprogramm Avira von Antivir drauf der auch ständig anschlägt.

Ich würd mich freuen wenn mir da jemand helfen könnte, da ich das Tool nicht herunter bekomme. Im voraus schonmal ganz lieben Dank.

liebe Grüße Marion

deeprybka 03.10.2014 09:03
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:

Bitte auch das Log der AVPs oder einen Screenshot vom Fund posten. Danke! ;)

Schritt 1
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://deeprybka.trojaner-board.de/tdss/codetags.gif

Marion1604 03.10.2014 09:37
FRST.txt
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Marion (administrator) on MARION-PC on 03-10-2014 10:28:28
Running from C:\Users\Marion\Desktop
Loaded Profiles: Marion & Acronis Agent User (Available profiles: Marion & Acronis Agent User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hama GmbH & Co KG) C:\Program Files (x86)\Hama\Common\RaUI.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acronis) C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
() C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [383248 2010-11-30] (Acronis)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\MountPoints2: {9116d1a0-cc3a-11e3-bd1f-e03f491a4f5a} - I:\pushinst.exe
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Winlogon: [Shell] C:\Program Files\Canon\MyPrinter\PL\32bit\app_bar\configuration.exe,explorer.exe <==== ATTENTION
IFEO\cnqmmain.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\efficientstickynotes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files (x86)\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Sticky Notes.lnk
ShortcutTarget: Efficient Sticky Notes.lnk -> C:\Program Files (x86)\Efficient Sticky Notes\EfficientStickyNotes.exe (Efficient Software)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8E&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtIWwhFAQyQPjQo26ZjGg0_IL7SsoEdVnszhM0z0jA1x-Q0eWH3AvQJQdIf8cb5Ej
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8E&q={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {E79E229F-F9AA-403C-9DCB-5BBD1D0B82B0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8D&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8D&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8E&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8E&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> B2FA8FDB53D82058832CD3523D0274BB180BF5229101F0FDD7365CE53DEE6259
CHR DefaultSearchKeyword: Default -> 7162C9DB67215AEE0DDB58BBFE379A6C6FB1A79C1469E22C4554908A01C92B2E
CHR DefaultSearchProvider: Default -> D594224EF2312459C9A3D9A1E87EC3F5E08CCA2BE423F21750AECD2B027FDBCE
CHR DefaultSearchURL: Default -> 29C29F070477747ECFE136C6F67570ABBC7394974956F9BEC1ED07DFFBBE09D4
CHR Profile: C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
CHR Extension: (Avira Browser Safety) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]
CHR Extension: (Boost) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn [2014-09-25]
CHR Extension: (Google Wallet) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [1914768 2010-11-30] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
R2 DMS; C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe [4638352 2010-11-30] (Acronis)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R1 MpKsl1bb4d93a; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C31E152-4F0B-49E2-A76C-46EA1091BCDC}\MpKsl1bb4d93a.sys [45352 2014-10-03] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
R1 {6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64; C:\Windows\System32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64.sys [48784 2014-09-24] (StdLib)
S1 axnsraer; \??\C:\Windows\system32\drivers\axnsraer.sys [X]
S1 ddoiigbx; \??\C:\Windows\system32\drivers\ddoiigbx.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S1 fsmsnfwt; \??\C:\Windows\system32\drivers\fsmsnfwt.sys [X]
S1 ihnucalu; \??\C:\Windows\system32\drivers\ihnucalu.sys [X]
S1 itcwrofb; \??\C:\Windows\system32\drivers\itcwrofb.sys [X]
S1 jmkcmoxh; \??\C:\Windows\system32\drivers\jmkcmoxh.sys [X]
S1 lacwkzcs; \??\C:\Windows\system32\drivers\lacwkzcs.sys [X]
S1 lfjdnuqm; \??\C:\Windows\system32\drivers\lfjdnuqm.sys [X]
S1 nesesnma; \??\C:\Windows\system32\drivers\nesesnma.sys [X]
S1 nmwtxjbn; \??\C:\Windows\system32\drivers\nmwtxjbn.sys [X]
S1 nqhqxrbj; \??\C:\Windows\system32\drivers\nqhqxrbj.sys [X]
S1 ohryqmkp; \??\C:\Windows\system32\drivers\ohryqmkp.sys [X]
S1 pqtxhguf; \??\C:\Windows\system32\drivers\pqtxhguf.sys [X]
S1 rciklfqv; \??\C:\Windows\system32\drivers\rciklfqv.sys [X]
S1 rhjxtslu; \??\C:\Windows\system32\drivers\rhjxtslu.sys [X]
S1 tvmeatie; \??\C:\Windows\system32\drivers\tvmeatie.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 10:28 - 2014-10-03 10:29 - 00020450 _____ () C:\Users\Marion\Desktop\FRST.txt
2014-10-03 10:28 - 2014-10-03 10:28 - 00000000 ____D () C:\FRST
2014-10-03 10:27 - 2014-10-03 10:27 - 02109440 _____ (Farbar) C:\Users\Marion\Desktop\FRST64.exe
2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\VisualShape
2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\ProgramData\VisualShape
2014-10-03 09:52 - 2014-10-03 09:52 - 00001023 _____ () C:\Users\Public\Desktop\Farm to Fork Sammleredition.lnk
2014-10-03 09:06 - 2014-10-03 09:06 - 00000056 _____ () C:\Windows\setupact.log
2014-10-03 09:06 - 2014-10-03 09:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-01 10:53 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:53 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:45 - 2014-09-30 17:45 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\10tons
2014-09-29 11:20 - 2014-10-01 11:40 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Dfsntdevjq
2014-09-27 15:20 - 2014-09-29 11:20 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Owuu
2014-09-27 11:58 - 2014-09-27 11:56 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-27 11:56 - 2014-09-27 11:56 - 00002025 _____ () C:\Users\Marion\Desktop\Avira Free Antivirus starten.lnk
2014-09-27 11:56 - 2014-09-27 11:56 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Avira
2014-09-27 11:55 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-27 11:55 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-27 11:55 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-27 11:41 - 2014-09-27 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-27 09:19 - 2014-09-27 15:20 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Mdffocmx
2014-09-27 09:09 - 2014-09-29 11:34 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Rtpzgejllg
2014-09-26 17:49 - 2014-09-27 09:19 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Psny
2014-09-26 08:43 - 2014-09-26 23:15 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Ydllnepc
2014-09-26 08:29 - 2014-09-26 17:49 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Rqhcinlpl
2014-09-25 19:46 - 2014-09-25 19:46 - 00000975 _____ () C:\Users\Public\Desktop\Königliche Puzzle 2.lnk
2014-09-25 19:45 - 2014-09-25 19:45 - 00000967 _____ () C:\Users\Public\Desktop\Königliche Puzzle.lnk
2014-09-25 19:27 - 2014-09-25 19:27 - 00001031 _____ () C:\Users\Public\Desktop\Puzzle-Holiday Valentinstag.lnk
2014-09-25 18:55 - 2014-09-25 18:56 - 00000000 ____D () C:\Users\Marion\Desktop\Programme
2014-09-25 12:03 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-25 12:03 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-25 12:03 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-25 12:03 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-25 11:51 - 2014-09-25 11:50 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-25 11:50 - 2014-09-25 11:50 - 00000000 ____D () C:\Program Files\Java
2014-09-25 10:52 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-09-25 10:49 - 2014-09-25 10:49 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-25 10:49 - 2014-09-25 10:49 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-25 10:49 - 2014-09-25 10:49 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-25 10:49 - 2014-09-25 10:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-25 10:46 - 2014-09-24 14:18 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64.sys
2014-09-25 10:42 - 2014-09-25 10:42 - 00004030 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-25 10:41 - 2014-09-25 11:25 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Systweak
2014-09-25 10:41 - 2014-09-25 10:51 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-09-25 10:41 - 2014-09-25 10:41 - 00002518 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-25 10:41 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-09-25 10:29 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-25 10:29 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-25 10:29 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-25 10:29 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-25 10:29 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-25 10:29 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-25 10:29 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-25 10:29 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-25 10:29 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-25 10:29 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-25 10:29 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-25 10:29 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-25 10:29 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-25 10:29 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-25 10:29 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-25 10:29 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-25 10:28 - 2014-09-25 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-25 10:28 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-25 10:28 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-25 10:28 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-09-25 10:28 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-25 10:28 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-25 10:27 - 2014-09-25 10:27 - 00007605 _____ () C:\Users\Marion\AppData\Local\Resmon.ResmonCfg
2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-25 10:26 - 2014-09-25 10:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-09-25 10:25 - 2014-09-25 10:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2014-09-25 10:12 - 2014-09-27 12:13 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-25 10:12 - 2014-09-25 10:12 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-25 09:43 - 2014-09-25 11:13 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Obfii
2014-09-25 09:32 - 2014-10-03 09:48 - 00000000 ____D () C:\ProgramData\evg
2014-09-25 09:31 - 2014-09-25 09:31 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Xggt
2014-09-24 09:37 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:37 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 10:36 - 2014-09-16 10:36 - 00001039 _____ () C:\Users\Public\Desktop\Gizmos - Rätsel des Universums.lnk
2014-09-16 10:36 - 2014-09-16 10:36 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Western Software Technologies
2014-09-12 00:29 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:29 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 00:29 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:29 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:29 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:29 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:29 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:29 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:29 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:29 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:29 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:29 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:29 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:29 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:29 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:29 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 00:29 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:29 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:29 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 00:29 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:29 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 00:29 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:29 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:29 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 00:29 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 00:29 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:29 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 00:29 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 00:29 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 00:29 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 00:29 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:29 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:29 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:29 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:29 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 00:29 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 00:29 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 00:29 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:29 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 00:29 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 00:29 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:29 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:29 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 00:29 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 00:29 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:29 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 00:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 00:28 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:28 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 00:22 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 00:22 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 21:21 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 21:21 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 21:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 21:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 21:21 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 21:21 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 21:21 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 21:21 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 21:21 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 21:21 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 21:21 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-08 08:34 - 2014-10-03 09:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 08:34 - 2014-10-03 09:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 08:34 - 2014-09-27 11:42 - 00004116 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-08 08:34 - 2014-09-27 11:42 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-08 08:34 - 2014-09-08 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-07 21:43 - 2014-09-25 11:24 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-07 21:43 - 2014-09-07 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-09-07 21:39 - 2014-09-25 11:24 - 00000000 ____D () C:\Program Files (x86)\Yahoo!

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 10:25 - 2014-02-15 21:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 10:25 - 2014-02-15 20:28 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Skype
2014-10-03 10:25 - 2014-02-15 19:35 - 01246462 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 10:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-03 09:53 - 2014-02-20 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
2014-10-03 09:14 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 09:14 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 09:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-02 20:17 - 2014-02-15 20:03 - 00000000 ____D () C:\Users\Marion\AppData\Local\CrashDumps
2014-10-02 13:57 - 2014-06-02 11:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-10-02 13:34 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Adobe
2014-10-02 09:16 - 2014-02-21 21:35 - 00000000 ____D () C:\Users\Marion\Desktop\Spiele
2014-09-29 19:55 - 2014-02-15 21:23 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\vlc
2014-09-29 13:13 - 2014-08-10 20:12 - 00000000 ____D () C:\Users\Marion\Documents\8floor
2014-09-27 12:26 - 2014-02-15 23:24 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-09-27 12:25 - 2014-02-15 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-09-27 11:55 - 2014-02-23 00:08 - 00000000 ____D () C:\ProgramData\Avira
2014-09-27 11:55 - 2014-02-23 00:08 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-27 11:41 - 2014-08-05 09:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-27 11:04 - 2014-02-15 23:16 - 00001185 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-27 09:13 - 2014-06-04 09:10 - 00003854 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1392487835
2014-09-27 09:13 - 2014-02-15 20:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-26 12:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 18:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-25 16:31 - 2014-02-15 23:42 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-09-25 11:36 - 2014-02-24 21:59 - 00000000 ____D () C:\Users\Marion\Documents\EfficientPIM AutoBackup
2014-09-25 11:36 - 2014-02-16 00:56 - 00598016 _____ () C:\Users\Marion\Documents\MyStickyNotes.esn
2014-09-25 11:13 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Local\VirtualStore
2014-09-25 10:32 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-25 10:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-25 10:15 - 2014-02-15 23:16 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\TeamViewer
2014-09-25 10:15 - 2013-11-19 11:32 - 00000000 ____D () C:\Windows\Panther
2014-09-24 19:25 - 2014-02-15 21:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 19:25 - 2014-02-15 21:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 19:25 - 2014-02-15 21:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 09:35 - 2014-02-15 21:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-23 09:33 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-22 08:42 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-20 09:09 - 2014-02-21 10:34 - 00000000 ____D () C:\Users\Acronis Agent User\AppData\Local\CrashDumps
2014-09-18 09:41 - 2014-02-15 20:28 - 00000000 ____D () C:\ProgramData\Skype
2014-09-13 10:05 - 2014-08-18 18:24 - 00000000 ____D () C:\Users\Marion\Documents\Outlook-Dateien
2014-09-12 00:28 - 2014-02-15 21:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 00:28 - 2013-11-19 11:37 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 00:28 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 00:28 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 00:28 - 2009-07-14 07:13 - 01592628 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 00:27 - 2014-02-18 10:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 00:22 - 2014-05-06 23:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 21:46 - 2014-02-15 21:08 - 00000000 ____D () C:\Users\Marion\AppData\Local\Adobe
2014-09-08 08:47 - 2014-02-15 21:09 - 00000000 ____D () C:\Users\Marion\AppData\Local\Google
2014-09-08 08:34 - 2014-02-15 21:09 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-04 08:40 - 2014-08-14 09:11 - 00000000 ____D () C:\ProgramData\374311380

Some content of TEMP:
====================
C:\Users\Marion\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 12:35

==================== End Of Log ============================
--- --- ---




Additon.TXTFRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by Marion at 2014-10-03 10:30:14
Running from C:\Users\Marion\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis Disk Director 11 Advanced Bootable Media Builder (HKLM-x32\...\{8EF18153-2F5C-4511-9C05-2BF39F5A241A}) (Version: 11.0.12077 - Acronis)
Acronis Disk Director 11 Advanced* Agent (HKLM-x32\...\{53B91797-7CC8-41AA-999E-C33DAEC63A1A}) (Version: 11.0.12077 - Acronis)
Acronis Disk Director 11 Advanced*Management*Console (HKLM-x32\...\{AFDDB79D-3FB6-4E82-832C-728F73FAC327}) (Version: 11.0.12077 - Acronis)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{149bb302-ebda-47ae-b3e6-297cf4c356dc}) (Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon MX390 series Benutzerregistrierung (HKLM-x32\...\Canon MX390 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MX390 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX390_series) (Version: 1.00 - Canon Inc.)
Canon MX390 series On-screen Manual (HKLM-x32\...\Canon MX390 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Gold von Kalifornien (HKLM-x32\...\Das Gold von Kalifornien) (Version: 1.0.0.0 - INTENIUM GmbH)
Das Tal der Träume 2 (HKLM-x32\...\Das Tal der Träume 2) (Version: 1.0.0.0 - INTENIUM GmbH)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Delicious: Emily und die Traumhochzeit Sammleredition (HKLM-x32\...\Delicious: Emily und die Traumhochzeit Sammleredition) (Version: 0.0.0.0 - INTENIUM GmbH)
Delicious: Emily und die Wahre Liebe Sammleredition (HKLM-x32\...\Delicious: Emily und die Wahre Liebe Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Der bartlose Zauberer (HKLM-x32\...\Der bartlose Zauberer) (Version: 2.0.0.0 - INTENIUM GmbH)
Der Bau der Chinesischen Mauer Sammleredition (HKLM-x32\...\Der Bau der Chinesischen Mauer Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Der Ruf der Zeit (HKLM-x32\...\Der Ruf der Zeit) (Version: 1.0.0.0 - INTENIUM GmbH)
Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.13 - INTENIUM GmbH)
Die 12 Heldentaten des Herkules 2: Der Kretische Stier (HKLM-x32\...\Die 12 Heldentaten des Herkules 2: Der Kretische Stier) (Version: 2.0.0.0 - INTENIUM GmbH)
Die Meister der Rätselrunde (HKLM-x32\...\Die Meister der Rätselrunde) (Version: 1.0.0.0 - INTENIUM GmbH)
Die Welt der Puzzle: Jigsaw Boom (HKLM-x32\...\Die Welt der Puzzle: Jigsaw Boom) (Version: 1.0.0.0 - INTENIUM GmbH)
Dr.Wise: Wunder der Medizin (HKLM-x32\...\Dr.Wise: Wunder der Medizin) (Version: 2.0.0.0 - INTENIUM GmbH)
Efficient Sticky Notes 1.68 (HKLM-x32\...\Efficient Sticky Notes_is1) (Version:  - Efficient Software)
Farm to Fork Sammleredition (HKLM-x32\...\Farm to Fork Sammleredition) (Version: 0.0.0.0 - INTENIUM GmbH)
Farm Tribe 2: Jetzt wird geackert! (HKLM-x32\...\Farm Tribe 2: Jetzt wird geackert!) (Version: 1.0.0.0 - INTENIUM GmbH)
Farmington Tales: Geschichten vom Land (HKLM-x32\...\Farmington Tales: Geschichten vom Land) (Version: 1.0.0.0 - INTENIUM GmbH)
Ferne Königreiche (HKLM-x32\...\Ferne Königreiche) (Version: 1.0.0.0 - INTENIUM GmbH)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Geschichten aus dem Orient: Die aufgehende Sonne (HKLM-x32\...\Geschichten aus dem Orient: Die aufgehende Sonne) (Version: 2.0.0.0 - INTENIUM GmbH)
Gizmos: Rätsel des Universums (HKLM-x32\...\Gizmos: Rätsel des Universums) (Version: 0.0.0.0 - INTENIUM GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hama Wireless LAN Adapter (HKLM-x32\...\{E91E8912-769D-42F0-8408-0E329443BABC}) (Version: 1.00.01 - Hama)
Heart's Medicine: Ärztin mit Herz (HKLM-x32\...\Heart's Medicine: Ärztin mit Herz) (Version: 1.0.0.0 - INTENIUM GmbH)
Herr des Wetters: Auf der Spur des Schamanen (HKLM-x32\...\Herr des Wetters: Auf der Spur des Schamanen) (Version: 0.0.0.0 - INTENIUM GmbH)
Hometown Poker Hero Sammleredition (HKLM-x32\...\Hometown Poker Hero Sammleredition) (Version: 0.0.0.0 - INTENIUM GmbH)
Imperial Island: Ursprung eines Imperiums (HKLM-x32\...\Imperial Island: Ursprung eines Imperiums) (Version: 1.0.0.0 - INTENIUM GmbH)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 4 (HKLM-x32\...\Jewel Match 4) (Version: 2.0.0.0 - INTENIUM GmbH)
Jo´s großer Traum 2: Das Café-Festival (HKLM-x32\...\Jo´s großer Traum 2: Das Café-Festival) (Version: 1.0.0.0 - INTENIUM GmbH)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Königliche Puzzle (HKLM-x32\...\Königliche Puzzle) (Version: 1.0.0.0 - INTENIUM GmbH)
Königliche Puzzle 2 (HKLM-x32\...\Königliche Puzzle 2) (Version: 2.0.0.0 - INTENIUM GmbH)
Legends of Solitaire: Der Fluch des Drachen (HKLM-x32\...\Legends of Solitaire: Der Fluch des Drachen) (Version: 1.0.0.0 - INTENIUM GmbH)
Legends of Solitaire: Die verlorenen Karten (HKLM-x32\...\Legends of Solitaire: Die verlorenen Karten) (Version: 1.0.0.0 - INTENIUM GmbH)
Magic Heroes: Der verzauberte Park (HKLM-x32\...\Magic Heroes: Der verzauberte Park) (Version: 2.0.0.0 - INTENIUM GmbH)
Mein Gartenparadies 2: Das Feenland XXL (HKLM-x32\...\Mein Gartenparadies 2: Das Feenland XXL) (Version: 1.0.0.0 - INTENIUM GmbH)
Meine Boutique (HKLM-x32\...\Meine Boutique) (Version: 0.0.0.0 - INTENIUM GmbH)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (FRA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Opera Stable 24.0.1558.64 (HKLM-x32\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Puzzle-Holiday: Valentinstag (HKLM-x32\...\Puzzle-Holiday: Valentinstag) (Version: 1.0.0.0 - INTENIUM GmbH)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Rätsel des Olymp: Olympus Griddlers (HKLM-x32\...\Rätsel des Olymp: Olympus Griddlers) (Version: 2.0.0.0 - INTENIUM GmbH)
Ritter Arthur 4 (HKLM-x32\...\Ritter Arthur 4) (Version: 1.0.0.0 - INTENIUM GmbH)
Ritter Arthur III (HKLM-x32\...\Ritter Arthur III) (Version: 1.0.0.0 - INTENIUM GmbH)
Schlag den Raab (HKLM-x32\...\Schlag den Raab) (Version: 1.0.0.0 - INTENIUM GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Settlers of the West: Abenteuer im Wilden Westen (HKLM-x32\...\Settlers of the West: Abenteuer im Wilden Westen) (Version: 2.0.0.0 - INTENIUM GmbH)
Shangri La 2: Das Tal der Worte (HKLM-x32\...\Shangri La 2: Das Tal der Worte) (Version: 0.0.0.0 - INTENIUM GmbH)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Solitaire Mystery: Die vier Jahreszeiten (HKLM-x32\...\Solitaire Mystery: Die vier Jahreszeiten) (Version: 1.0.0.0 - INTENIUM GmbH)
Sparkle Unleashed: Im Bann der Dunkelheit (HKLM-x32\...\Sparkle Unleashed: Im Bann der Dunkelheit) (Version: 0.0.0.0 - INTENIUM GmbH)
SpeedCommander 12 (HKLM-x32\...\SpeedCommander 12) (Version: 12 - SpeedProject)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.245 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Village Quest: Von Rittern und Rätseln (HKLM-x32\...\Village Quest: Von Rittern und Rätseln) (Version: 0.0.0.0 - INTENIUM GmbH)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wedding Salon (HKLM-x32\...\Wedding Salon) (Version: 1.0.0.0 - INTENIUM GmbH)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-10-2014 10:35:01 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4F3F3696-E97A-4509-A93A-7B77B31CC4A9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3133097954-3543690179-3637798621-1000
Task: {720E00B8-68C2-4B74-BB52-B29260BC4A1E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {856D90DA-5E17-4652-B8BF-2DE52CD2FAAD} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2014-01-28] (TuneUp Software)
Task: {85F3EB34-4F79-4AD8-BFB5-B1650AD0535E} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {92E718FB-2B6C-4484-93B2-5EC8A3818F2F} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {9B89519F-772F-4B50-8567-C4783B24DF07} - System32\Tasks\Opera scheduled Autoupdate 1392487835 => C:\Program Files (x86)\Opera\launcher.exe [2014-09-25] (Opera Software)
Task: {9EF41853-296D-4259-BE2D-B1E1D2D433AF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A2B59F6E-6008-469D-A0DD-A647FDED97EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {CC56AB9F-76DC-453C-B07A-1852AEEA3C8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-08] (Google Inc.)
Task: {ED274A92-FBB5-4550-94F9-944BF65BB4DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {F815ED6C-3E59-4F6B-A912-252646955D08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-15 23:14 - 2008-06-20 01:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-01-28 10:37 - 2014-01-28 10:37 - 00741176 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll
2014-09-27 09:13 - 2014-09-27 09:12 - 01372280 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
2014-09-17 13:31 - 2014-09-17 13:31 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-17 13:30 - 2014-09-17 13:30 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-25 12:07 - 2014-09-17 13:31 - 00052472 _____ () C:\Users\Marion\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-07 21:43 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2010-11-30 19:42 - 2010-11-30 19:42 - 00213208 _____ () C:\Program Files (x86)\Common Files\Acronis\DiskDirectorAdvanced\Common\events_trace.dll
2010-11-30 18:11 - 2010-11-30 18:11 - 00283256 _____ () C:\Program Files (x86)\Common Files\Acronis\DiskDirectorAdvanced\Common\fnls.dll
2010-11-30 18:12 - 2010-11-30 18:12 - 00424576 _____ () C:\Program Files (x86)\Common Files\Acronis\DiskDirectorAdvanced\Common\FileTrace.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-27 09:12 - 2014-09-27 09:12 - 00974968 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\ffmpegsumo.dll
2014-09-10 13:25 - 2014-09-10 21:46 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
2014-09-27 09:12 - 2014-09-27 09:12 - 01378936 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\libglesv2.dll
2014-09-27 09:12 - 2014-09-27 09:12 - 00182392 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Acronis Agent User (S-1-5-21-3133097954-3543690179-3637798621-1002 - Limited - Enabled) => C:\Users\Acronis Agent User
Administrator (S-1-5-21-3133097954-3543690179-3637798621-500 - Administrator - Disabled)
Gast (S-1-5-21-3133097954-3543690179-3637798621-501 - Limited - Disabled)
Marion (S-1-5-21-3133097954-3543690179-3637798621-1000 - Administrator - Enabled) => C:\Users\Marion

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2014 09:07:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 01:39:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 01:35:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 11.0.9.29, Zeitstempel: 0x5412b4b3
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000212b3
ID des fehlerhaften Prozesses: 0x2a70
Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0
Pfad der fehlerhaften Anwendung: AcroRd32.exe1
Pfad des fehlerhaften Moduls: AcroRd32.exe2
Berichtskennung: AcroRd32.exe3

Error: (10/02/2014 01:34:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 11.0.9.29, Zeitstempel: 0x5412b4b3
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000212b3
ID des fehlerhaften Prozesses: 0x29cc
Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0
Pfad der fehlerhaften Anwendung: AcroRd32.exe1
Pfad des fehlerhaften Moduls: AcroRd32.exe2
Berichtskennung: AcroRd32.exe3

Error: (10/02/2014 09:35:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 09:04:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2014 09:33:04 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
  Asynchroner Vorgang wird ausgeführt

Kontext:
  Aktueller Status: DoSnapshotSet

Error: (10/01/2014 09:33:04 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{80682bb8-9666-11e3-a33a-806e6f6e6963} - 0000000000000068,0x0053c010,0000000000469D00,0,0000000000468CF0,4096,[0]).


Vorgang:
  Schattenkopien werden übertragen

Kontext:
  Ausführungskontext: System Provider

Error: (10/01/2014 09:26:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2014 08:59:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DW20.EXE, Version: 14.0.7011.1000, Zeitstempel: 0x5136f959
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00180218
ID des fehlerhaften Prozesses: 0x3d80
Startzeit der fehlerhaften Anwendung: 0xDW20.EXE0
Pfad der fehlerhaften Anwendung: DW20.EXE1
Pfad des fehlerhaften Moduls: DW20.EXE2
Berichtskennung: DW20.EXE3


System errors:
=============
Error: (10/03/2014 10:28:43 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/03/2014 10:27:32 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/03/2014 10:25:23 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/03/2014 10:25:23 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/03/2014 10:25:23 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{62E2272D-8C50-4A19-A942-6EA421F41204} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (10/03/2014 09:45:24 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/03/2014 09:42:21 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/03/2014 09:24:06 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/03/2014 09:24:06 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/03/2014 09:24:06 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{62E2272D-8C50-4A19-A942-6EA421F41204} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.


Microsoft Office Sessions:
=========================
Error: (10/03/2014 09:07:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 01:39:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 01:35:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcroRd32.exe11.0.9.295412b4b3KERNELBASE.dll6.1.7601.1840953159a86c0000005000212b32a7001cfde34ef67ec20C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exeC:\Windows\syswow64\KERNELBASE.dll2d647c95-4a28-11e4-b59b-e03f491a4f5a

Error: (10/02/2014 01:34:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcroRd32.exe11.0.9.295412b4b3KERNELBASE.dll6.1.7601.1840953159a86c0000005000212b329cc01cfde34e5e2f451C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exeC:\Windows\syswow64\KERNELBASE.dll23e06f29-4a28-11e4-b59b-e03f491a4f5a

Error: (10/02/2014 09:35:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 09:04:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2014 09:33:04 PM) (Source: VSS) (EventID: 12298) (User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.


Vorgang:
  Asynchroner Vorgang wird ausgeführt

Kontext:
  Aktueller Status: DoSnapshotSet

Error: (10/01/2014 09:33:04 PM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{80682bb8-9666-11e3-a33a-806e6f6e6963} - 0000000000000068,0x0053c010,0000000000469D00,0,0000000000468CF0,4096,[0])

Vorgang:
  Schattenkopien werden übertragen

Kontext:
  Ausführungskontext: System Provider

Error: (10/01/2014 09:26:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2014 08:59:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DW20.EXE14.0.7011.10005136f959unknown0.0.0.000000000c0000005001802183d8001cfdda9bcc8f113C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXEunknown01b4f7b7-499d-11e4-ae2b-e03f491a4f5a


==================== Memory info ===========================

Processor: AMD A8-6600K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 34%
Total physical RAM: 7367.42 MB
Available physical RAM: 4813.64 MB
Total Pagefile: 14733.02 MB
Available Pagefile: 11512.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:100.39 GB) (Free:52.75 GB) NTFS
Drive d: (Reparaturdatenträger Windows 7 6) (CDROM) (Total:0.18 GB) (Free:0 GB) UDF
Drive f: (Programme) (Fixed) (Total:359.59 GB) (Free:348.86 GB) NTFS
Drive g: (Musik) (Fixed) (Total:359.62 GB) (Free:297.05 GB) NTFS
Drive h: (HDDRIVE2GO) (Fixed) (Total:931.51 GB) (Free:160.09 GB) NTFS
Drive i: (Datensicherung) (Fixed) (Total:100.53 GB) (Free:63.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6EA1E8E1)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=830.8 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=11 GB) - (Type=27)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: D4D4D464)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

deeprybka 03.10.2014 11:37
Hi,

Code:
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

Info

Mehrere Antivirusprogramme:
Ich habe in den Logs festgestellt, dass auf diesem Rechner mehr als ein Antivirusprogramm mit Echtzeitschutz installiert ist.
Das erzeugt antagonistische Effekte und vermindert dadurch die Schutzleistung.
Die Sicherheit wird damit nicht erhöht. Bitte deinstalliere einen der beiden Scanner.


Bitte poste mir vorher auch noch ein Log mit der Fundmeldung oder ein Screenshot davon.

Marion1604 03.10.2014 12:19
Kannst du mir bitte mal sagen wie ich hier einen Screenshot posten kann :)?

http://www.directupload.net/file/d/3...644oxr_gif.htm

deeprybka 03.10.2014 12:19
Hi,
mit dem SnippingTool von Windows ein Bild machen und anhängen.

http://www.trojaner-board.de/attachm...eroklammer.png

Marion1604 03.10.2014 12:19
Scan von Microsoft Essential

hxxp://www.directupload.net/file/d/3764/uj644oxr_gif.htm


Habe Microsoft Essential deinstalliert

deeprybka 03.10.2014 12:39
OK... :)

Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2

http://filepony.de/icon/malwarebytes_anti_malware.png Malwarebytes Antimalware
  • Download-Link
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 3

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Marion1604 03.10.2014 13:06
Den Adw-Cleaner hab ich durchsuchen und löschen lassen. Danach ist der Rechner neu gestartet, das problem ist nur daß sich nach dem Neustart keine Text-Datei geöffnet hat

deeprybka 03.10.2014 13:07
Code:
C:\AdwCleaner\AdwCleaner[Sx].txt
Hier mal schauen... ;)

Marion1604 03.10.2014 13:14
Das habe ich schon versucht, nur finde ich die angegebene Datei nicht

deeprybka 03.10.2014 13:20
Weiter mit Schritt 2... ;)

Marion1604 03.10.2014 13:37
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 03.10.2014
Suchlauf-Zeit: 14:15:09
Logdatei:
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.10.03.03
Rootkit Datenbank: v2014.09.19.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Marion

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 342403
Verstrichene Zeit: 11 Min, 13 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\Service\ttsvc.exe, 2368, Löschen bei Neustart, [dfa67d7296e5c96d26f88789e81bce32]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 48
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\CLASSES\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [8104905f7209a1959560533f47bbba46],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\CLASSES\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D}\INPROCSERVER32, In Quarantäne, [8104905f7209a1959560533f47bbba46],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [8104905f7209a1959560533f47bbba46],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}, In Quarantäne, [8104905f7209a1959560533f47bbba46],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3DD26F46-6B41-49B2-878E-1883411BBB59}, In Quarantäne, [8104905f7209a1959560533f47bbba46],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3DD26F46-6B41-49B2-878E-1883411BBB59}, In Quarantäne, [8104905f7209a1959560533f47bbba46],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}, In Quarantäne, [8104905f7209a1959560533f47bbba46],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [8104905f7209a1959560533f47bbba46],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [8104905f7209a1959560533f47bbba46],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [8104905f7209a1959560533f47bbba46],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [8104905f7209a1959560533f47bbba46],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [3055f7f8e3984cea5e68b61741c1de22],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, In Quarantäne, [98eda04f5a212f073de5ddf4ab57f20e],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Löschen bei Neustart, [fa8bd6197209d066fd22d100c1417090],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3133097954-3543690179-3637798621-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Löschen bei Neustart, [fa8bd6197209d066fd22d100c1417090],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [fa8bd6197209d066fd22d100c1417090],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [b6cfe40b9fdca88ec923e3eae919857b],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [384dca25077487af509db01d679be51b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [483de807e09bfa3cbffca9ef3dc52cd4],
PUP.Optional.WindowsProtectManger.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsMangerProtect, In Quarantäne, [a0e528c77b00d0664745e8ccf50ca45c],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TermTutor, In Quarantäne, [dfa67d7296e5c96d26f88789e81bce32],
PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ttsvc, In Quarantäne, [dfa67d7296e5c96d26f88789e81bce32],
PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ttnfd, In Quarantäne, [374e42adc9b249eda77ad33d6f9417e9],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64, In Quarantäne, [9fe6a748cdae3ff701b9799f52b12bd5],
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UNINS000.EXE, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UNINS000.EXE, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean Pro_is1, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean-Pro_is1, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [760f737cc8b372c4d781e45f27dc7090],
PUP.Optional.SnipSmart.A, HKLM\SOFTWARE\WOW6432NODE\snipsmart, In Quarantäne, [ed9816d9c5b6ae882b54e9274eb5867a],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [b1d411dee09bb4829730d0a87e862bd5],
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\Advanced-System Protector, In Quarantäne, [6e17ad425c1f75c1d084d33f808327d9],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, In Quarantäne, [7411ec03dc9f2b0bbf0e3ede5fa41fe1],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [c0c5628d3c3f7eb83aeba27b0ef5e818],
PUP.Optional.SnipSmart.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\snipsmart, Löschen bei Neustart, [f095f4fbe3987fb70d732de36c973dc3],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\SupHpUISoft, Löschen bei Neustart, [7d0849a68af1340250160e0650b3cb35],
PUP.Optional.AlexaTB.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\DISTROMATIC\Toolbars, Löschen bei Neustart, [3c49c728cead50e61128aab5e91b2cd4],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\INSTALLCORE\1I1T1Q1S, Löschen bei Neustart, [91f4f6f9e398cf67bba970d2e91a2ed2],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\INSTALLCORE, Löschen bei Neustart, [bacb04ebd5a68caa912f094fba4a32ce],
PUP.Optional.Qone8, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Löschen bei Neustart, [1174826df48796a066f2e3814db71ee2],
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\SMARTBAR, Löschen bei Neustart, [374ec32c4437aa8c2014b8c2a85cd22e],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\SOFTONIC\Universal Downloader, Löschen bei Neustart, [51345a9577042f07f6a9d1605ca7af51],
PUP.Optional.AdvancedSystemProtector.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\SYSTWEAK\Advanced-System Protector, Löschen bei Neustart, [7b0aa54a522942f45104f022ec1707f9],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\SYSTWEAK\RegClean Pro, Löschen bei Neustart, [196c07e890ebb482a8bb68f661a30bf5],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\SYSTWEAK\ssd, Löschen bei Neustart, [a5e0935c057667cf2103a57834cf26da],

Registrierungswerte: 7
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [e89df9f6512a1125391539d810f3a15f]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [a3e24ca3c8b30f27b79747caec176a96]
PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD|ImagePath, system32\drivers\ttnfd.sys, In Quarantäne, [d4b159965c1fe650f72ba16f53b0f20e]
PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTSVC|ImagePath, "C:\Program Files (x86)\TermTutor\Service\ttsvc.exe", In Quarantäne, [abda608fb6c548ee88971ff1da2956aa]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\INSTALLCORE|tb, 0R2Y1I1P1N0J1U1C, Löschen bei Neustart, [bacb04ebd5a68caa912f094fba4a32ce]
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\SMARTBAR|publisher, ShoppingHelper, Löschen bei Neustart, [374ec32c4437aa8c2014b8c2a85cd22e]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3133097954-3543690179-3637798621-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Löschen bei Neustart, [7114c62985f6cb6b49bc9f7cae5534cc]

Registrierungsdaten: 18
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe sweet-page, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe sweet-page,[c8bd628dabd0280e71f4ee24a36257a9]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[4f366c835427bf77c43c40d228dd28d8]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe sweet-page, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe sweet-page,[394c3cb3f784241267fe1bf78580916f]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[e79e935cc0bb2214ab5555bd18ed956b]
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8D&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8D&q={searchTerms}),Ersetzt,[8500d31c4b305ed836dafe0a8f76ea16]
PUP.Optional.Snapdo, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8E&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8E&q={searchTerms}),Löschen bei Neustart,[4d38fcf39ae1b77fb9b9c34e2fd632ce]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, sweet-page, Gut: (Google), Schlecht: (sweet-page bei Neustart,[0382eb043249b97d74ef9f73759022de]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, sweet-page, Gut: (Google), Schlecht: (sweet-page bei Neustart,[1273ec03bcbf181eee74e52dca3ba858]
PUP.Optional.Snapdo, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8E&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8E&q={searchTerms}),Löschen bei Neustart,[7015856a6318ce6889e8a36ef0157090]
PUP.Optional.Snapdo, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8E&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8E&q={searchTerms}),Löschen bei Neustart,[3550da15502b93a3e58fa26f729351af]
PUP.Optional.Snapdo, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8E&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8E&q={searchTerms}),Löschen bei Neustart,[7c0930bf3e3d979f91e4a071986d46ba]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8E&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8E&q={searchTerms}),Löschen bei Neustart,[c2c34ba4166563d3c24ffb0d01045ea2]
PUP.Optional.Snapdo, HKU\S-1-5-21-3133097954-3543690179-3637798621-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, Search, Gut: (Google), Schlecht: (Search bei Neustart,[c0c5707fb8c34de9294aaf62c63f22de]
PUP.Optional.Snapdo, HKU\S-1-5-21-3133097954-3543690179-3637798621-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8D&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8D&q={searchTerms}),Löschen bei Neustart,[1f66cb2432496dc9b7ba5db4fd08f20e]
PUP.Optional.Snapdo, HKU\S-1-5-21-3133097954-3543690179-3637798621-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8D&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8D&q={searchTerms}),Löschen bei Neustart,[b1d45b942457af87ed8526ebd23347b9]
PUP.Optional.Snapdo, HKU\S-1-5-21-3133097954-3543690179-3637798621-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8D&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8D&q={searchTerms}),Löschen bei Neustart,[1f662ac5f3888ea81a5ada3726df39c7]
PUP.Optional.Snapdo, HKU\S-1-5-21-3133097954-3543690179-3637798621-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8D&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8D&q={searchTerms}),Löschen bei Neustart,[64213db2710a89add3a278990ef77c84]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3133097954-3543690179-3637798621-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8D&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMARHotF8wUN9R0pSfDkxYBWbZcpKyBApVw66E0Q3PMXqFzbCsF1GTh29itQutrYWtInEi3pLzRXC9Fd5B3XMdscL-Q1q1CG2Nls4zTLtlhNIwuSF6kmrs9zaRUtZIv8D&q={searchTerms}),Löschen bei Neustart,[c3c233bc3a413ef8fa173cccee1718e8]

Ordner: 26
PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor, Löschen bei Neustart, [dfa67d7296e5c96d26f88789e81bce32],
PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\3rd Party Licenses, In Quarantäne, [dfa67d7296e5c96d26f88789e81bce32],
PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\IE, In Quarantäne, [dfa67d7296e5c96d26f88789e81bce32],
PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\Service, Löschen bei Neustart, [dfa67d7296e5c96d26f88789e81bce32],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro, In Quarantäne, [7f066b841e5d0a2c552a2efc3ac9fc04],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
Rogue.Multiple, C:\ProgramData\374311380, In Quarantäne, [dfa60be4e19af0469fdadcf5659df60a],
PUP.Optional.Iminent.A, C:\Program Files (x86)\IminentToolbar, In Quarantäne, [e0a5d11e86f595a1cb43548d47bb37c9],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\de, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [d6af5996a3d883b307208e6b976b7c84],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [d6af5996a3d883b307208e6b976b7c84],
PUP.Optional.Boost.A, C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn, In Quarantäne, [3f46d21db2c90f271d0511e9c33fc23e],
PUP.Optional.Boost.A, C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn\3.0.0.10_0, In Quarantäne, [3f46d21db2c90f271d0511e9c33fc23e],
PUP.Optional.BrowserSafeGuard, C:\Users\Marion\AppData\Local\BrowserSafeguard, In Quarantäne, [dda80ce388f3ba7c6f4018ea61a27f81],
PUP.Optional.BrowserSafeGuard, C:\Users\Marion\AppData\Local\BrowserSafeguard\Resources, In Quarantäne, [dda80ce388f3ba7c6f4018ea61a27f81],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector, In Quarantäne, [6e175d924e2dc274e1ab9f656b98ac54],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures, In Quarantäne, [6e175d924e2dc274e1ab9f656b98ac54],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Marion\AppData\Roaming\Systweak\Advanced-System Protector, In Quarantäne, [fd88c629d0abcb6bf29abb4906fdf709],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Marion\AppData\Roaming\Systweak\Advanced-System Protector\2.1.1000.13727, In Quarantäne, [fd88c629d0abcb6bf29abb4906fdf709],

Dateien: 188
PUP.Optional.TermTutor.A, C:\Windows\System32\drivers\ttnfd.sys, Löschen bei Neustart, [4501e093b242532c5b677dc52614d6eb],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64.sys, Löschen bei Neustart, [f3f99a5881b34d8f15235dead22528c6],
PUP.Optional.TermTutor.A, C:\Program Files\TermTutor\IE\TermTutorClientIE.dll, In Quarantäne, [8104905f7209a1959560533f47bbba46],
PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\IE\TermTutorClientIE.dll, In Quarantäne, [8104905f7209a1959560533f47bbba46],
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, In Quarantäne, [a0e528c77b00d0664745e8ccf50ca45c],
PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\sasnative64.exe, In Quarantäne, [2c5914db463547efd5a1a10eb54cdb25],
PUP.Optional.InstalLCore, C:\Users\Marion\AppData\Local\Temp\is1242154493\16755580_stp.EXE, In Quarantäne, [aadb6986f586a78fbdcb4ba9d62ec937],
PUP.Optional.InstalLCore, C:\Users\Marion\AppData\Local\Temp\is1242154493\423211_stp.EXE, In Quarantäne, [e1a415da631872c40b7d2dc7d92bd030],
PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\terms-of-service.rtf, In Quarantäne, [dfa67d7296e5c96d26f88789e81bce32],
PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\Uninstall.exe, In Quarantäne, [dfa67d7296e5c96d26f88789e81bce32],
PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\3rd Party Licenses\buildcrx-license.txt, In Quarantäne, [dfa67d7296e5c96d26f88789e81bce32],
PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\3rd Party Licenses\Info-ZIP-license.txt, In Quarantäne, [dfa67d7296e5c96d26f88789e81bce32],
PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\3rd Party Licenses\nsJSON-license.txt, In Quarantäne, [dfa67d7296e5c96d26f88789e81bce32],
PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\3rd Party Licenses\UAC-license.txt, In Quarantäne, [dfa67d7296e5c96d26f88789e81bce32],
PUP.Optional.TermTutor.A, C:\Program Files (x86)\TermTutor\Service\ttsvc.exe, Löschen bei Neustart, [dfa67d7296e5c96d26f88789e81bce32],
PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\Tasks\Advanced-System Protector_startup, In Quarantäne, [0283b6393645c17576509a781ce72ed2],
PUP.Optional.AdvancedSystemProtector, C:\Users\Public\Desktop\Advanced-System Protector.lnk, In Quarantäne, [1e67cc2389f2c076064af61df70cfe02],
PUP.Optional.RegCleanerPro, C:\Users\Public\Desktop\RegClean Pro.lnk, In Quarantäne, [5431fcf31a6145f13939d73e0af94bb5],
PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\RegClean Pro, In Quarantäne, [582d7877b8c3a78fcba9b85d4ab958a8],
PUP.Optional.RegCleanPro.A, C:\Windows\System32\Tasks\RegClean Pro_DEFAULT, In Quarantäne, [0d78d916bfbc74c2b209bb64b152ca36],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk, In Quarantäne, [7f066b841e5d0a2c552a2efc3ac9fc04],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro entfernen.lnk, In Quarantäne, [7f066b841e5d0a2c552a2efc3ac9fc04],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk, In Quarantäne, [7f066b841e5d0a2c552a2efc3ac9fc04],
PUP.Optional.RegCleanerPro.J, C:\Windows\Tasks\RegClean Pro_UPDATES.job, In Quarantäne, [2d58905f6e0de94dc0f7fd475da660a0],
PUP.Optional.RegCleanPro.A, C:\Windows\Tasks\RegClean Pro_DEFAULT.job, In Quarantäne, [e4a16b842f4ceb4b8ad6fe5923e1f20e],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe.config, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\norwegian_asp_NO.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AppResource.dll, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\asp.ico, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AspManager.exe, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\aspsys.dll, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\ASPUninstall.exe, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\categories.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Chinese_asp_ZH-CN.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Chinese_uninst.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\danish_asp_DA.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Danish_uninst.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\dutch_asp_NL.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Dutch_uninst.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\eng_asp_en.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\eng_uninst.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\filetypehelper.exe, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Finnish_asp_FI.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Finnish_uninst_fi.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\french_asp_FR.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\French_uninst.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\german_asp_DE.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\German_uninst.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Norwegian_uninst.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\polish_uninst_pl.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\portugese_uninst_pt.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\portuguese_asp_PT-BR.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Portuguese_uninst.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\russian_asp_ru.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\russian_uninst_ru.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\scandll.dll, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\spanish_asp_ES.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\spanish_uninst.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\swedish_asp_SV.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\swedish_uninst.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\greek_uninst_el.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Interop.IWshRuntimeLibrary.dll, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\italian_asp_IT.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Italian_uninst.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\japanese_asp_JA.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Japanese_uninst.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\korean_uninst_ko.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\loading_withWhiteBG.avi, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Microsoft.Win32.TaskScheduler.DLL, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\System.Core.dll, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\System.Data.SQLite.dll, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\TPS.ico, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\traditionalcn_uninst_zh-tw.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Turkish_uninst_tr.ini, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unins000.dat, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unins000.exe, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unins000.msg, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unrar.dll, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.Compression.dll, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.Compression.Formats.dll, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.FileSystem.dll, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.Zip.dll, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack\clamscan.exe, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack\libclamav.dll, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack\readme.txt, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.com, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.exe, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.pif, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.scr, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\ASP-Troubleshooter.chm, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\firefox.com, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\iexplore.exe, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\iexplore.lnk, In Quarantäne, [c4c1ac437506d95d45bd67142ada02fe],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Chinese_rcp.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\FileList.rcp, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Chinese_uninst.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\CleanSchedule.exe, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Danish_rcp.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Danish_uninst.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Dutch_rcp.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Dutch_uninst.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\eng_rcp.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\eng_uninst.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Japanese_rcp.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Japanese_uninst.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\korean_rcp_ko.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\korean_uninst_ko.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\LicMgr.dll, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Norwegian_rcp.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Norwegian_uninst.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\polish_rcp_pl.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\polish_uninst_pl.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\portugese_rcp_pt.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\portugese_uninst_pt.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Portuguese_rcp.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Portuguese_uninst.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\RCPUninstall.exe, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Finnish_rcp_fi.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Finnish_uninst_fi.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\French_rcp.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\French_uninst.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\German_rcp.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\German_uninst.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\greek_rcp_el.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\greek_uninst_el.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\install_left_image.bmp, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\isxdl.dll, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Italian_rcp.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Italian_uninst.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\RegCleanPro.exe, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\RegList.rcp, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\russian_rcp_ru.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\russian_uninst_ru.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Spanish_rcp.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\spanish_uninst.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Swedish_rcp.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\swedish_uninst.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\systweakasp.exe, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\TPS.ico, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\TraditionalCn_rcp_zh-tw.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\traditionalcn_uninst_zh-tw.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\turkish_rcp_tr.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Turkish_uninst_tr.ini, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\unins000.dat, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\unins000.exe, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\unins000.msg, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\xmllite.dll, In Quarantäne, [285de10ea3d8d36355af7dfe2dd7d42c],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup0.bin, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup3.bin, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup4.bin, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup6.bin, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\German_rcp.dat, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_10-03-2014.log, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\rcpupdate.ini, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rmx, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rxb, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.RegCleanerPro.A, C:\Users\Marion\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\de\voice.wav, In Quarantäne, [463f1fd05328ac8a167d12cfac56b54b],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [d6af5996a3d883b307208e6b976b7c84],
PUP.Optional.Boost.A, C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn\3.0.0.10_0\background.html, In Quarantäne, [3f46d21db2c90f271d0511e9c33fc23e],
PUP.Optional.Boost.A, C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn\3.0.0.10_0\background.js, In Quarantäne, [3f46d21db2c90f271d0511e9c33fc23e],
PUP.Optional.Boost.A, C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn\3.0.0.10_0\icon128.png, In Quarantäne, [3f46d21db2c90f271d0511e9c33fc23e],
PUP.Optional.Boost.A, C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn\3.0.0.10_0\icon16.png, In Quarantäne, [3f46d21db2c90f271d0511e9c33fc23e],
PUP.Optional.Boost.A, C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn\3.0.0.10_0\icon48.png, In Quarantäne, [3f46d21db2c90f271d0511e9c33fc23e],
PUP.Optional.Boost.A, C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn\3.0.0.10_0\jigsaw.js, In Quarantäne, [3f46d21db2c90f271d0511e9c33fc23e],
PUP.Optional.Boost.A, C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn\3.0.0.10_0\jquery.js, In Quarantäne, [3f46d21db2c90f271d0511e9c33fc23e],
PUP.Optional.Boost.A, C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn\3.0.0.10_0\manifest.json, In Quarantäne, [3f46d21db2c90f271d0511e9c33fc23e],
PUP.Optional.BrowserSafeGuard, C:\Users\Marion\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe, In Quarantäne, [dda80ce388f3ba7c6f4018ea61a27f81],
PUP.Optional.BrowserSafeGuard, C:\Users\Marion\AppData\Local\BrowserSafeguard\makecert.exe, In Quarantäne, [dda80ce388f3ba7c6f4018ea61a27f81],
PUP.Optional.BrowserSafeGuard, C:\Users\Marion\AppData\Local\BrowserSafeguard\TrustedRoot.cer, In Quarantäne, [dda80ce388f3ba7c6f4018ea61a27f81],
PUP.Optional.BrowserSafeGuard, C:\Users\Marion\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe, In Quarantäne, [dda80ce388f3ba7c6f4018ea61a27f81],
PUP.Optional.BrowserSafeGuard, C:\Users\Marion\AppData\Local\BrowserSafeguard\Resources\certutil.exe, In Quarantäne, [dda80ce388f3ba7c6f4018ea61a27f81],
PUP.Optional.BrowserSafeGuard, C:\Users\Marion\AppData\Local\BrowserSafeguard\Resources\libnspr4.dll, In Quarantäne, [dda80ce388f3ba7c6f4018ea61a27f81],
PUP.Optional.BrowserSafeGuard, C:\Users\Marion\AppData\Local\BrowserSafeguard\Resources\libplc4.dll, In Quarantäne, [dda80ce388f3ba7c6f4018ea61a27f81],
PUP.Optional.BrowserSafeGuard, C:\Users\Marion\AppData\Local\BrowserSafeguard\Resources\libplds4.dll, In Quarantäne, [dda80ce388f3ba7c6f4018ea61a27f81],
PUP.Optional.BrowserSafeGuard, C:\Users\Marion\AppData\Local\BrowserSafeguard\Resources\nss3.dll, In Quarantäne, [dda80ce388f3ba7c6f4018ea61a27f81],
PUP.Optional.BrowserSafeGuard, C:\Users\Marion\AppData\Local\BrowserSafeguard\Resources\smime3.dll, In Quarantäne, [dda80ce388f3ba7c6f4018ea61a27f81],
PUP.Optional.BrowserSafeGuard, C:\Users\Marion\AppData\Local\BrowserSafeguard\Resources\softokn3.dll, In Quarantäne, [dda80ce388f3ba7c6f4018ea61a27f81],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\AddonSafelist, In Quarantäne, [6e175d924e2dc274e1ab9f656b98ac54],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\log.xslt, In Quarantäne, [6e175d924e2dc274e1ab9f656b98ac54],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Marion\AppData\Roaming\Systweak\Advanced-System Protector\Settings.db, In Quarantäne, [fd88c629d0abcb6bf29abb4906fdf709],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Marion\AppData\Roaming\Systweak\Advanced-System Protector\2.1.1000.13727\ASPLog.txt, In Quarantäne, [fd88c629d0abcb6bf29abb4906fdf709],
PUP.Optional.SweetPage.A, C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.sweet-page.com/?type=hp&ts=1412337400&from=cor&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S725322953229",), Ersetzt,[7b0a7b746c0f2b0bd4005de9b25355ab]
PUP.Optional.SweetPage.A, C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "search_url": "hxxp://www.sweet-page.com/web/?type=ds&ts=1412337400&from=cor&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S725322953229&q={searchTerms}"), Ersetzt,[8ef70ae5b2c959dd24b249fd13f2847c]
PUP.Optional.SweetPage.A, C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.sweet-page.com/?type=hp&ts=1412337400&from=cor&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S725322953229" ],), Ersetzt,[3a4ba44b3a410d295e7953f3bd487789]

Physische Sektoren: 0
(No malicious items detected)


(end)


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Marion (administrator) on MARION-PC on 03-10-2014 14:36:20
Running from C:\Users\Marion\Desktop
Loaded Profile: Marion (Available profiles: Marion & Acronis Agent User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Hama GmbH & Co KG) C:\Program Files (x86)\Hama\Common\RaUI.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
() C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [383248 2010-11-30] (Acronis)
HKLM\...\Run: [accessibility_api] => C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe [175616 2013-03-07] (American Megatrends, Inc)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [accessibility_api] => C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe [175616 2013-03-07] (American Megatrends, Inc)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\RunOnce: [queue] => C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe [171520 2013-06-10] (Faronics Corporation)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\MountPoints2: {9116d1a0-cc3a-11e3-bd1f-e03f491a4f5a} - I:\pushinst.exe
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Winlogon: [Shell] C:\Program Files\Canon\MyPrinter\PL\32bit\app_bar\configuration.exe,explorer.exe <==== ATTENTION
IFEO\cnqmmain.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\efficientstickynotes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files (x86)\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Sticky Notes.lnk
ShortcutTarget: Efficient Sticky Notes.lnk -> C:\Program Files (x86)\Efficient Sticky Notes\EfficientStickyNotes.exe (Efficient Software)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {E79E229F-F9AA-403C-9DCB-5BBD1D0B82B0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
CHR Extension: (Avira Browser Safety) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]
CHR Extension: (Google Wallet) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe sweet-page

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [1914768 2010-11-30] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
S2 click; C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\privilege\basal_metabolic_rate.exe [175616 2014-05-14] (American Megatrends, Inc) [File not signed]
S2 DMS; C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe [4638352 2010-11-30] (Acronis)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
S1 axnsraer; \??\C:\Windows\system32\drivers\axnsraer.sys [X]
S1 ddoiigbx; \??\C:\Windows\system32\drivers\ddoiigbx.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S1 fsmsnfwt; \??\C:\Windows\system32\drivers\fsmsnfwt.sys [X]
S1 ihnucalu; \??\C:\Windows\system32\drivers\ihnucalu.sys [X]
S1 itcwrofb; \??\C:\Windows\system32\drivers\itcwrofb.sys [X]
S1 jmkcmoxh; \??\C:\Windows\system32\drivers\jmkcmoxh.sys [X]
S1 lacwkzcs; \??\C:\Windows\system32\drivers\lacwkzcs.sys [X]
S1 lfjdnuqm; \??\C:\Windows\system32\drivers\lfjdnuqm.sys [X]
S1 nesesnma; \??\C:\Windows\system32\drivers\nesesnma.sys [X]
S1 nmwtxjbn; \??\C:\Windows\system32\drivers\nmwtxjbn.sys [X]
S1 nqhqxrbj; \??\C:\Windows\system32\drivers\nqhqxrbj.sys [X]
S1 ohryqmkp; \??\C:\Windows\system32\drivers\ohryqmkp.sys [X]
S1 pqtxhguf; \??\C:\Windows\system32\drivers\pqtxhguf.sys [X]
S1 rciklfqv; \??\C:\Windows\system32\drivers\rciklfqv.sys [X]
S1 rhjxtslu; \??\C:\Windows\system32\drivers\rhjxtslu.sys [X]
S1 tvmeatie; \??\C:\Windows\system32\drivers\tvmeatie.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 14:08 - 2014-10-03 14:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 14:07 - 2014-10-03 14:07 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-03 14:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-03 14:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-03 14:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-03 14:06 - 2014-10-03 14:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marion\Desktop\mbam-setup-2.0.2.1012.exe
2014-10-03 13:49 - 2014-10-03 14:29 - 00064522 _____ () C:\Windows\PFRO.log
2014-10-03 13:46 - 2014-10-03 13:46 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\1H1Q
2014-10-03 13:45 - 2014-10-03 14:27 - 00000000 ____D () C:\ProgramData\Systweak
2014-10-03 13:45 - 2014-10-03 13:56 - 00001157 _____ () C:\Users\Public\Desktop\FileOpener.lnk
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\Program Files\TermTutor
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\Program Files (x86)\Tweaks
2014-10-03 13:44 - 2014-10-03 13:44 - 00716656 _____ ( ) C:\Users\Marion\Desktop\FileOpenerSetup.exe
2014-10-03 10:28 - 2014-10-03 14:36 - 00018352 _____ () C:\Users\Marion\Desktop\FRST.txt
2014-10-03 10:28 - 2014-10-03 14:36 - 00000000 ____D () C:\FRST
2014-10-03 10:27 - 2014-10-03 10:27 - 02109440 _____ (Farbar) C:\Users\Marion\Desktop\FRST64.exe
2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\VisualShape
2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\ProgramData\VisualShape
2014-10-03 09:52 - 2014-10-03 09:52 - 00001023 _____ () C:\Users\Public\Desktop\Farm to Fork Sammleredition.lnk
2014-10-03 09:06 - 2014-10-03 14:29 - 00000224 _____ () C:\Windows\setupact.log
2014-10-03 09:06 - 2014-10-03 09:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-01 10:53 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:53 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:45 - 2014-09-30 17:45 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\10tons
2014-09-29 11:20 - 2014-10-01 11:40 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Dfsntdevjq
2014-09-27 15:20 - 2014-09-29 11:20 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Owuu
2014-09-27 11:58 - 2014-09-27 11:56 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-27 11:56 - 2014-09-27 11:56 - 00002025 _____ () C:\Users\Marion\Desktop\Avira Free Antivirus starten.lnk
2014-09-27 11:56 - 2014-09-27 11:56 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Avira
2014-09-27 11:55 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-27 11:55 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-27 11:55 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-27 11:41 - 2014-09-27 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-27 09:19 - 2014-09-27 15:20 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Mdffocmx
2014-09-27 09:09 - 2014-09-29 11:34 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Rtpzgejllg
2014-09-26 17:49 - 2014-09-27 09:19 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Psny
2014-09-26 08:43 - 2014-09-26 23:15 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Ydllnepc
2014-09-26 08:29 - 2014-09-26 17:49 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Rqhcinlpl
2014-09-25 19:46 - 2014-09-25 19:46 - 00000975 _____ () C:\Users\Public\Desktop\Königliche Puzzle 2.lnk
2014-09-25 19:45 - 2014-09-25 19:45 - 00000967 _____ () C:\Users\Public\Desktop\Königliche Puzzle.lnk
2014-09-25 19:27 - 2014-09-25 19:27 - 00001031 _____ () C:\Users\Public\Desktop\Puzzle-Holiday Valentinstag.lnk
2014-09-25 18:55 - 2014-09-25 18:56 - 00000000 ____D () C:\Users\Marion\Desktop\Programme
2014-09-25 12:03 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-25 12:03 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-25 12:03 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-25 12:03 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-25 11:51 - 2014-09-25 11:50 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-25 11:50 - 2014-09-25 11:50 - 00000000 ____D () C:\Program Files\Java
2014-09-25 10:52 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-09-25 10:49 - 2014-10-03 13:23 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-25 10:42 - 2014-09-25 10:42 - 00004030 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-25 10:41 - 2014-10-03 14:27 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Systweak
2014-09-25 10:41 - 2014-10-03 13:56 - 00002376 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-25 10:41 - 2014-08-29 17:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-09-25 10:29 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-25 10:29 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-25 10:29 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-25 10:29 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-25 10:29 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-25 10:29 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-25 10:29 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-25 10:29 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-25 10:29 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-25 10:29 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-25 10:29 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-25 10:29 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-25 10:29 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-25 10:29 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-25 10:29 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-25 10:29 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-25 10:28 - 2014-09-25 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-25 10:28 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-25 10:28 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-25 10:28 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-09-25 10:28 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-25 10:28 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-25 10:27 - 2014-09-25 10:27 - 00007605 _____ () C:\Users\Marion\AppData\Local\Resmon.ResmonCfg
2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-25 10:26 - 2014-09-25 10:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-09-25 10:25 - 2014-09-25 10:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2014-09-25 10:12 - 2014-09-27 12:13 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-25 10:12 - 2014-09-25 10:12 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-25 09:43 - 2014-09-25 11:13 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Obfii
2014-09-25 09:32 - 2014-10-03 14:31 - 00000000 ____D () C:\ProgramData\evg
2014-09-25 09:31 - 2014-09-25 09:31 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Xggt
2014-09-24 09:37 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:37 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 10:36 - 2014-09-16 10:36 - 00001039 _____ () C:\Users\Public\Desktop\Gizmos - Rätsel des Universums.lnk
2014-09-16 10:36 - 2014-09-16 10:36 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Western Software Technologies
2014-09-12 00:29 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:29 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 00:29 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:29 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:29 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:29 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:29 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:29 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:29 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:29 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:29 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:29 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:29 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:29 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:29 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:29 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 00:29 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:29 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:29 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 00:29 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:29 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 00:29 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:29 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:29 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 00:29 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 00:29 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:29 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 00:29 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 00:29 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 00:29 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 00:29 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:29 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:29 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:29 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:29 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 00:29 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 00:29 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 00:29 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:29 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 00:29 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 00:29 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:29 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:29 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 00:29 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 00:29 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:29 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 00:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 00:28 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:28 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 00:22 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 00:22 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 21:21 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 21:21 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 21:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 21:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 21:21 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 21:21 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 21:21 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 21:21 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 21:21 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 21:21 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 21:21 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-08 08:34 - 2014-10-03 14:29 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 08:34 - 2014-10-03 13:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 08:34 - 2014-09-27 11:42 - 00004116 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-08 08:34 - 2014-09-27 11:42 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-08 08:34 - 2014-09-08 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-07 21:43 - 2014-09-25 11:24 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-07 21:43 - 2014-09-07 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-09-07 21:39 - 2014-09-25 11:24 - 00000000 ____D () C:\Program Files (x86)\Yahoo!

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 14:36 - 2014-02-15 19:35 - 01295060 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 14:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 14:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2014-10-03 14:25 - 2014-02-15 21:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 14:07 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 14:07 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 13:56 - 2014-02-15 19:58 - 00001640 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-03 10:25 - 2014-02-15 20:28 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Skype
2014-10-03 10:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-03 09:53 - 2014-02-20 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
2014-10-02 20:17 - 2014-02-15 20:03 - 00000000 ____D () C:\Users\Marion\AppData\Local\CrashDumps
2014-10-02 13:57 - 2014-06-02 11:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-10-02 13:34 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Adobe
2014-10-02 09:16 - 2014-02-21 21:35 - 00000000 ____D () C:\Users\Marion\Desktop\Spiele
2014-09-29 19:55 - 2014-02-15 21:23 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\vlc
2014-09-29 13:13 - 2014-08-10 20:12 - 00000000 ____D () C:\Users\Marion\Documents\8floor
2014-09-27 12:26 - 2014-02-15 23:24 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-09-27 12:25 - 2014-02-15 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-09-27 11:55 - 2014-02-23 00:08 - 00000000 ____D () C:\ProgramData\Avira
2014-09-27 11:55 - 2014-02-23 00:08 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-27 11:41 - 2014-08-05 09:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-27 11:04 - 2014-02-15 23:16 - 00001185 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-27 09:13 - 2014-06-04 09:10 - 00003854 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1392487835
2014-09-27 09:13 - 2014-02-15 20:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-26 12:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 18:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-25 16:31 - 2014-02-15 23:42 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-09-25 11:36 - 2014-02-24 21:59 - 00000000 ____D () C:\Users\Marion\Documents\EfficientPIM AutoBackup
2014-09-25 11:36 - 2014-02-16 00:56 - 00598016 _____ () C:\Users\Marion\Documents\MyStickyNotes.esn
2014-09-25 11:13 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Local\VirtualStore
2014-09-25 10:32 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-25 10:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-25 10:15 - 2014-02-15 23:16 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\TeamViewer
2014-09-25 10:15 - 2013-11-19 11:32 - 00000000 ____D () C:\Windows\Panther
2014-09-24 19:25 - 2014-02-15 21:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 19:25 - 2014-02-15 21:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 19:25 - 2014-02-15 21:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 09:35 - 2014-02-15 21:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-23 09:33 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-20 09:09 - 2014-02-21 10:34 - 00000000 ____D () C:\Users\Acronis Agent User\AppData\Local\CrashDumps
2014-09-18 09:41 - 2014-02-15 20:28 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 10:05 - 2014-08-18 18:24 - 00000000 ____D () C:\Users\Marion\Documents\Outlook-Dateien
2014-09-12 00:28 - 2014-02-15 21:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 00:28 - 2013-11-19 11:37 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 00:28 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 00:28 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 00:28 - 2009-07-14 07:13 - 01592628 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 00:27 - 2014-02-18 10:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 00:22 - 2014-05-06 23:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 21:46 - 2014-02-15 21:08 - 00000000 ____D () C:\Users\Marion\AppData\Local\Adobe
2014-09-08 08:47 - 2014-02-15 21:09 - 00000000 ____D () C:\Users\Marion\AppData\Local\Google
2014-09-08 08:34 - 2014-02-15 21:09 - 00000000 ____D () C:\Program Files (x86)\Google

Some content of TEMP:
====================
C:\Users\Marion\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 12:35

==================== End Of Log ============================
--- --- ---

--- --- ---

Marion1604 03.10.2014 13:42
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Marion (administrator) on MARION-PC on 03-10-2014 14:37:00
Running from C:\Users\Marion\Desktop
Loaded Profile: Marion (Available profiles: Marion & Acronis Agent User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Hama GmbH & Co KG) C:\Program Files (x86)\Hama\Common\RaUI.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
() C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [383248 2010-11-30] (Acronis)
HKLM\...\Run: [accessibility_api] => C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe [175616 2013-03-07] (American Megatrends, Inc)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [accessibility_api] => C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe [175616 2013-03-07] (American Megatrends, Inc)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\RunOnce: [queue] => C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe [171520 2013-06-10] (Faronics Corporation)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\MountPoints2: {9116d1a0-cc3a-11e3-bd1f-e03f491a4f5a} - I:\pushinst.exe
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Winlogon: [Shell] C:\Program Files\Canon\MyPrinter\PL\32bit\app_bar\configuration.exe,explorer.exe <==== ATTENTION
IFEO\cnqmmain.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\efficientstickynotes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files (x86)\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Sticky Notes.lnk
ShortcutTarget: Efficient Sticky Notes.lnk -> C:\Program Files (x86)\Efficient Sticky Notes\EfficientStickyNotes.exe (Efficient Software)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {E79E229F-F9AA-403C-9DCB-5BBD1D0B82B0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
CHR Extension: (Avira Browser Safety) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]
CHR Extension: (Google Wallet) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe sweet-page

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [1914768 2010-11-30] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
S2 click; C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\privilege\basal_metabolic_rate.exe [175616 2014-05-14] (American Megatrends, Inc) [File not signed]
S2 DMS; C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe [4638352 2010-11-30] (Acronis)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
S1 axnsraer; \??\C:\Windows\system32\drivers\axnsraer.sys [X]
S1 ddoiigbx; \??\C:\Windows\system32\drivers\ddoiigbx.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S1 fsmsnfwt; \??\C:\Windows\system32\drivers\fsmsnfwt.sys [X]
S1 ihnucalu; \??\C:\Windows\system32\drivers\ihnucalu.sys [X]
S1 itcwrofb; \??\C:\Windows\system32\drivers\itcwrofb.sys [X]
S1 jmkcmoxh; \??\C:\Windows\system32\drivers\jmkcmoxh.sys [X]
S1 lacwkzcs; \??\C:\Windows\system32\drivers\lacwkzcs.sys [X]
S1 lfjdnuqm; \??\C:\Windows\system32\drivers\lfjdnuqm.sys [X]
S1 nesesnma; \??\C:\Windows\system32\drivers\nesesnma.sys [X]
S1 nmwtxjbn; \??\C:\Windows\system32\drivers\nmwtxjbn.sys [X]
S1 nqhqxrbj; \??\C:\Windows\system32\drivers\nqhqxrbj.sys [X]
S1 ohryqmkp; \??\C:\Windows\system32\drivers\ohryqmkp.sys [X]
S1 pqtxhguf; \??\C:\Windows\system32\drivers\pqtxhguf.sys [X]
S1 rciklfqv; \??\C:\Windows\system32\drivers\rciklfqv.sys [X]
S1 rhjxtslu; \??\C:\Windows\system32\drivers\rhjxtslu.sys [X]
S1 tvmeatie; \??\C:\Windows\system32\drivers\tvmeatie.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 14:08 - 2014-10-03 14:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 14:07 - 2014-10-03 14:07 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-03 14:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-03 14:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-03 14:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-03 14:06 - 2014-10-03 14:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marion\Desktop\mbam-setup-2.0.2.1012.exe
2014-10-03 13:49 - 2014-10-03 14:29 - 00064522 _____ () C:\Windows\PFRO.log
2014-10-03 13:46 - 2014-10-03 13:46 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\1H1Q
2014-10-03 13:45 - 2014-10-03 14:27 - 00000000 ____D () C:\ProgramData\Systweak
2014-10-03 13:45 - 2014-10-03 13:56 - 00001157 _____ () C:\Users\Public\Desktop\FileOpener.lnk
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\Program Files\TermTutor
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\Program Files (x86)\Tweaks
2014-10-03 13:44 - 2014-10-03 13:44 - 00716656 _____ ( ) C:\Users\Marion\Desktop\FileOpenerSetup.exe
2014-10-03 10:28 - 2014-10-03 14:37 - 00018238 _____ () C:\Users\Marion\Desktop\FRST.txt
2014-10-03 10:28 - 2014-10-03 14:37 - 00000000 ____D () C:\FRST
2014-10-03 10:27 - 2014-10-03 10:27 - 02109440 _____ (Farbar) C:\Users\Marion\Desktop\FRST64.exe
2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\VisualShape
2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\ProgramData\VisualShape
2014-10-03 09:52 - 2014-10-03 09:52 - 00001023 _____ () C:\Users\Public\Desktop\Farm to Fork Sammleredition.lnk
2014-10-03 09:06 - 2014-10-03 14:29 - 00000224 _____ () C:\Windows\setupact.log
2014-10-03 09:06 - 2014-10-03 09:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-01 10:53 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:53 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:45 - 2014-09-30 17:45 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\10tons
2014-09-29 11:20 - 2014-10-01 11:40 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Dfsntdevjq
2014-09-27 15:20 - 2014-09-29 11:20 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Owuu
2014-09-27 11:58 - 2014-09-27 11:56 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-27 11:56 - 2014-09-27 11:56 - 00002025 _____ () C:\Users\Marion\Desktop\Avira Free Antivirus starten.lnk
2014-09-27 11:56 - 2014-09-27 11:56 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Avira
2014-09-27 11:55 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-27 11:55 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-27 11:55 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-27 11:41 - 2014-09-27 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-27 09:19 - 2014-09-27 15:20 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Mdffocmx
2014-09-27 09:09 - 2014-09-29 11:34 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Rtpzgejllg
2014-09-26 17:49 - 2014-09-27 09:19 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Psny
2014-09-26 08:43 - 2014-09-26 23:15 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Ydllnepc
2014-09-26 08:29 - 2014-09-26 17:49 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Rqhcinlpl
2014-09-25 19:46 - 2014-09-25 19:46 - 00000975 _____ () C:\Users\Public\Desktop\Königliche Puzzle 2.lnk
2014-09-25 19:45 - 2014-09-25 19:45 - 00000967 _____ () C:\Users\Public\Desktop\Königliche Puzzle.lnk
2014-09-25 19:27 - 2014-09-25 19:27 - 00001031 _____ () C:\Users\Public\Desktop\Puzzle-Holiday Valentinstag.lnk
2014-09-25 18:55 - 2014-09-25 18:56 - 00000000 ____D () C:\Users\Marion\Desktop\Programme
2014-09-25 12:03 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-25 12:03 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-25 12:03 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-25 12:03 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-25 11:51 - 2014-09-25 11:50 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-25 11:50 - 2014-09-25 11:50 - 00000000 ____D () C:\Program Files\Java
2014-09-25 10:52 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-09-25 10:49 - 2014-10-03 13:23 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-25 10:42 - 2014-09-25 10:42 - 00004030 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-25 10:41 - 2014-10-03 14:27 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Systweak
2014-09-25 10:41 - 2014-10-03 13:56 - 00002376 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-25 10:41 - 2014-08-29 17:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-09-25 10:29 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-25 10:29 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-25 10:29 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-25 10:29 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-25 10:29 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-25 10:29 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-25 10:29 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-25 10:29 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-25 10:29 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-25 10:29 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-25 10:29 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-25 10:29 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-25 10:29 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-25 10:29 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-25 10:29 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-25 10:29 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-25 10:28 - 2014-09-25 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-25 10:28 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-25 10:28 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-25 10:28 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-09-25 10:28 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-25 10:28 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-25 10:27 - 2014-09-25 10:27 - 00007605 _____ () C:\Users\Marion\AppData\Local\Resmon.ResmonCfg
2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-25 10:26 - 2014-09-25 10:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-09-25 10:25 - 2014-09-25 10:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2014-09-25 10:12 - 2014-09-27 12:13 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-25 10:12 - 2014-09-25 10:12 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-25 09:43 - 2014-09-25 11:13 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Obfii
2014-09-25 09:32 - 2014-10-03 14:31 - 00000000 ____D () C:\ProgramData\evg
2014-09-25 09:31 - 2014-09-25 09:31 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Xggt
2014-09-24 09:37 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:37 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 10:36 - 2014-09-16 10:36 - 00001039 _____ () C:\Users\Public\Desktop\Gizmos - Rätsel des Universums.lnk
2014-09-16 10:36 - 2014-09-16 10:36 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Western Software Technologies
2014-09-12 00:29 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:29 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 00:29 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:29 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:29 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:29 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:29 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:29 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:29 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:29 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:29 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:29 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:29 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:29 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:29 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:29 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 00:29 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:29 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:29 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 00:29 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:29 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 00:29 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:29 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:29 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 00:29 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 00:29 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:29 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 00:29 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 00:29 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 00:29 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 00:29 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:29 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:29 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:29 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:29 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 00:29 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 00:29 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 00:29 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:29 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 00:29 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 00:29 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:29 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:29 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 00:29 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 00:29 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:29 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 00:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 00:28 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:28 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 00:22 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 00:22 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 21:21 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 21:21 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 21:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 21:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 21:21 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 21:21 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 21:21 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 21:21 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 21:21 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 21:21 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 21:21 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-08 08:34 - 2014-10-03 14:29 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 08:34 - 2014-10-03 13:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 08:34 - 2014-09-27 11:42 - 00004116 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-08 08:34 - 2014-09-27 11:42 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-08 08:34 - 2014-09-08 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-07 21:43 - 2014-09-25 11:24 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-07 21:43 - 2014-09-07 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-09-07 21:39 - 2014-09-25 11:24 - 00000000 ____D () C:\Program Files (x86)\Yahoo!

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 14:36 - 2014-02-15 19:35 - 01295060 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 14:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2014-10-03 14:25 - 2014-02-15 21:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 14:07 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 14:07 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 13:56 - 2014-02-15 19:58 - 00001640 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-03 10:25 - 2014-02-15 20:28 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Skype
2014-10-03 10:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-03 09:53 - 2014-02-20 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
2014-10-02 20:17 - 2014-02-15 20:03 - 00000000 ____D () C:\Users\Marion\AppData\Local\CrashDumps
2014-10-02 13:57 - 2014-06-02 11:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-10-02 13:34 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Adobe
2014-10-02 09:16 - 2014-02-21 21:35 - 00000000 ____D () C:\Users\Marion\Desktop\Spiele
2014-09-29 19:55 - 2014-02-15 21:23 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\vlc
2014-09-29 13:13 - 2014-08-10 20:12 - 00000000 ____D () C:\Users\Marion\Documents\8floor
2014-09-27 12:26 - 2014-02-15 23:24 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-09-27 12:25 - 2014-02-15 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-09-27 11:55 - 2014-02-23 00:08 - 00000000 ____D () C:\ProgramData\Avira
2014-09-27 11:55 - 2014-02-23 00:08 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-27 11:41 - 2014-08-05 09:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-27 11:04 - 2014-02-15 23:16 - 00001185 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-27 09:13 - 2014-06-04 09:10 - 00003854 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1392487835
2014-09-27 09:13 - 2014-02-15 20:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-26 12:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 18:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-25 16:31 - 2014-02-15 23:42 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-09-25 11:36 - 2014-02-24 21:59 - 00000000 ____D () C:\Users\Marion\Documents\EfficientPIM AutoBackup
2014-09-25 11:36 - 2014-02-16 00:56 - 00598016 _____ () C:\Users\Marion\Documents\MyStickyNotes.esn
2014-09-25 11:13 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Local\VirtualStore
2014-09-25 10:32 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-25 10:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-25 10:15 - 2014-02-15 23:16 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\TeamViewer
2014-09-25 10:15 - 2013-11-19 11:32 - 00000000 ____D () C:\Windows\Panther
2014-09-24 19:25 - 2014-02-15 21:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 19:25 - 2014-02-15 21:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 19:25 - 2014-02-15 21:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 09:35 - 2014-02-15 21:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-23 09:33 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-20 09:09 - 2014-02-21 10:34 - 00000000 ____D () C:\Users\Acronis Agent User\AppData\Local\CrashDumps
2014-09-18 09:41 - 2014-02-15 20:28 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 10:05 - 2014-08-18 18:24 - 00000000 ____D () C:\Users\Marion\Documents\Outlook-Dateien
2014-09-12 00:28 - 2014-02-15 21:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 00:28 - 2013-11-19 11:37 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 00:28 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 00:28 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 00:28 - 2009-07-14 07:13 - 01592628 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 00:27 - 2014-02-18 10:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 00:22 - 2014-05-06 23:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 21:46 - 2014-02-15 21:08 - 00000000 ____D () C:\Users\Marion\AppData\Local\Adobe
2014-09-08 08:47 - 2014-02-15 21:09 - 00000000 ____D () C:\Users\Marion\AppData\Local\Google
2014-09-08 08:34 - 2014-02-15 21:09 - 00000000 ____D () C:\Program Files (x86)\Google

Some content of TEMP:
====================
C:\Users\Marion\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 12:35

==================== End Of Log ============================
--- --- ---

--- --- ---



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Marion (administrator) on MARION-PC on 03-10-2014 14:37:00
Running from C:\Users\Marion\Desktop
Loaded Profile: Marion (Available profiles: Marion & Acronis Agent User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Hama GmbH & Co KG) C:\Program Files (x86)\Hama\Common\RaUI.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
() C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [383248 2010-11-30] (Acronis)
HKLM\...\Run: [accessibility_api] => C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe [175616 2013-03-07] (American Megatrends, Inc)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [accessibility_api] => C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe [175616 2013-03-07] (American Megatrends, Inc)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\RunOnce: [queue] => C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe [171520 2013-06-10] (Faronics Corporation)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\MountPoints2: {9116d1a0-cc3a-11e3-bd1f-e03f491a4f5a} - I:\pushinst.exe
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Winlogon: [Shell] C:\Program Files\Canon\MyPrinter\PL\32bit\app_bar\configuration.exe,explorer.exe <==== ATTENTION
IFEO\cnqmmain.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\efficientstickynotes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files (x86)\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Sticky Notes.lnk
ShortcutTarget: Efficient Sticky Notes.lnk -> C:\Program Files (x86)\Efficient Sticky Notes\EfficientStickyNotes.exe (Efficient Software)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {E79E229F-F9AA-403C-9DCB-5BBD1D0B82B0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
CHR Extension: (Avira Browser Safety) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]
CHR Extension: (Google Wallet) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe sweet-page

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [1914768 2010-11-30] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
S2 click; C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\privilege\basal_metabolic_rate.exe [175616 2014-05-14] (American Megatrends, Inc) [File not signed]
S2 DMS; C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe [4638352 2010-11-30] (Acronis)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
S1 axnsraer; \??\C:\Windows\system32\drivers\axnsraer.sys [X]
S1 ddoiigbx; \??\C:\Windows\system32\drivers\ddoiigbx.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S1 fsmsnfwt; \??\C:\Windows\system32\drivers\fsmsnfwt.sys [X]
S1 ihnucalu; \??\C:\Windows\system32\drivers\ihnucalu.sys [X]
S1 itcwrofb; \??\C:\Windows\system32\drivers\itcwrofb.sys [X]
S1 jmkcmoxh; \??\C:\Windows\system32\drivers\jmkcmoxh.sys [X]
S1 lacwkzcs; \??\C:\Windows\system32\drivers\lacwkzcs.sys [X]
S1 lfjdnuqm; \??\C:\Windows\system32\drivers\lfjdnuqm.sys [X]
S1 nesesnma; \??\C:\Windows\system32\drivers\nesesnma.sys [X]
S1 nmwtxjbn; \??\C:\Windows\system32\drivers\nmwtxjbn.sys [X]
S1 nqhqxrbj; \??\C:\Windows\system32\drivers\nqhqxrbj.sys [X]
S1 ohryqmkp; \??\C:\Windows\system32\drivers\ohryqmkp.sys [X]
S1 pqtxhguf; \??\C:\Windows\system32\drivers\pqtxhguf.sys [X]
S1 rciklfqv; \??\C:\Windows\system32\drivers\rciklfqv.sys [X]
S1 rhjxtslu; \??\C:\Windows\system32\drivers\rhjxtslu.sys [X]
S1 tvmeatie; \??\C:\Windows\system32\drivers\tvmeatie.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 14:08 - 2014-10-03 14:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 14:07 - 2014-10-03 14:07 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-03 14:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-03 14:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-03 14:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-03 14:06 - 2014-10-03 14:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marion\Desktop\mbam-setup-2.0.2.1012.exe
2014-10-03 13:49 - 2014-10-03 14:29 - 00064522 _____ () C:\Windows\PFRO.log
2014-10-03 13:46 - 2014-10-03 13:46 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\1H1Q
2014-10-03 13:45 - 2014-10-03 14:27 - 00000000 ____D () C:\ProgramData\Systweak
2014-10-03 13:45 - 2014-10-03 13:56 - 00001157 _____ () C:\Users\Public\Desktop\FileOpener.lnk
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\Program Files\TermTutor
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\Program Files (x86)\Tweaks
2014-10-03 13:44 - 2014-10-03 13:44 - 00716656 _____ ( ) C:\Users\Marion\Desktop\FileOpenerSetup.exe
2014-10-03 10:28 - 2014-10-03 14:37 - 00018238 _____ () C:\Users\Marion\Desktop\FRST.txt
2014-10-03 10:28 - 2014-10-03 14:37 - 00000000 ____D () C:\FRST
2014-10-03 10:27 - 2014-10-03 10:27 - 02109440 _____ (Farbar) C:\Users\Marion\Desktop\FRST64.exe
2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\VisualShape
2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\ProgramData\VisualShape
2014-10-03 09:52 - 2014-10-03 09:52 - 00001023 _____ () C:\Users\Public\Desktop\Farm to Fork Sammleredition.lnk
2014-10-03 09:06 - 2014-10-03 14:29 - 00000224 _____ () C:\Windows\setupact.log
2014-10-03 09:06 - 2014-10-03 09:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-01 10:53 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:53 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:45 - 2014-09-30 17:45 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\10tons
2014-09-29 11:20 - 2014-10-01 11:40 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Dfsntdevjq
2014-09-27 15:20 - 2014-09-29 11:20 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Owuu
2014-09-27 11:58 - 2014-09-27 11:56 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-27 11:56 - 2014-09-27 11:56 - 00002025 _____ () C:\Users\Marion\Desktop\Avira Free Antivirus starten.lnk
2014-09-27 11:56 - 2014-09-27 11:56 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Avira
2014-09-27 11:55 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-27 11:55 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-27 11:55 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-27 11:41 - 2014-09-27 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-27 09:19 - 2014-09-27 15:20 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Mdffocmx
2014-09-27 09:09 - 2014-09-29 11:34 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Rtpzgejllg
2014-09-26 17:49 - 2014-09-27 09:19 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Psny
2014-09-26 08:43 - 2014-09-26 23:15 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Ydllnepc
2014-09-26 08:29 - 2014-09-26 17:49 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Rqhcinlpl
2014-09-25 19:46 - 2014-09-25 19:46 - 00000975 _____ () C:\Users\Public\Desktop\Königliche Puzzle 2.lnk
2014-09-25 19:45 - 2014-09-25 19:45 - 00000967 _____ () C:\Users\Public\Desktop\Königliche Puzzle.lnk
2014-09-25 19:27 - 2014-09-25 19:27 - 00001031 _____ () C:\Users\Public\Desktop\Puzzle-Holiday Valentinstag.lnk
2014-09-25 18:55 - 2014-09-25 18:56 - 00000000 ____D () C:\Users\Marion\Desktop\Programme
2014-09-25 12:03 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-25 12:03 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-25 12:03 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-25 12:03 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-25 11:51 - 2014-09-25 11:50 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-25 11:50 - 2014-09-25 11:50 - 00000000 ____D () C:\Program Files\Java
2014-09-25 10:52 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-09-25 10:49 - 2014-10-03 13:23 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-25 10:42 - 2014-09-25 10:42 - 00004030 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-25 10:41 - 2014-10-03 14:27 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Systweak
2014-09-25 10:41 - 2014-10-03 13:56 - 00002376 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-25 10:41 - 2014-08-29 17:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-09-25 10:29 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-25 10:29 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-25 10:29 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-25 10:29 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-25 10:29 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-25 10:29 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-25 10:29 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-25 10:29 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-25 10:29 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-25 10:29 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-25 10:29 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-25 10:29 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-25 10:29 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-25 10:29 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-25 10:29 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-25 10:29 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-25 10:28 - 2014-09-25 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-25 10:28 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-25 10:28 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-25 10:28 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-09-25 10:28 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-25 10:28 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-25 10:27 - 2014-09-25 10:27 - 00007605 _____ () C:\Users\Marion\AppData\Local\Resmon.ResmonCfg
2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-25 10:26 - 2014-09-25 10:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-09-25 10:25 - 2014-09-25 10:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2014-09-25 10:12 - 2014-09-27 12:13 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-25 10:12 - 2014-09-25 10:12 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-25 09:43 - 2014-09-25 11:13 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Obfii
2014-09-25 09:32 - 2014-10-03 14:31 - 00000000 ____D () C:\ProgramData\evg
2014-09-25 09:31 - 2014-09-25 09:31 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Xggt
2014-09-24 09:37 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:37 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 10:36 - 2014-09-16 10:36 - 00001039 _____ () C:\Users\Public\Desktop\Gizmos - Rätsel des Universums.lnk
2014-09-16 10:36 - 2014-09-16 10:36 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Western Software Technologies
2014-09-12 00:29 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:29 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 00:29 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:29 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:29 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:29 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:29 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:29 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:29 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:29 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:29 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:29 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:29 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:29 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:29 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:29 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 00:29 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:29 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:29 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 00:29 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:29 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 00:29 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:29 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:29 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 00:29 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 00:29 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:29 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 00:29 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 00:29 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 00:29 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 00:29 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:29 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:29 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:29 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:29 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 00:29 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 00:29 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 00:29 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:29 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 00:29 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 00:29 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:29 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:29 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 00:29 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 00:29 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:29 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 00:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 00:28 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:28 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 00:22 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 00:22 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 21:21 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 21:21 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 21:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 21:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 21:21 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 21:21 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 21:21 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 21:21 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 21:21 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 21:21 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 21:21 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-08 08:34 - 2014-10-03 14:29 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 08:34 - 2014-10-03 13:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 08:34 - 2014-09-27 11:42 - 00004116 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-08 08:34 - 2014-09-27 11:42 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-08 08:34 - 2014-09-08 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-07 21:43 - 2014-09-25 11:24 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-07 21:43 - 2014-09-07 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-09-07 21:39 - 2014-09-25 11:24 - 00000000 ____D () C:\Program Files (x86)\Yahoo!

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 14:36 - 2014-02-15 19:35 - 01295060 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 14:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2014-10-03 14:25 - 2014-02-15 21:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 14:07 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 14:07 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 13:56 - 2014-02-15 19:58 - 00001640 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-03 10:25 - 2014-02-15 20:28 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Skype
2014-10-03 10:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-03 09:53 - 2014-02-20 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
2014-10-02 20:17 - 2014-02-15 20:03 - 00000000 ____D () C:\Users\Marion\AppData\Local\CrashDumps
2014-10-02 13:57 - 2014-06-02 11:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-10-02 13:34 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Adobe
2014-10-02 09:16 - 2014-02-21 21:35 - 00000000 ____D () C:\Users\Marion\Desktop\Spiele
2014-09-29 19:55 - 2014-02-15 21:23 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\vlc
2014-09-29 13:13 - 2014-08-10 20:12 - 00000000 ____D () C:\Users\Marion\Documents\8floor
2014-09-27 12:26 - 2014-02-15 23:24 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-09-27 12:25 - 2014-02-15 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-09-27 11:55 - 2014-02-23 00:08 - 00000000 ____D () C:\ProgramData\Avira
2014-09-27 11:55 - 2014-02-23 00:08 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-27 11:41 - 2014-08-05 09:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-27 11:04 - 2014-02-15 23:16 - 00001185 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-27 09:13 - 2014-06-04 09:10 - 00003854 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1392487835
2014-09-27 09:13 - 2014-02-15 20:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-26 12:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 18:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-25 16:31 - 2014-02-15 23:42 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-09-25 11:36 - 2014-02-24 21:59 - 00000000 ____D () C:\Users\Marion\Documents\EfficientPIM AutoBackup
2014-09-25 11:36 - 2014-02-16 00:56 - 00598016 _____ () C:\Users\Marion\Documents\MyStickyNotes.esn
2014-09-25 11:13 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Local\VirtualStore
2014-09-25 10:32 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-25 10:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-25 10:15 - 2014-02-15 23:16 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\TeamViewer
2014-09-25 10:15 - 2013-11-19 11:32 - 00000000 ____D () C:\Windows\Panther
2014-09-24 19:25 - 2014-02-15 21:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 19:25 - 2014-02-15 21:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 19:25 - 2014-02-15 21:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 09:35 - 2014-02-15 21:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-23 09:33 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-20 09:09 - 2014-02-21 10:34 - 00000000 ____D () C:\Users\Acronis Agent User\AppData\Local\CrashDumps
2014-09-18 09:41 - 2014-02-15 20:28 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 10:05 - 2014-08-18 18:24 - 00000000 ____D () C:\Users\Marion\Documents\Outlook-Dateien
2014-09-12 00:28 - 2014-02-15 21:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 00:28 - 2013-11-19 11:37 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 00:28 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 00:28 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 00:28 - 2009-07-14 07:13 - 01592628 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 00:27 - 2014-02-18 10:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 00:22 - 2014-05-06 23:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 21:46 - 2014-02-15 21:08 - 00000000 ____D () C:\Users\Marion\AppData\Local\Adobe
2014-09-08 08:47 - 2014-02-15 21:09 - 00000000 ____D () C:\Users\Marion\AppData\Local\Google
2014-09-08 08:34 - 2014-02-15 21:09 - 00000000 ____D () C:\Program Files (x86)\Google

Some content of TEMP:
====================
C:\Users\Marion\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 12:35

==================== End Of Log ============================
--- --- ---

--- --- ---

deeprybka 03.10.2014 13:51
Wenn Du mit diesem PC sensible Logins machst, also Online-Banking, paypal etc. dann bitte von einem sauberen PC aus (oder mit Handy, Tablet) die Passwörter ändern und diesen bis zum clean nicht mehr dafür verwenden.


Schritt 1
Downloade Dir HitmanProhttp://deeprybka.trojaner-board.de/b.../hitmanpro.pngauf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version

Marion1604 03.10.2014 14:07
Code:
HitmanPro 3.7.9.225
www.hitmanpro.com

  Computer name . . . . : MARION-PC
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : Marion-PC\Marion
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2014-10-03 14:58:28
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 8m 1s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 9
  Traces  . . . . . . . : 39

  Objects scanned . . . : 1.338.226
  Files scanned . . . . : 20.362
  Remnants scanned  . . : 287.163 files / 1.030.701 keys

Malware _____________________________________________________________________

  C:\Users\Marion\AppData\Local\Temp\is1242154493\16755810_stp\termtutor-setup-1.9.0.8.exe
      Size . . . . . . . : 1.104.088 bytes
      Age  . . . . . . . : 0.1 days (2014-10-03 13:45:23)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : C90802B073D4E2DB8529B1A777C32B7A9F35A6281918A37A3F1789DD3D111904
      Needs elevation  . : Yes
      Product  . . . . . : Term Tutor
      Publisher  . . . . : Term Tutor
      Description  . . . : Term Tutor Setup
      Version  . . . . . : 1.9.0.8
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.Vitruvian.A
      Fuzzy  . . . . . . : 103.0
      Forensic Cluster
        -144.0s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000192
        -134.8s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000193
        -106.5s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000194
        -92.0s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000195
        -71.6s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000196
        -65.5s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000197
        -62.4s C:\Users\Marion\Desktop\FileOpenerSetup.exe
        -56.2s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000198
        -51.0s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000199
        -47.5s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_00019a
        -41.0s C:\Users\Marion\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_F54700C2D01A2603C5E39160B737AF90
        -41.0s C:\Users\Marion\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_F54700C2D01A2603C5E39160B737AF90
        -16.7s C:\Users\Marion\AppData\Local\Temp\is1242154493\
        -15.2s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755580_stp.EXE.part
        -14.0s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755624_stp.CIS
        -14.0s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755687_stp.CIS
        -13.8s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\Yes_Button[1].png
        -13.8s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\declineBG[1].png
        -13.7s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755716_stp.CIS
        -13.7s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\Yes_Button_Hover[1].png
        -13.5s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\No_Button[1].png
        -13.5s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\No_Button_Hover[1].png
        -13.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\Taderonadan[1].png
        -13.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\Lilisipipe[1].png
        -13.2s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\Noseresel[1].png
        -13.0s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\bg1[1].png
        -13.0s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\bg2[1].png
        -12.5s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\bg3[1].png
        -12.4s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755810_stp.CIS
        -11.7s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755624_stp.CIS.part
        -11.7s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755888_stp.CIS
        -11.5s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755716_stp.CIS.part
        -11.4s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755624_stp\
        -11.4s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755624_stp\RAM.dll
        -11.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\IE_logo[1].png
        -11.1s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755687_stp.CIS.part
        -11.1s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755997_stp.CIS
        -11.1s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\CH_logo[1].png
        -10.5s C:\Users\Marion\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BD7WXA7U\hub.freshmilk.tv\analytics.sol
        -10.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\FF_logo[1].png
        -10.2s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755716_stp\
        -10.2s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755716_stp\Sept30_cor_sweet-page.exe
        -10.1s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\Sys_CPC_FR_GG-TYP_5853_All_All_300_JuneBlack_LP2_30622_fc[1].gif
        -9.8s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\Sasatagete[1].PNG
        -9.7s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\blank[1].gif
        -9.4s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\Sasatagete_v9[1].png
        -9.2s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755888_stp.CIS.part
        -9.1s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\BG[1].png
        -8.7s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755810_stp.CIS.part
        -8.4s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\Logo_Bisli[1].png
        -8.0s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\Sesakesaye_bisli[1].png
        -7.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\Pepeseped_dark[1].png
        -6.6s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\Pepeseped_steps[1].png
        -5.2s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755687_stp\
        -5.2s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755687_stp\icc.dll
        -5.2s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755687_stp\sqlite3.dll
        -5.2s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\logo[1].png
        -4.9s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\Nafidiri[1].png
        -4.7s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\Ropopi_Title[1].png
        -4.7s C:\Users\Marion\AppData\Local\Temp\icc_051186061212\
        -4.4s C:\Program Files (x86)\Tweaks\FileOpener\
        -4.4s C:\Program Files (x86)\Tweaks\FileOpener\fileopener.exe
        -4.4s C:\Program Files (x86)\Tweaks\
        -4.4s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755997_stp.CIS.part
        -4.4s C:\Program Files (x86)\Tweaks\FileOpener\7z.dll
        -4.4s C:\Program Files (x86)\Tweaks\FileOpener\uninstall.exe
        -4.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\Nobaxotat_logo[1].png
        -4.2s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\Gegogego[1].png
        -4.2s C:\Users\Public\Desktop\FileOpener.lnk
        -4.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener\
        -4.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener\FileOpener.lnk
        -4.1s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener\uninstall.lnk
        -3.9s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\Gegogego_Bisli[1].png
        -3.6s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\Memiticeper_BG[1].png
        -3.1s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\Memiticeper_BG_BR[1].png
        -1.9s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\logo[1].png
        -1.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\logo_new[1].png
        -0.9s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\Rerarapepe3[1].jpg
        -0.8s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\Rerarapepe[1].png
        -0.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\Rerarapepe_b[1].png
        -0.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\MagerogomENv1[1].jpg
        -0.0s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755810_stp\
          0.0s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755810_stp\termtutor-setup-1.9.0.8.exe
          0.4s C:\Users\Marion\AppData\Local\Temp\A70348E2-551D-478E-84FD-4096F000EB70
          0.4s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\MagerogomENv2[1].jpg
          0.7s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\Tasapara2[1].jpg
          1.0s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755997_stp\
          1.0s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755997_stp\uninstaller.exe
          1.5s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\bg1[1].jpg
          1.5s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\bg2[1].jpg
          3.7s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\Fidamidifip[1].png
          4.8s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755888_stp\
          4.8s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755888_stp\rcpsetup_adppi15_adppi15.exe
          5.7s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_00019b
          7.8s C:\Users\Marion\AppData\Local\Temp\D94CB95F.TMP
          9.2s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\info[1]
          9.4s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\plus[1]
        12.4s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\WDCXWD10EZEX-00KUWA0_WD-WCC1S725322953229[1].htm
        13.1s C:\Users\Marion\AppData\Local\Temp\vitruvian-installer-processes-v0001
        14.0s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\1[1].zip
        14.8s C:\Users\Marion\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
        14.8s C:\Users\Marion\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F
        15.2s C:\Users\Marion\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0001
        15.7s C:\Program Files\TermTutor\
        15.7s C:\Program Files\TermTutor\IE\
        16.2s C:\Windows\Temp\SSL\
        16.2s C:\Users\Marion\AppData\Local\Temp\vitruvian-installer-install-v0001
        16.4s C:\Users\Marion\AppData\Local\Temp\install
        17.9s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_00019c
        21.9s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\WDCXWD10EZEX-00KUWA0_WD-WCC1S725322953229[1].htm
        32.7s C:\Users\Marion\AppData\Local\Temp\FBFDE863-3C17-4B82-A5D1-9B8ED5BE6B40.tmp
        33.6s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\2[1].zip
        34.3s C:\ProgramData\Systweak\
        34.6s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector\
        34.6s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector\Advanced-System Protector.lnk
        34.6s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector\Register Advanced-System Protector.lnk
        34.6s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector\Advanced-System Protector Trouble Shooter.lnk
        34.8s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector\Advanced-System Protector entfernen.lnk
        35.9s C:\Users\Marion\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
        35.9s C:\Users\Marion\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54
        38.1s C:\Users\Marion\AppData\Local\Temp\38D3540D.TMP
        47.7s C:\Users\Marion\AppData\Local\Temp\WebDataJs


Suspicious files ____________________________________________________________

  C:\Users\Marion\Desktop\FRST64.exe
      Size . . . . . . . : 2.109.440 bytes
      Age  . . . . . . . : 0.2 days (2014-10-03 10:27:31)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : E1B58F8F8E207B8F72F6E51325D749230850C51347BF3D841E6E89E3F705C316
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
        Program has no publisher information but prompts the user for permission elevation.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.


Malware remnants ____________________________________________________________

  Google Chrome.lnk
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\

  sweet-page
  C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Web Data

  Google Chrome.lnk
  C:\Users\Marion\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ (Jotzey)
  HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\ (Hijacker)
  HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\ (Hijacker)
  HKLM\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command\ (Hijacker)
  HKLM\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\OperaStable\shell\open\command\ (Hijacker)

Potential Unwanted Programs _________________________________________________

  C:\ProgramData\APN\ (AskBar)
  C:\ProgramData\Systweak\ (Systweak)
  C:\Users\Marion\AppData\Roaming\Systweak\ (Systweak)
  C:\Users\Marion\Documents\Optimizer Pro\ (PCOptimizerPro)
  C:\Users\Marion\Documents\Optimizer Pro\CookiesException.txt (PCOptimizerPro)
  HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\ (FLV Player)
  HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)
  HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)
  HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)
  HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\ (RegClean Pro)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\ (FLV Player)
  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro\ (RegClean Pro)
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32\ (AdvSysProtector)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS\ (AdvSysProtector)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASAPI32\ (BrowserSafeguard)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASMANCS\ (BrowserSafeguard)
  HKLM\SOFTWARE\Wow6432Node\Systweak\ (AdvSysProtector)
  HKLM\SOFTWARE\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}\ (FLV Player)
  HKLM\SOFTWARE\Wow6432Node\{6791A2F3-FC80-475C-A002-C014AF797E9C}\ (FLV Player)
  HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
  HKU\.DEFAULT\Software\AskPartnerNetwork\ (AskBar)
  HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
  HKU\S-1-5-18\Software\AskPartnerNetwork\ (AskBar)
  HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
  HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\Software\Optimizer Pro\ (PCOptimizerPro)
  HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\Software\Softonic\ (Softonic)
  HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\Software\Systweak\ (AdvSysProtector)

deeprybka 03.10.2014 15:14
:wtf: komisches Log irgendwie...

Code:
2014-10-03 13:44 - 2014-10-03 13:44 - 00716656 _____ ( ) C:\Users\Marion\Desktop\FileOpenerSetup.exe
Upps...deswegen gibts kein Adwcleaner-Log :D


Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
CloseProcesses:
HKLM\...\Run: [accessibility_api] => C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe [175616 2013-03-07] (American Megatrends, Inc)
C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [accessibility_api] => C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe [175616 2013-03-07] (American Megatrends, Inc)
C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\RunOnce: [queue] => C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe [171520 2013-06-10] (Faronics Corporation)
C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Winlogon: [Shell] C:\Program Files\Canon\MyPrinter\PL\32bit\app_bar\configuration.exe,explorer.exe <==== ATTENTION
C:\Program Files\Canon\MyPrinter\PL\32bit\app_bar\configuration.exe
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {85F3EB34-4F79-4AD8-BFB5-B1650AD0535E} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
S1 ddoiigbx; \??\C:\Windows\system32\drivers\ddoiigbx.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S1 fsmsnfwt; \??\C:\Windows\system32\drivers\fsmsnfwt.sys [X]
S1 ihnucalu; \??\C:\Windows\system32\drivers\ihnucalu.sys [X]
S1 itcwrofb; \??\C:\Windows\system32\drivers\itcwrofb.sys [X]
S1 jmkcmoxh; \??\C:\Windows\system32\drivers\jmkcmoxh.sys [X]
S1 lacwkzcs; \??\C:\Windows\system32\drivers\lacwkzcs.sys [X]
S1 lfjdnuqm; \??\C:\Windows\system32\drivers\lfjdnuqm.sys [X]
S1 nesesnma; \??\C:\Windows\system32\drivers\nesesnma.sys [X]
S1 nmwtxjbn; \??\C:\Windows\system32\drivers\nmwtxjbn.sys [X]
S1 nqhqxrbj; \??\C:\Windows\system32\drivers\nqhqxrbj.sys [X]
S1 ohryqmkp; \??\C:\Windows\system32\drivers\ohryqmkp.sys [X]
S1 pqtxhguf; \??\C:\Windows\system32\drivers\pqtxhguf.sys [X]
S1 rciklfqv; \??\C:\Windows\system32\drivers\rciklfqv.sys [X]
S1 rhjxtslu; \??\C:\Windows\system32\drivers\rhjxtslu.sys [X]
S1 tvmeatie; \??\C:\Windows\system32\drivers\tvmeatie.sys [X]
2014-09-29 11:20 - 2014-10-01 11:40 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Dfsntdevjq
2014-09-27 15:20 - 2014-09-29 11:20 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Owuu
2014-09-27 09:19 - 2014-09-27 15:20 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Mdffocmx
2014-09-27 09:09 - 2014-09-29 11:34 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Rtpzgejllg
2014-09-26 17:49 - 2014-09-27 09:19 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Psny
2014-09-26 08:43 - 2014-09-26 23:15 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Ydllnepc
2014-09-26 08:29 - 2014-09-26 17:49 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Rqhcinlpl
2014-09-25 10:41 - 2014-10-03 14:27 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Systweak
2014-09-25 09:43 - 2014-09-25 11:13 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Obfii
2014-09-25 09:32 - 2014-10-03 14:31 - 00000000 ____D () C:\ProgramData\evg
2014-09-25 09:31 - 2014-09-25 09:31 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Xggt
2014-09-25 10:42 - 2014-09-25 10:42 - 00004030 _____ () C:\Windows\System32\Tasks\LaunchSignup
Folder: C:\Users\Marion\AppData\Roaming\10tons
2014-10-03 13:46 - 2014-10-03 13:46 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\1H1Q
2014-10-03 13:45 - 2014-10-03 14:27 - 00000000 ____D () C:\ProgramData\Systweak
2014-10-03 13:45 - 2014-10-03 13:56 - 00001157 _____ () C:\Users\Public\Desktop\FileOpener.lnk
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\Program Files\TermTutor
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\Program Files (x86)\Tweaks
2014-10-03 13:44 - 2014-10-03 13:44 - 00716656 _____ ( ) C:\Users\Marion\Desktop\FileOpenerSetup.exe
EmptyTemp:
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Nach dem Reboot bitte das Log posten und dann:


Dateien hochladen:
  • Link zum Upload-Channel.
  • Deaktiviere Dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Klicke auf der Seite des Upload-Channels auf http://deeprybka.trojaner-board.de/b...upload%203.PNG
  • Kopiere folgende Zeile(n) in das Dateiname-Feld und anschließend jeweils auf Öffnen.
    Code:
    C:\FRST\Quarantine.zip

Bitte um Rückmeldung ob es geklappt hat! ;)
Danke für Deine Hilfe!

Diesmal den richtigen Adwcleaner laden...:) http://www.trojaner-board.de/157635-...s-richtig.html
Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Marion1604 03.10.2014 15:17
Du das tu ich nicht, das war die Datei die ich vorhin herunterladen sollte, deswegen hatte ich mich auch gewundert warum die Text-Datei nicht auf ging als der Computer neu gestartet war

deeprybka 03.10.2014 15:23
Kein Problem! :abklatsch:
Hab den Baustein auf dem Handy noch nicht aktualisiert. :stirn:
Sonst wäre das beim 1. Post dabei gewesen. http://www.trojaner-board.de/157635-...s-richtig.html

Marion1604 03.10.2014 15:28
Ich habe nun die Datei abgespeichert unter FRST. Wenn ich dann auf Fix gehe, steht NO FIXLIST.TXT FOUND, the fixlist.txt should be in the same folder/directory the tool is located

deeprybka 03.10.2014 15:29
Du musst sie auf den Desktop abspeichern. ;)

Code:
Running from C:\Users\Marion\Desktop

Marion1604 03.10.2014 15:32
lach, du machst mich fertig ;)



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014
Ran by Marion at 2014-10-03 16:31:57 Run:1
Running from C:\Users\Marion\Desktop
Loaded Profiles: Marion & Acronis Agent User (Available profiles: Marion & Acronis Agent User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2014-10-03 13:44 - 2014-10-03 13:44 - 00716656 _____ ( ) C:\Users\Marion\Desktop\FileOpenerSetup.exe
*****************

C:\Users\Marion\Desktop\FileOpenerSetup.exe => Moved successfully.

==== End of Fixlog ====

deeprybka 03.10.2014 15:35
Und Du mich erst...:D

Bitte die Datei auf den Desktop laden und Schritt 1 wiederholen. :)

Marion1604 03.10.2014 15:41
Das mit der Zip-Datei hat geklappt ;)

deeprybka 03.10.2014 15:43
Ja, aber bitte das machen was ich oben geschrieben habe. Du hast die falsche fixlist gemacht. Meine bitte runterladen und Fix wiederholen, zip- bitte wieder hochladen.

Marion1604 03.10.2014 15:46
Tut mir leid daß ich dich so stresse, das ist keine Absicht :)

Sorry jetzt komm ich nicht mehr mit, ich hatte doch die kopiert die du mir geschickt hast

deeprybka 03.10.2014 15:48
Liste der Anhänge anzeigen (Anzahl: 1)
Diese Datei bitte auf den Desktop ablegen (also runterladen und vom Download-Verzeichnis auf den Desktop kopieren) dann FRST-Fix wiederholen. Nach dem Reboot zip hochladen und weiter mit den nächsten Schritten.

Marion1604 03.10.2014 16:02
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014
Ran by Marion at 2014-10-03 17:00:04 Run:4
Running from C:\Users\Marion\Desktop
Loaded Profiles: Marion & Acronis Agent User (Available profiles: Marion & Acronis Agent User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM\...\Run: [accessibility_api] => C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe [175616 2013-03-07] (American Megatrends, Inc)
C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [accessibility_api] => C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe [175616 2013-03-07] (American Megatrends, Inc)
C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\RunOnce: [queue] => C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe [171520 2013-06-10] (Faronics Corporation)
C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Winlogon: [Shell] C:\Program Files\Canon\MyPrinter\PL\32bit\app_bar\configuration.exe,explorer.exe <==== ATTENTION
C:\Program Files\Canon\MyPrinter\PL\32bit\app_bar\configuration.exe
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {85F3EB34-4F79-4AD8-BFB5-B1650AD0535E} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
S1 ddoiigbx; \??\C:\Windows\system32\drivers\ddoiigbx.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S1 fsmsnfwt; \??\C:\Windows\system32\drivers\fsmsnfwt.sys [X]
S1 ihnucalu; \??\C:\Windows\system32\drivers\ihnucalu.sys [X]
S1 itcwrofb; \??\C:\Windows\system32\drivers\itcwrofb.sys [X]
S1 jmkcmoxh; \??\C:\Windows\system32\drivers\jmkcmoxh.sys [X]
S1 lacwkzcs; \??\C:\Windows\system32\drivers\lacwkzcs.sys [X]
S1 lfjdnuqm; \??\C:\Windows\system32\drivers\lfjdnuqm.sys [X]
S1 nesesnma; \??\C:\Windows\system32\drivers\nesesnma.sys [X]
S1 nmwtxjbn; \??\C:\Windows\system32\drivers\nmwtxjbn.sys [X]
S1 nqhqxrbj; \??\C:\Windows\system32\drivers\nqhqxrbj.sys [X]
S1 ohryqmkp; \??\C:\Windows\system32\drivers\ohryqmkp.sys [X]
S1 pqtxhguf; \??\C:\Windows\system32\drivers\pqtxhguf.sys [X]
S1 rciklfqv; \??\C:\Windows\system32\drivers\rciklfqv.sys [X]
S1 rhjxtslu; \??\C:\Windows\system32\drivers\rhjxtslu.sys [X]
S1 tvmeatie; \??\C:\Windows\system32\drivers\tvmeatie.sys [X]
2014-09-29 11:20 - 2014-10-01 11:40 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Dfsntdevjq
2014-09-27 15:20 - 2014-09-29 11:20 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Owuu
2014-09-27 09:19 - 2014-09-27 15:20 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Mdffocmx
2014-09-27 09:09 - 2014-09-29 11:34 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Rtpzgejllg
2014-09-26 17:49 - 2014-09-27 09:19 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Psny
2014-09-26 08:43 - 2014-09-26 23:15 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Ydllnepc
2014-09-26 08:29 - 2014-09-26 17:49 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Rqhcinlpl
2014-09-25 10:41 - 2014-10-03 14:27 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Systweak
2014-09-25 09:43 - 2014-09-25 11:13 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Obfii
2014-09-25 09:32 - 2014-10-03 14:31 - 00000000 ____D () C:\ProgramData\evg
2014-09-25 09:31 - 2014-09-25 09:31 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Xggt
2014-09-25 10:42 - 2014-09-25 10:42 - 00004030 _____ () C:\Windows\System32\Tasks\LaunchSignup
Folder: C:\Users\Marion\AppData\Roaming\10tons
2014-10-03 13:46 - 2014-10-03 13:46 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\1H1Q
2014-10-03 13:45 - 2014-10-03 14:27 - 00000000 ____D () C:\ProgramData\Systweak
2014-10-03 13:45 - 2014-10-03 13:56 - 00001157 _____ () C:\Users\Public\Desktop\FileOpener.lnk
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\Program Files\TermTutor
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\Program Files (x86)\Tweaks
2014-10-03 13:44 - 2014-10-03 13:44 - 00716656 _____ ( ) C:\Users\Marion\Desktop\FileOpenerSetup.exe
EmptyTemp:

*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\accessibility_api => Value not found.
"C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe" => File/Directory not found.
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\Software\Microsoft\Windows\CurrentVersion\Run\\accessibility_api => Value not found.
"C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe" => File/Directory not found.
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\queue => value deleted successfully.
"C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe" => File/Directory not found.
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"C:\Program Files\Canon\MyPrinter\PL\32bit\app_bar\configuration.exe" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85F3EB34-4F79-4AD8-BFB5-B1650AD0535E}" => Key not found.
C:\Windows\System32\Tasks\LaunchSignup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
ddoiigbx => Service not found.
DIRECTIO => Service not found.
fsmsnfwt => Service not found.
ihnucalu => Service not found.
itcwrofb => Service not found.
jmkcmoxh => Service not found.
lacwkzcs => Service not found.
lfjdnuqm => Service not found.
nesesnma => Service not found.
nmwtxjbn => Service not found.
nqhqxrbj => Service not found.
ohryqmkp => Service not found.
pqtxhguf => Service not found.
rciklfqv => Service not found.
rhjxtslu => Service not found.
tvmeatie => Service not found.
"C:\Users\Marion\AppData\Local\Dfsntdevjq" => File/Directory not found.
"C:\Users\Marion\AppData\Roaming\Owuu" => File/Directory not found.
"C:\Users\Marion\AppData\Local\Mdffocmx" => File/Directory not found.
"C:\Users\Marion\AppData\Roaming\Rtpzgejllg" => File/Directory not found.
"C:\Users\Marion\AppData\Roaming\Psny" => File/Directory not found.
"C:\Users\Marion\AppData\Roaming\Ydllnepc" => File/Directory not found.
"C:\Users\Marion\AppData\Local\Rqhcinlpl" => File/Directory not found.
"C:\Users\Marion\AppData\Roaming\Systweak" => File/Directory not found.
"C:\Users\Marion\AppData\Roaming\Obfii" => File/Directory not found.
C:\ProgramData\evg => Moved successfully.
"C:\Users\Marion\AppData\Roaming\Xggt" => File/Directory not found.
"C:\Windows\System32\Tasks\LaunchSignup" => File/Directory not found.

========================= Folder: C:\Users\Marion\AppData\Roaming\10tons ========================

2014-09-30 17:45 - 2014-09-30 17:45 - 0000000 ____D () C:\Users\Marion\AppData\Roaming\10tons\Sparkle_Unleashed
2014-09-30 17:45 - 2014-09-30 17:45 - 0000000 ____D () C:\Users\Marion\AppData\Roaming\10tons\Sparkle_Unleashed\profiles
2014-09-30 17:45 - 2014-10-01 09:46 - 0007827 _____ () C:\Users\Marion\AppData\Roaming\10tons\Sparkle_Unleashed\profiles\1.xml
2014-09-30 17:45 - 2014-09-30 17:46 - 0000463 _____ () C:\Users\Marion\AppData\Roaming\10tons\Sparkle_Unleashed\profiles\index.xml

====== End of Folder: ======

"C:\Users\Marion\AppData\Roaming\1H1Q" => File/Directory not found.
"C:\ProgramData\Systweak" => File/Directory not found.
"C:\Users\Public\Desktop\FileOpener.lnk" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector" => File/Directory not found.
"C:\Program Files\TermTutor" => File/Directory not found.
"C:\Program Files (x86)\Tweaks" => File/Directory not found.
"C:\Users\Marion\Desktop\FileOpenerSetup.exe" => File/Directory not found.
EmptyTemp: => Removed 93 KB temporary data.


The system needed a reboot.

==== End of Fixlog ====

deeprybka 03.10.2014 16:05
Naja, dreifach hält besser. ;)

Jetzt bitte die zip hochladen...

Marion1604 03.10.2014 16:12
AdwCleaner Logfile:
Code:
# AdwCleaner v3.311 - Bericht erstellt am 03/10/2014 um 17:08:25
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Marion - MARION-PC
# Gestartet von : C:\Users\Marion\Desktop\AdwCleaner_3.311.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Marion\AppData\Roaming\quickclick
Ordner Gelöscht : C:\Users\Marion\Documents\Optimizer Pro
Datei Gelöscht : C:\Windows\System32\roboot64.exe

***** [ Tasks ] *****

Task Gelöscht : advanced-System Protector_startup
Task Gelöscht : RegClean Pro

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Marion\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Marion\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v37.0.2062.124

*************************

AdwCleaner[R0].txt - [5358 octets] - [03/10/2014 17:07:16]
AdwCleaner[S0].txt - [3995 octets] - [03/10/2014 17:08:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4055 octets] ##########
--- --- ---


die zip hab ich hochgeladen


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Marion (administrator) on MARION-PC on 03-10-2014 17:11:41
Running from C:\Users\Marion\Desktop
Loaded Profiles: Marion & Acronis Agent User (Available profiles: Marion & Acronis Agent User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Hama GmbH & Co KG) C:\Program Files (x86)\Hama\Common\RaUI.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Acronis) C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [383248 2010-11-30] (Acronis)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\RunOnce: [queue] => C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\MountPoints2: {9116d1a0-cc3a-11e3-bd1f-e03f491a4f5a} - I:\pushinst.exe
IFEO\cnqmmain.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\efficientstickynotes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files (x86)\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Sticky Notes.lnk
ShortcutTarget: Efficient Sticky Notes.lnk -> C:\Program Files (x86)\Efficient Sticky Notes\EfficientStickyNotes.exe (Efficient Software)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {E79E229F-F9AA-403C-9DCB-5BBD1D0B82B0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
CHR Extension: (Avira Browser Safety) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]
CHR Extension: (Google Wallet) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [1914768 2010-11-30] (Acronis)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
S2 click; C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\privilege\basal_metabolic_rate.exe [175616 2014-05-14] (American Megatrends, Inc) [File not signed]
R2 DMS; C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe [4638352 2010-11-30] (Acronis)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
S1 axnsraer; \??\C:\Windows\system32\drivers\axnsraer.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 17:11 - 2014-10-03 17:11 - 00015264 _____ () C:\Users\Marion\Desktop\FRST.txt
2014-10-03 17:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-03 17:06 - 2014-10-03 17:08 - 00000000 ____D () C:\AdwCleaner
2014-10-03 17:05 - 2014-10-03 17:05 - 01375089 _____ () C:\Users\Marion\Desktop\AdwCleaner_3.311.exe
2014-10-03 15:07 - 2014-10-03 15:07 - 00037194 _____ () C:\Users\Marion\Desktop\HitmanPro_20141003_1507.log
2014-10-03 14:57 - 2014-10-03 15:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-03 14:56 - 2014-10-03 14:56 - 11194928 _____ (SurfRight B.V.) C:\Users\Marion\Desktop\HitmanPro_x64.exe
2014-10-03 14:08 - 2014-10-03 17:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 14:07 - 2014-10-03 14:07 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-03 14:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-03 14:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-03 14:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-03 14:06 - 2014-10-03 14:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marion\Desktop\mbam-setup-2.0.2.1012.exe
2014-10-03 13:49 - 2014-10-03 17:09 - 00069236 _____ () C:\Windows\PFRO.log
2014-10-03 10:28 - 2014-10-03 17:11 - 00000000 ____D () C:\FRST
2014-10-03 10:27 - 2014-10-03 10:27 - 02109440 _____ (Farbar) C:\Users\Marion\Desktop\FRST64.exe
2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\VisualShape
2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\ProgramData\VisualShape
2014-10-03 09:52 - 2014-10-03 09:52 - 00001023 _____ () C:\Users\Public\Desktop\Farm to Fork Sammleredition.lnk
2014-10-03 09:06 - 2014-10-03 17:09 - 00000504 _____ () C:\Windows\setupact.log
2014-10-03 09:06 - 2014-10-03 09:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-01 10:53 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:53 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:45 - 2014-09-30 17:45 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\10tons
2014-09-27 11:41 - 2014-10-03 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-25 19:46 - 2014-09-25 19:46 - 00000975 _____ () C:\Users\Public\Desktop\Königliche Puzzle 2.lnk
2014-09-25 19:45 - 2014-09-25 19:45 - 00000967 _____ () C:\Users\Public\Desktop\Königliche Puzzle.lnk
2014-09-25 19:27 - 2014-09-25 19:27 - 00001031 _____ () C:\Users\Public\Desktop\Puzzle-Holiday Valentinstag.lnk
2014-09-25 18:55 - 2014-09-25 18:56 - 00000000 ____D () C:\Users\Marion\Desktop\Programme
2014-09-25 12:03 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-25 12:03 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-25 12:03 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-25 12:03 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-25 11:51 - 2014-09-25 11:50 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-25 11:50 - 2014-09-25 11:50 - 00000000 ____D () C:\Program Files\Java
2014-09-25 10:52 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-09-25 10:49 - 2014-10-03 13:23 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-25 10:41 - 2014-10-03 17:08 - 00001111 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-25 10:29 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-25 10:29 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-25 10:29 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-25 10:29 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-25 10:29 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-25 10:29 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-25 10:29 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-25 10:29 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-25 10:29 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-25 10:29 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-25 10:29 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-25 10:29 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-25 10:29 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-25 10:29 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-25 10:29 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-25 10:29 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-25 10:28 - 2014-09-25 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-25 10:28 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-25 10:28 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-25 10:28 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-09-25 10:28 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-25 10:28 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-25 10:27 - 2014-09-25 10:27 - 00007605 _____ () C:\Users\Marion\AppData\Local\Resmon.ResmonCfg
2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-25 10:26 - 2014-09-25 10:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-09-25 10:25 - 2014-09-25 10:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2014-09-25 10:12 - 2014-09-27 12:13 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-25 10:12 - 2014-09-25 10:12 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-24 09:37 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:37 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 10:36 - 2014-09-16 10:36 - 00001039 _____ () C:\Users\Public\Desktop\Gizmos - Rätsel des Universums.lnk
2014-09-16 10:36 - 2014-09-16 10:36 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Western Software Technologies
2014-09-12 00:29 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:29 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 00:29 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:29 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:29 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:29 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:29 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:29 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:29 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:29 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:29 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:29 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:29 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:29 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:29 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:29 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 00:29 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:29 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:29 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 00:29 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:29 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 00:29 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:29 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:29 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 00:29 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 00:29 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:29 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 00:29 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 00:29 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 00:29 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 00:29 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:29 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:29 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:29 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:29 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 00:29 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 00:29 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 00:29 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:29 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 00:29 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 00:29 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:29 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:29 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 00:29 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 00:29 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:29 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 00:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 00:28 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:28 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 00:22 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 00:22 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 21:21 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 21:21 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 21:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 21:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 21:21 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 21:21 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 21:21 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 21:21 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 21:21 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 21:21 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 21:21 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-08 08:34 - 2014-10-03 17:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 08:34 - 2014-10-03 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-08 08:34 - 2014-10-03 16:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 08:34 - 2014-09-27 11:42 - 00004116 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-08 08:34 - 2014-09-27 11:42 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-07 21:43 - 2014-09-25 11:24 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-07 21:43 - 2014-09-07 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-09-07 21:39 - 2014-09-25 11:24 - 00000000 ____D () C:\Program Files (x86)\Yahoo!

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 17:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 17:08 - 2014-02-15 19:58 - 00001004 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-03 17:08 - 2014-02-15 19:35 - 01305411 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 17:08 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 17:08 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 16:25 - 2014-02-15 21:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2014-10-03 10:25 - 2014-02-15 20:28 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Skype
2014-10-03 10:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-03 09:53 - 2014-02-20 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
2014-10-02 20:17 - 2014-02-15 20:03 - 00000000 ____D () C:\Users\Marion\AppData\Local\CrashDumps
2014-10-02 13:57 - 2014-06-02 11:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-10-02 13:34 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Adobe
2014-10-02 09:16 - 2014-02-21 21:35 - 00000000 ____D () C:\Users\Marion\Desktop\Spiele
2014-09-29 19:55 - 2014-02-15 21:23 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\vlc
2014-09-29 13:13 - 2014-08-10 20:12 - 00000000 ____D () C:\Users\Marion\Documents\8floor
2014-09-27 12:26 - 2014-02-15 23:24 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-09-27 12:25 - 2014-02-15 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-09-27 11:55 - 2014-02-23 00:08 - 00000000 ____D () C:\ProgramData\Avira
2014-09-27 11:55 - 2014-02-23 00:08 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-27 11:41 - 2014-08-05 09:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-27 11:04 - 2014-02-15 23:16 - 00001185 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-27 09:13 - 2014-06-04 09:10 - 00003854 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1392487835
2014-09-27 09:13 - 2014-02-15 20:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-26 12:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 18:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-25 16:31 - 2014-02-15 23:42 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-09-25 11:36 - 2014-02-24 21:59 - 00000000 ____D () C:\Users\Marion\Documents\EfficientPIM AutoBackup
2014-09-25 11:36 - 2014-02-16 00:56 - 00598016 _____ () C:\Users\Marion\Documents\MyStickyNotes.esn
2014-09-25 11:13 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Local\VirtualStore
2014-09-25 10:32 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-25 10:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-25 10:15 - 2014-02-15 23:16 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\TeamViewer
2014-09-25 10:15 - 2013-11-19 11:32 - 00000000 ____D () C:\Windows\Panther
2014-09-24 19:25 - 2014-02-15 21:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 19:25 - 2014-02-15 21:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 19:25 - 2014-02-15 21:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 09:35 - 2014-02-15 21:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-23 09:33 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-20 09:09 - 2014-02-21 10:34 - 00000000 ____D () C:\Users\Acronis Agent User\AppData\Local\CrashDumps
2014-09-18 09:41 - 2014-02-15 20:28 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 10:05 - 2014-08-18 18:24 - 00000000 ____D () C:\Users\Marion\Documents\Outlook-Dateien
2014-09-12 00:28 - 2014-02-15 21:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 00:28 - 2013-11-19 11:37 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 00:28 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 00:28 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 00:28 - 2009-07-14 07:13 - 01592628 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 00:27 - 2014-02-18 10:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 00:22 - 2014-05-06 23:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 21:46 - 2014-02-15 21:08 - 00000000 ____D () C:\Users\Marion\AppData\Local\Adobe
2014-09-08 08:47 - 2014-02-15 21:09 - 00000000 ____D () C:\Users\Marion\AppData\Local\Google
2014-09-08 08:34 - 2014-02-15 21:09 - 00000000 ____D () C:\Program Files (x86)\Google

Some content of TEMP:
====================
C:\Users\Marion\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 12:35

==================== End Of Log ============================
--- --- ---

--- --- ---

deeprybka 03.10.2014 16:29
Gut gemacht soweit! :daumenhoc


Bitte lasse die Datei aus der Code-Box bei
http://deeprybka.trojaner-board.de/b...virustotal.png überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Marion1604 03.10.2014 16:38
da wird mir dann angezeigt daß Email.exe nicht zu finden ist

deeprybka 03.10.2014 16:43
Du hast doch die Probleme seit der Installation von Acronis oder?

Marion1604 03.10.2014 16:44
eher weniger, das lag an einer email die ich geöffnet habe, was ich nicht hätte machen sollen

deeprybka 03.10.2014 16:56
Haben die Scanner erst seit dem Öffnen der Mail gemotzt? Hast die Mail noch?

OK, macht man eigentlich nicht wenn man schon gefixt hat, dennoch möchte ich wissen was CF dazu meint:

Echtzeitscanner abschalten und Anweisungen genau befolgen bitte:

http://www.trojaner-board.de/attachm...ackt-avira.png


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Marion1604 03.10.2014 17:07
Code:
ComboFix 14-10-02.01 - Marion 03.10.2014  18:00:37.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.7367.5113 [GMT 2:00]
ausgeführt von:: c:\users\Marion\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-09-03 bis 2014-10-03  ))))))))))))))))))))))))))))))
.
.
2014-10-03 16:04 . 2014-10-03 16:04        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-10-03 16:04 . 2014-10-03 16:04        --------        d-----w-        c:\users\Acronis Agent User\AppData\Local\temp
2014-10-03 15:07 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\SysWow64\sqlite3.dll
2014-10-03 15:06 . 2014-10-03 15:08        --------        d-----w-        C:\AdwCleaner
2014-10-03 12:57 . 2014-10-03 13:08        --------        d-----w-        c:\programdata\HitmanPro
2014-10-03 12:36 . 2014-09-15 00:08        11578928        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EA649E5-21AF-4B76-B614-A3D8F3C9BF55}\mpengine.dll
2014-10-03 12:08 . 2014-10-03 15:09        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-03 12:07 . 2014-10-03 12:07        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-03 12:07 . 2014-10-03 12:07        --------        d-----w-        c:\programdata\Malwarebytes
2014-10-03 12:07 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-10-03 12:07 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-10-03 12:07 . 2014-05-12 05:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-10-03 08:28 . 2014-10-03 15:12        --------        d-----w-        C:\FRST
2014-10-03 08:02 . 2014-10-03 08:02        --------        d-----w-        c:\users\Marion\AppData\Roaming\VisualShape
2014-10-03 08:02 . 2014-10-03 08:02        --------        d-----w-        c:\programdata\VisualShape
2014-10-03 07:10 . 2014-10-03 07:10        --------        d-----w-        c:\users\Marion\AppData\Local\ElevatedDiagnostics
2014-10-01 08:53 . 2014-09-25 02:08        371712        ----a-w-        c:\windows\system32\qdvd.dll
2014-10-01 08:53 . 2014-09-25 01:40        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll
2014-09-30 15:45 . 2014-09-30 15:45        --------        d-----w-        c:\users\Marion\AppData\Roaming\10tons
2014-09-25 10:03 . 2014-05-08 09:32        3178496        ----a-w-        c:\windows\system32\rdpcorets.dll
2014-09-25 10:03 . 2014-05-08 09:32        16384        ----a-w-        c:\windows\system32\RdpGroupPolicyExtension.dll
2014-09-25 10:03 . 2014-01-09 02:22        5694464        ----a-w-        c:\windows\SysWow64\mstscax.dll
2014-09-25 10:03 . 2014-01-03 22:44        6574592        ----a-w-        c:\windows\system32\mstscax.dll
2014-09-25 09:51 . 2014-09-25 09:50        319912        ----a-w-        c:\windows\system32\javaws.exe
2014-09-25 09:50 . 2014-09-25 09:50        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2014-09-25 09:50 . 2014-09-25 09:50        189352        ----a-w-        c:\windows\system32\javaw.exe
2014-09-25 09:50 . 2014-09-25 09:50        189352        ----a-w-        c:\windows\system32\java.exe
2014-09-25 09:50 . 2014-09-25 09:50        --------        d-----w-        c:\program files\Java
2014-09-25 08:52 . 2014-09-25 09:15        --------        d-----w-        c:\program files (x86)\Amazon
2014-09-25 08:28 . 2012-08-23 14:10        19456        ----a-w-        c:\windows\system32\drivers\rdpvideominiport.sys
2014-09-25 08:28 . 2012-08-23 14:08        30208        ----a-w-        c:\windows\system32\drivers\TsUsbGD.sys
2014-09-25 08:28 . 2012-08-23 11:12        192000        ----a-w-        c:\windows\SysWow64\rdpendp_winip.dll
2014-09-25 08:28 . 2012-08-23 14:13        243200        ----a-w-        c:\windows\system32\rdpudd.dll
2014-09-25 08:28 . 2012-08-23 10:51        228864        ----a-w-        c:\windows\system32\rdpendp_winip.dll
2014-09-25 08:27 . 2014-09-25 08:27        --------        d-----w-        c:\program files\Microsoft Silverlight
2014-09-25 08:27 . 2014-09-25 08:27        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
2014-09-25 08:12 . 2014-09-25 08:12        --------        d-----w-        c:\program files\CCleaner
2014-09-24 07:37 . 2014-09-09 22:11        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-24 07:37 . 2014-09-09 21:47        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-09-18 07:41 . 2014-09-18 07:41        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2014-09-18 07:41 . 2014-09-18 07:41        --------        d-----r-        c:\program files (x86)\Skype
2014-09-16 08:36 . 2014-09-16 08:36        --------        d-----w-        c:\users\Marion\AppData\Roaming\Western Software Technologies
2014-09-11 22:28 . 2014-08-18 21:23        2104832        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-09-11 22:28 . 2014-08-18 21:16        13588480        ----a-w-        c:\windows\system32\ieframe.dll
2014-09-11 22:22 . 2014-06-27 02:08        2777088        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2014-09-11 22:22 . 2014-06-27 01:45        2285056        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-11 19:21 . 2014-08-01 11:53        1031168        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-09-11 19:21 . 2014-08-01 11:35        793600        ----a-w-        c:\windows\SysWow64\TSWorkspace.dll
2014-09-11 19:21 . 2014-06-24 03:29        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll
2014-09-11 19:21 . 2014-06-24 02:59        1987584        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2014-09-11 19:21 . 2014-07-07 02:06        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-09-11 19:21 . 2014-07-07 02:06        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-09-11 19:21 . 2014-07-07 01:40        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-09-11 19:21 . 2014-07-07 01:40        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-09-11 19:21 . 2014-07-07 01:39        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-09-11 19:21 . 2014-09-05 02:10        578048        ----a-w-        c:\windows\system32\aepdu.dll
2014-09-11 19:21 . 2014-09-05 02:05        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-09-07 19:43 . 2014-09-25 09:24        --------        d-----w-        c:\programdata\Yahoo!
2014-09-07 19:39 . 2014-09-25 09:24        --------        d-----w-        c:\program files (x86)\Yahoo!
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 17:25 . 2014-02-15 19:09        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 17:25 . 2014-02-15 19:09        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-15 07:06 . 2010-11-21 03:27        278152        ------w-        c:\windows\system32\MpSigStub.exe
2014-08-30 07:12 . 2012-07-17 13:37        23256        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-29 11:01 . 2014-02-18 22:55        101694776        ----a-w-        c:\windows\system32\MRT.exe
2014-08-23 02:07 . 2014-08-28 09:52        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 09:52        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 09:52        3163648        ----a-w-        c:\windows\system32\win32k.sys
2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47        869544        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 02:02 . 2014-08-13 06:06        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 06:06        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-13 06:09        7168        ----a-w-        c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-13 06:09        7168        ----a-w-        c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-13 06:09        7168        ----a-w-        c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-13 06:09        6656        ----a-w-        c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-13 06:09        7168        ----a-w-        c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-13 06:09        7168        ----a-w-        c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-13 06:09        6656        ----a-w-        c:\windows\SysWow64\KBDBASH.DLL
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\FRITZWLANMini.exe" [2012-08-21 933888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-09-27 1279120]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-17 164656]
.
c:\users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Efficient Sticky Notes.lnk - c:\program files (x86)\Efficient Sticky Notes\EfficientStickyNotes.exe /startup [2014-2-16 10255872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files (x86)\Hama\Common\RaUI.exe -s [2014-2-15 610304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 axnsraer;axnsraer;c:\windows\system32\drivers\axnsraer.sys;c:\windows\SYSNATIVE\drivers\axnsraer.sys [x]
R2 AcronisAgent;Acronis Remote Agent Service;c:\program files (x86)\Common Files\Acronis\Agent\agent.exe;c:\program files (x86)\Common Files\Acronis\Agent\agent.exe [x]
R2 click;quick_share_account;c:\windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\privilege\basal_metabolic_rate.exe;c:\windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\privilege\basal_metabolic_rate.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 fwlanusb5;FRITZ!WLAN N v2;c:\windows\system32\DRIVERS\fwlanusb5.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb5.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 DMS;Acronis Disk Management Service;c:\program files (x86)\Acronis\DiskDirectorAdvanced\mms.exe;c:\program files (x86)\Acronis\DiskDirectorAdvanced\mms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 07:46        1096520        ----a-w-        c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-15 17:25]
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-08 06:34]
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-08 06:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-11-30 383248]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = www.google.com
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKCU-RunOnce-queue - c:\programdata\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-File Opener Packages - c:\users\Marion\AppData\Roaming\1H1Q\File Opener Packages\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-03  18:05:40
ComboFix-quarantined-files.txt  2014-10-03 16:05
.
Vor Suchlauf: 9 Verzeichnis(se), 56.673.771.520 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 56.274.026.496 Bytes frei
.
- - End Of File - - BA13DD5C1CAABD31D95B49C4B549F3FE
D1AD4C53EADD115593E05FA56D6B9DEA

deeprybka 03.10.2014 17:12
OK bitte mal PC neu starten:


Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Marion1604 03.10.2014 17:17
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Marion (administrator) on MARION-PC on 03-10-2014 18:15:54
Running from C:\Users\Marion\Desktop
Loaded Profiles: Marion & Acronis Agent User (Available profiles: Marion & Acronis Agent User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Hama GmbH & Co KG) C:\Program Files (x86)\Hama\Common\RaUI.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Acronis) C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
() C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [383248 2010-11-30] (Acronis)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\RunOnce: [queue] => C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files (x86)\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Sticky Notes.lnk
ShortcutTarget: Efficient Sticky Notes.lnk -> C:\Program Files (x86)\Efficient Sticky Notes\EfficientStickyNotes.exe (Efficient Software)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {E79E229F-F9AA-403C-9DCB-5BBD1D0B82B0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
CHR Extension: (Avira Browser Safety) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]
CHR Extension: (Google Wallet) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [1914768 2010-11-30] (Acronis)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
S2 click; C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\privilege\basal_metabolic_rate.exe [175616 2014-05-14] (American Megatrends, Inc) [File not signed]
R2 DMS; C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe [4638352 2010-11-30] (Acronis)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
S1 axnsraer; \??\C:\Windows\system32\drivers\axnsraer.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 18:15 - 2014-10-03 18:16 - 00014707 _____ () C:\Users\Marion\Desktop\FRST.txt
2014-10-03 18:05 - 2014-10-03 18:05 - 00021610 _____ () C:\ComboFix.txt
2014-10-03 17:59 - 2014-10-03 18:05 - 00000000 ____D () C:\Qoobox
2014-10-03 17:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-03 17:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-03 17:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-03 17:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-03 17:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-03 17:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-03 17:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-03 17:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-03 17:58 - 2014-10-03 18:04 - 00000000 ____D () C:\Windows\erdnt
2014-10-03 17:57 - 2014-10-03 17:58 - 05582981 ____R (Swearware) C:\Users\Marion\Desktop\ComboFix.exe
2014-10-03 17:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-03 17:06 - 2014-10-03 17:08 - 00000000 ____D () C:\AdwCleaner
2014-10-03 17:05 - 2014-10-03 17:05 - 01375089 _____ () C:\Users\Marion\Desktop\AdwCleaner_3.311.exe
2014-10-03 15:07 - 2014-10-03 15:07 - 00037194 _____ () C:\Users\Marion\Desktop\HitmanPro_20141003_1507.log
2014-10-03 14:57 - 2014-10-03 15:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-03 14:56 - 2014-10-03 14:56 - 11194928 _____ (SurfRight B.V.) C:\Users\Marion\Desktop\HitmanPro_x64.exe
2014-10-03 14:08 - 2014-10-03 18:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 14:07 - 2014-10-03 14:07 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-03 14:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-03 14:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-03 14:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-03 14:06 - 2014-10-03 14:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marion\Desktop\mbam-setup-2.0.2.1012.exe
2014-10-03 13:49 - 2014-10-03 18:14 - 00069788 _____ () C:\Windows\PFRO.log
2014-10-03 10:28 - 2014-10-03 18:15 - 00000000 ____D () C:\FRST
2014-10-03 10:27 - 2014-10-03 10:27 - 02109440 _____ (Farbar) C:\Users\Marion\Desktop\FRST64.exe
2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\VisualShape
2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\ProgramData\VisualShape
2014-10-03 09:52 - 2014-10-03 09:52 - 00001023 _____ () C:\Users\Public\Desktop\Farm to Fork Sammleredition.lnk
2014-10-03 09:06 - 2014-10-03 18:14 - 00000560 _____ () C:\Windows\setupact.log
2014-10-03 09:06 - 2014-10-03 09:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-01 10:53 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:53 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:45 - 2014-09-30 17:45 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\10tons
2014-09-27 11:41 - 2014-10-03 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-25 19:46 - 2014-09-25 19:46 - 00000975 _____ () C:\Users\Public\Desktop\Königliche Puzzle 2.lnk
2014-09-25 19:45 - 2014-09-25 19:45 - 00000967 _____ () C:\Users\Public\Desktop\Königliche Puzzle.lnk
2014-09-25 19:27 - 2014-09-25 19:27 - 00001031 _____ () C:\Users\Public\Desktop\Puzzle-Holiday Valentinstag.lnk
2014-09-25 18:55 - 2014-09-25 18:56 - 00000000 ____D () C:\Users\Marion\Desktop\Programme
2014-09-25 12:03 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-25 12:03 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-25 12:03 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-25 12:03 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-25 11:51 - 2014-09-25 11:50 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-25 11:50 - 2014-09-25 11:50 - 00000000 ____D () C:\Program Files\Java
2014-09-25 10:52 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-09-25 10:49 - 2014-10-03 13:23 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-25 10:41 - 2014-10-03 17:08 - 00001111 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-25 10:29 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-25 10:29 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-25 10:29 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-25 10:29 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-25 10:29 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-25 10:29 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-25 10:29 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-25 10:29 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-25 10:29 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-25 10:29 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-25 10:29 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-25 10:29 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-25 10:29 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-25 10:29 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-25 10:29 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-25 10:29 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-25 10:28 - 2014-09-25 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-25 10:28 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-25 10:28 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-25 10:28 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-09-25 10:28 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-25 10:28 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-25 10:27 - 2014-09-25 10:27 - 00007605 _____ () C:\Users\Marion\AppData\Local\Resmon.ResmonCfg
2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-25 10:26 - 2014-09-25 10:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-09-25 10:25 - 2014-09-25 10:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2014-09-25 10:12 - 2014-09-27 12:13 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-25 10:12 - 2014-09-25 10:12 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-24 09:37 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:37 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 10:36 - 2014-09-16 10:36 - 00001039 _____ () C:\Users\Public\Desktop\Gizmos - Rätsel des Universums.lnk
2014-09-16 10:36 - 2014-09-16 10:36 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Western Software Technologies
2014-09-12 00:29 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:29 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 00:29 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:29 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:29 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:29 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:29 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:29 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:29 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:29 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:29 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:29 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:29 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:29 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:29 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:29 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 00:29 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:29 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:29 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 00:29 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:29 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 00:29 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:29 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:29 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 00:29 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 00:29 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:29 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 00:29 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 00:29 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 00:29 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 00:29 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:29 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:29 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:29 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:29 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 00:29 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 00:29 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 00:29 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:29 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 00:29 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 00:29 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:29 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:29 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 00:29 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 00:29 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:29 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 00:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 00:28 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:28 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 00:22 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 00:22 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 21:21 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 21:21 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 21:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 21:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 21:21 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 21:21 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 21:21 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 21:21 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 21:21 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 21:21 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 21:21 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-08 08:34 - 2014-10-03 18:14 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 08:34 - 2014-10-03 17:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 08:34 - 2014-10-03 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-08 08:34 - 2014-09-27 11:42 - 00004116 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-08 08:34 - 2014-09-27 11:42 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-07 21:43 - 2014-09-25 11:24 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-07 21:43 - 2014-09-07 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-09-07 21:39 - 2014-09-25 11:24 - 00000000 ____D () C:\Program Files (x86)\Yahoo!

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 18:14 - 2014-02-15 19:35 - 01311207 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 18:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 18:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-03 17:25 - 2014-02-15 21:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 17:16 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 17:16 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 17:08 - 2014-02-15 19:58 - 00001004 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-03 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2014-10-03 10:25 - 2014-02-15 20:28 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Skype
2014-10-03 10:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-03 09:53 - 2014-02-20 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
2014-10-02 20:17 - 2014-02-15 20:03 - 00000000 ____D () C:\Users\Marion\AppData\Local\CrashDumps
2014-10-02 13:57 - 2014-06-02 11:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-10-02 13:34 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Adobe
2014-10-02 09:16 - 2014-02-21 21:35 - 00000000 ____D () C:\Users\Marion\Desktop\Spiele
2014-09-29 19:55 - 2014-02-15 21:23 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\vlc
2014-09-29 13:13 - 2014-08-10 20:12 - 00000000 ____D () C:\Users\Marion\Documents\8floor
2014-09-27 12:26 - 2014-02-15 23:24 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-09-27 12:25 - 2014-02-15 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-09-27 11:55 - 2014-02-23 00:08 - 00000000 ____D () C:\ProgramData\Avira
2014-09-27 11:55 - 2014-02-23 00:08 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-27 11:41 - 2014-08-05 09:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-27 11:04 - 2014-02-15 23:16 - 00001185 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-27 09:13 - 2014-06-04 09:10 - 00003854 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1392487835
2014-09-27 09:13 - 2014-02-15 20:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-26 12:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 18:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-25 16:31 - 2014-02-15 23:42 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-09-25 11:36 - 2014-02-24 21:59 - 00000000 ____D () C:\Users\Marion\Documents\EfficientPIM AutoBackup
2014-09-25 11:36 - 2014-02-16 00:56 - 00598016 _____ () C:\Users\Marion\Documents\MyStickyNotes.esn
2014-09-25 11:13 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Local\VirtualStore
2014-09-25 10:32 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-25 10:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-25 10:15 - 2014-02-15 23:16 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\TeamViewer
2014-09-25 10:15 - 2013-11-19 11:32 - 00000000 ____D () C:\Windows\Panther
2014-09-24 19:25 - 2014-02-15 21:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 19:25 - 2014-02-15 21:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 19:25 - 2014-02-15 21:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 09:35 - 2014-02-15 21:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-23 09:33 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-20 09:09 - 2014-02-21 10:34 - 00000000 ____D () C:\Users\Acronis Agent User\AppData\Local\CrashDumps
2014-09-18 09:41 - 2014-02-15 20:28 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 10:05 - 2014-08-18 18:24 - 00000000 ____D () C:\Users\Marion\Documents\Outlook-Dateien
2014-09-12 00:28 - 2014-02-15 21:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 00:28 - 2013-11-19 11:37 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 00:28 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 00:28 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 00:28 - 2009-07-14 07:13 - 01592628 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 00:27 - 2014-02-18 10:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 00:22 - 2014-05-06 23:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 21:46 - 2014-02-15 21:08 - 00000000 ____D () C:\Users\Marion\AppData\Local\Adobe
2014-09-08 08:47 - 2014-02-15 21:09 - 00000000 ____D () C:\Users\Marion\AppData\Local\Google
2014-09-08 08:34 - 2014-02-15 21:09 - 00000000 ____D () C:\Program Files (x86)\Google

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 12:35

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by Marion at 2014-10-03 18:16:27
Running from C:\Users\Marion\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis Disk Director 11 Advanced Bootable Media Builder (HKLM-x32\...\{8EF18153-2F5C-4511-9C05-2BF39F5A241A}) (Version: 11.0.12077 - Acronis)
Acronis Disk Director 11 Advanced* Agent (HKLM-x32\...\{53B91797-7CC8-41AA-999E-C33DAEC63A1A}) (Version: 11.0.12077 - Acronis)
Acronis Disk Director 11 Advanced*Management*Console (HKLM-x32\...\{AFDDB79D-3FB6-4E82-832C-728F73FAC327}) (Version: 11.0.12077 - Acronis)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{149bb302-ebda-47ae-b3e6-297cf4c356dc}) (Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG) Hidden
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon MX390 series Benutzerregistrierung (HKLM-x32\...\Canon MX390 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MX390 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX390_series) (Version: 1.00 - Canon Inc.)
Canon MX390 series On-screen Manual (HKLM-x32\...\Canon MX390 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Gold von Kalifornien (HKLM-x32\...\Das Gold von Kalifornien) (Version: 1.0.0.0 - INTENIUM GmbH)
Das Tal der Träume 2 (HKLM-x32\...\Das Tal der Träume 2) (Version: 1.0.0.0 - INTENIUM GmbH)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Delicious: Emily und die Traumhochzeit Sammleredition (HKLM-x32\...\Delicious: Emily und die Traumhochzeit Sammleredition) (Version: 0.0.0.0 - INTENIUM GmbH)
Delicious: Emily und die Wahre Liebe Sammleredition (HKLM-x32\...\Delicious: Emily und die Wahre Liebe Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Der bartlose Zauberer (HKLM-x32\...\Der bartlose Zauberer) (Version: 2.0.0.0 - INTENIUM GmbH)
Der Bau der Chinesischen Mauer Sammleredition (HKLM-x32\...\Der Bau der Chinesischen Mauer Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Der Ruf der Zeit (HKLM-x32\...\Der Ruf der Zeit) (Version: 1.0.0.0 - INTENIUM GmbH)
Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.13 - INTENIUM GmbH)
Die 12 Heldentaten des Herkules 2: Der Kretische Stier (HKLM-x32\...\Die 12 Heldentaten des Herkules 2: Der Kretische Stier) (Version: 2.0.0.0 - INTENIUM GmbH)
Die Meister der Rätselrunde (HKLM-x32\...\Die Meister der Rätselrunde) (Version: 1.0.0.0 - INTENIUM GmbH)
Die Welt der Puzzle: Jigsaw Boom (HKLM-x32\...\Die Welt der Puzzle: Jigsaw Boom) (Version: 1.0.0.0 - INTENIUM GmbH)
Dr.Wise: Wunder der Medizin (HKLM-x32\...\Dr.Wise: Wunder der Medizin) (Version: 2.0.0.0 - INTENIUM GmbH)
Efficient Sticky Notes 1.68 (HKLM-x32\...\Efficient Sticky Notes_is1) (Version:  - Efficient Software)
Farm to Fork Sammleredition (HKLM-x32\...\Farm to Fork Sammleredition) (Version: 0.0.0.0 - INTENIUM GmbH)
Farm Tribe 2: Jetzt wird geackert! (HKLM-x32\...\Farm Tribe 2: Jetzt wird geackert!) (Version: 1.0.0.0 - INTENIUM GmbH)
Farmington Tales: Geschichten vom Land (HKLM-x32\...\Farmington Tales: Geschichten vom Land) (Version: 1.0.0.0 - INTENIUM GmbH)
Ferne Königreiche (HKLM-x32\...\Ferne Königreiche) (Version: 1.0.0.0 - INTENIUM GmbH)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Geschichten aus dem Orient: Die aufgehende Sonne (HKLM-x32\...\Geschichten aus dem Orient: Die aufgehende Sonne) (Version: 2.0.0.0 - INTENIUM GmbH)
Gizmos: Rätsel des Universums (HKLM-x32\...\Gizmos: Rätsel des Universums) (Version: 0.0.0.0 - INTENIUM GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hama Wireless LAN Adapter (HKLM-x32\...\{E91E8912-769D-42F0-8408-0E329443BABC}) (Version: 1.00.01 - Hama)
Heart's Medicine: Ärztin mit Herz (HKLM-x32\...\Heart's Medicine: Ärztin mit Herz) (Version: 1.0.0.0 - INTENIUM GmbH)
Herr des Wetters: Auf der Spur des Schamanen (HKLM-x32\...\Herr des Wetters: Auf der Spur des Schamanen) (Version: 0.0.0.0 - INTENIUM GmbH)
Hometown Poker Hero Sammleredition (HKLM-x32\...\Hometown Poker Hero Sammleredition) (Version: 0.0.0.0 - INTENIUM GmbH)
Imperial Island: Ursprung eines Imperiums (HKLM-x32\...\Imperial Island: Ursprung eines Imperiums) (Version: 1.0.0.0 - INTENIUM GmbH)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 4 (HKLM-x32\...\Jewel Match 4) (Version: 2.0.0.0 - INTENIUM GmbH)
Jo´s großer Traum 2: Das Café-Festival (HKLM-x32\...\Jo´s großer Traum 2: Das Café-Festival) (Version: 1.0.0.0 - INTENIUM GmbH)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Königliche Puzzle (HKLM-x32\...\Königliche Puzzle) (Version: 1.0.0.0 - INTENIUM GmbH)
Königliche Puzzle 2 (HKLM-x32\...\Königliche Puzzle 2) (Version: 2.0.0.0 - INTENIUM GmbH)
Legends of Solitaire: Der Fluch des Drachen (HKLM-x32\...\Legends of Solitaire: Der Fluch des Drachen) (Version: 1.0.0.0 - INTENIUM GmbH)
Legends of Solitaire: Die verlorenen Karten (HKLM-x32\...\Legends of Solitaire: Die verlorenen Karten) (Version: 1.0.0.0 - INTENIUM GmbH)
Magic Heroes: Der verzauberte Park (HKLM-x32\...\Magic Heroes: Der verzauberte Park) (Version: 2.0.0.0 - INTENIUM GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mein Gartenparadies 2: Das Feenland XXL (HKLM-x32\...\Mein Gartenparadies 2: Das Feenland XXL) (Version: 1.0.0.0 - INTENIUM GmbH)
Meine Boutique (HKLM-x32\...\Meine Boutique) (Version: 0.0.0.0 - INTENIUM GmbH)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (FRA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Opera Stable 24.0.1558.64 (HKLM-x32\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Puzzle-Holiday: Valentinstag (HKLM-x32\...\Puzzle-Holiday: Valentinstag) (Version: 1.0.0.0 - INTENIUM GmbH)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Rätsel des Olymp: Olympus Griddlers (HKLM-x32\...\Rätsel des Olymp: Olympus Griddlers) (Version: 2.0.0.0 - INTENIUM GmbH)
Ritter Arthur 4 (HKLM-x32\...\Ritter Arthur 4) (Version: 1.0.0.0 - INTENIUM GmbH)
Ritter Arthur III (HKLM-x32\...\Ritter Arthur III) (Version: 1.0.0.0 - INTENIUM GmbH)
Schlag den Raab (HKLM-x32\...\Schlag den Raab) (Version: 1.0.0.0 - INTENIUM GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Settlers of the West: Abenteuer im Wilden Westen (HKLM-x32\...\Settlers of the West: Abenteuer im Wilden Westen) (Version: 2.0.0.0 - INTENIUM GmbH)
Shangri La 2: Das Tal der Worte (HKLM-x32\...\Shangri La 2: Das Tal der Worte) (Version: 0.0.0.0 - INTENIUM GmbH)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Solitaire Mystery: Die vier Jahreszeiten (HKLM-x32\...\Solitaire Mystery: Die vier Jahreszeiten) (Version: 1.0.0.0 - INTENIUM GmbH)
Sparkle Unleashed: Im Bann der Dunkelheit (HKLM-x32\...\Sparkle Unleashed: Im Bann der Dunkelheit) (Version: 0.0.0.0 - INTENIUM GmbH)
SpeedCommander 12 (HKLM-x32\...\SpeedCommander 12) (Version: 12 - SpeedProject)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.245 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Village Quest: Von Rittern und Rätseln (HKLM-x32\...\Village Quest: Von Rittern und Rätseln) (Version: 0.0.0.0 - INTENIUM GmbH)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wedding Salon (HKLM-x32\...\Wedding Salon) (Version: 1.0.0.0 - INTENIUM GmbH)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-10-2014 10:35:01 Windows Update
03-10-2014 11:47:29 RCP Fr, Okt 03, 14  13:47

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4F3F3696-E97A-4509-A93A-7B77B31CC4A9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3133097954-3543690179-3637798621-1000
Task: {720E00B8-68C2-4B74-BB52-B29260BC4A1E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {856D90DA-5E17-4652-B8BF-2DE52CD2FAAD} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2014-01-28] (TuneUp Software)
Task: {92E718FB-2B6C-4484-93B2-5EC8A3818F2F} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {9B89519F-772F-4B50-8567-C4783B24DF07} - System32\Tasks\Opera scheduled Autoupdate 1392487835 => C:\Program Files (x86)\Opera\launcher.exe [2014-09-25] (Opera Software)
Task: {9EF41853-296D-4259-BE2D-B1E1D2D433AF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A2B59F6E-6008-469D-A0DD-A647FDED97EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {CC56AB9F-76DC-453C-B07A-1852AEEA3C8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-08] (Google Inc.)
Task: {ED274A92-FBB5-4550-94F9-944BF65BB4DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {F815ED6C-3E59-4F6B-A912-252646955D08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-01-28 10:37 - 2014-01-28 10:37 - 00741176 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll
2014-09-27 09:13 - 2014-09-27 09:12 - 01372280 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
2014-09-17 13:31 - 2014-09-17 13:31 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-11-30 19:42 - 2010-11-30 19:42 - 00213208 _____ () C:\Program Files (x86)\Common Files\Acronis\DiskDirectorAdvanced\Common\events_trace.dll
2010-11-30 18:11 - 2010-11-30 18:11 - 00283256 _____ () C:\Program Files (x86)\Common Files\Acronis\DiskDirectorAdvanced\Common\fnls.dll
2010-11-30 18:12 - 2010-11-30 18:12 - 00424576 _____ () C:\Program Files (x86)\Common Files\Acronis\DiskDirectorAdvanced\Common\FileTrace.dll
2014-09-07 21:43 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-09-27 09:12 - 2014-09-27 09:12 - 01378936 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\libglesv2.dll
2014-09-27 09:12 - 2014-09-27 09:12 - 00182392 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\libegl.dll
2014-09-27 09:12 - 2014-09-27 09:12 - 00974968 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\ffmpegsumo.dll
2014-09-10 13:25 - 2014-09-10 21:46 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Acronis Agent User (S-1-5-21-3133097954-3543690179-3637798621-1002 - Limited - Enabled) => C:\Users\Acronis Agent User
Administrator (S-1-5-21-3133097954-3543690179-3637798621-500 - Administrator - Disabled)
Gast (S-1-5-21-3133097954-3543690179-3637798621-501 - Limited - Disabled)
Marion (S-1-5-21-3133097954-3543690179-3637798621-1000 - Administrator - Enabled) => C:\Users\Marion

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2014 06:16:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 05:11:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 05:02:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 05:00:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 04:59:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 04:56:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 04:53:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 04:52:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 02:36:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 2.10.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 13f0

Startzeit: 01cfdf0688911712

Endzeit: 2

Anwendungspfad: C:\Users\Marion\Desktop\FRST64.exe

Berichts-ID: d64aa9b6-4af9-11e4-819e-e03f491a4f5a

Error: (10/03/2014 02:31:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/03/2014 06:15:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "quick_share_account" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/03/2014 06:15:03 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/03/2014 06:15:03 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{62E2272D-8C50-4A19-A942-6EA421F41204} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (10/03/2014 06:14:53 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/03/2014 06:05:45 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/03/2014 06:05:45 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/03/2014 06:04:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (10/03/2014 06:02:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (10/03/2014 05:58:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Acronis Remote Agent Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/03/2014 05:57:26 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (10/03/2014 06:16:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 05:11:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 05:02:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 05:00:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 04:59:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 04:56:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 04:53:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 04:52:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 02:36:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe2.10.2014.013f001cfdf06889117122C:\Users\Marion\Desktop\FRST64.exed64aa9b6-4af9-11e4-819e-e03f491a4f5a

Error: (10/03/2014 02:31:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: AMD A8-6600K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 28%
Total physical RAM: 7367.42 MB
Available physical RAM: 5281.11 MB
Total Pagefile: 14733.02 MB
Available Pagefile: 12339.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:100.39 GB) (Free:52.5 GB) NTFS
Drive f: (Programme) (Fixed) (Total:359.59 GB) (Free:348.86 GB) NTFS
Drive g: (Musik) (Fixed) (Total:359.62 GB) (Free:297.05 GB) NTFS
Drive h: (HDDRIVE2GO) (Fixed) (Total:931.51 GB) (Free:160.09 GB) NTFS
Drive i: (Datensicherung) (Fixed) (Total:100.53 GB) (Free:63.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6EA1E8E1)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=830.8 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=11 GB) - (Type=27)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: D4D4D464)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka 03.10.2014 17:31
Ok. Für heute machen wir erstmal Schluss an dieser Stelle. Melde mich dann so schnell wie möglich wieder. Den PC bitte solange nicht mehr mit dem Internet verbinden.

Zitat:
Haben die Scanner erst seit dem Öffnen der Mail gemotzt? Hast die Mail noch?
;)

Marion1604 03.10.2014 17:34
Die Mail hab ich leider nicht mehr, hab sie gelöscht. Die Scanner haben erst angefangen als ich die Mail geöffnet hatte.

deeprybka 04.10.2014 08:39
Hi,

Schritt 1
http://deeprybka.trojaner-board.de/b...isoft/emsi.png

Download
  • Bitte installiere das Programm in den vorgegebenen Pfad.
  • Starte das Programm durch Doppelklick der Desktopverknüpfung.
  • Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
  • Folge nun bitte der animierten Bildanleitung, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.
http://deeprybka.trojaner-board.de/b...ft/emsikit.gif

Marion1604 04.10.2014 11:11
Code:
Emsisoft Emergency Kit - Version 9.0
Letztes Update: 04.10.2014 09:56:59
Benutzerkonto: Marion-PC\Marion

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, F:\, G:\, I:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:        04.10.2014 11:24:30
C:\ProgramData\apn        gefunden: Application.AppInstall (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        gefunden: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}        gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}        gefunden: Application.Win32.InstallAd (A)
C:\FRST\Quarantine\C\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe.xBAD        gefunden: Trojan.Win32.Palevo (A)
C:\FRST\Quarantine\C\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe.xBAD        gefunden: Trojan.Win32.Palevo (A)
C:\Program Files (x86)\SpeedProject\SpeedCommander 12\SCBackupRestore.exe        gefunden: DeepScan:Generic.Malware.P!Pk.82B34034 (B)
C:\ProgramData\Acronis\AgentService\assembly\settings_pin\ip_address\call_icon.exe        gefunden: Trojan.Win32.Palevo (A)
C:\ProgramData\Acronis\DiskDirectorAdvancedConsole\Logs\submit\counter\fetch.exe        gefunden: Gen:Variant.Symmi.46954 (B)

Gescannt        245722
Gefunden        9

Scan Ende:        04.10.2014 12:07:47
Scan Zeit:        0:43:17

C:\ProgramData\Acronis\DiskDirectorAdvancedConsole\Logs\submit\counter\fetch.exe        Gelöscht Gen:Variant.Symmi.46954 (B)
C:\ProgramData\Acronis\AgentService\assembly\settings_pin\ip_address\call_icon.exe        Gelöscht Trojan.Win32.Palevo (A)
C:\Program Files (x86)\SpeedProject\SpeedCommander 12\SCBackupRestore.exe        Gelöscht DeepScan:Generic.Malware.P!Pk.82B34034 (B)
C:\FRST\Quarantine\C\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe.xBAD        Gelöscht Trojan.Win32.Palevo (A)
C:\FRST\Quarantine\C\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe.xBAD        Gelöscht Trojan.Win32.Palevo (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}        Gelöscht Application.Win32.InstallAd (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        Gelöscht Setting.DisableRegistryTools (A)

Gelöscht        7

deeprybka 04.10.2014 11:15
Hi,
gut gemacht.

Bitte PC neustarten und frische FRST-Logs...

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Marion1604 04.10.2014 11:22
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by Marion (administrator) on MARION-PC on 04-10-2014 12:19:20
Running from C:\Users\Marion\Desktop
Loaded Profiles: Marion & Acronis Agent User (Available profiles: Marion & Acronis Agent User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Acronis) C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Hama GmbH & Co KG) C:\Program Files (x86)\Hama\Common\RaUI.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
() C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [383248 2010-11-30] (Acronis)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\RunOnce: [queue] => C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files (x86)\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Sticky Notes.lnk
ShortcutTarget: Efficient Sticky Notes.lnk -> C:\Program Files (x86)\Efficient Sticky Notes\EfficientStickyNotes.exe (Efficient Software)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {E79E229F-F9AA-403C-9DCB-5BBD1D0B82B0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
CHR Extension: (Avira Browser Safety) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]
CHR Extension: (Google Wallet) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [1914768 2010-11-30] (Acronis)
S2 click; C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\privilege\basal_metabolic_rate.exe [175616 2014-05-14] (American Megatrends, Inc) [File not signed]
R2 DMS; C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe [4638352 2010-11-30] (Acronis)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-10-04] (Emsisoft GmbH)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-10-04] (Emsisoft GmbH)
S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
S1 axnsraer; \??\C:\Windows\system32\drivers\axnsraer.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 12:09 - 2014-10-04 12:09 - 00000600 _____ () C:\EamClean.log
2014-10-04 09:56 - 2014-10-04 09:56 - 00000750 _____ () C:\Users\Marion\Desktop\Start Emsisoft Emergency Kit.lnk
2014-10-04 09:55 - 2014-10-04 12:10 - 00000000 ____D () C:\EEK
2014-10-04 09:51 - 2014-10-04 09:55 - 159619608 _____ () C:\Users\Marion\Desktop\EmsisoftEmergencyKit.exe
2014-10-04 09:07 - 2014-10-04 12:17 - 00000000 ____D () C:\ProgramData\evg
2014-10-03 18:15 - 2014-10-04 12:19 - 00014383 _____ () C:\Users\Marion\Desktop\FRST.txt
2014-10-03 18:05 - 2014-10-03 18:05 - 00021610 _____ () C:\ComboFix.txt
2014-10-03 17:59 - 2014-10-03 18:05 - 00000000 ____D () C:\Qoobox
2014-10-03 17:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-03 17:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-03 17:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-03 17:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-03 17:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-03 17:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-03 17:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-03 17:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-03 17:58 - 2014-10-03 18:04 - 00000000 ____D () C:\Windows\erdnt
2014-10-03 17:57 - 2014-10-03 17:58 - 05582981 ____R (Swearware) C:\Users\Marion\Desktop\ComboFix.exe
2014-10-03 17:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-03 17:06 - 2014-10-03 17:08 - 00000000 ____D () C:\AdwCleaner
2014-10-03 17:05 - 2014-10-03 17:05 - 01375089 _____ () C:\Users\Marion\Desktop\AdwCleaner_3.311.exe
2014-10-03 15:07 - 2014-10-03 15:07 - 00037194 _____ () C:\Users\Marion\Desktop\HitmanPro_20141003_1507.log
2014-10-03 14:57 - 2014-10-03 15:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-03 14:56 - 2014-10-03 14:56 - 11194928 _____ (SurfRight B.V.) C:\Users\Marion\Desktop\HitmanPro_x64.exe
2014-10-03 14:08 - 2014-10-04 12:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 14:07 - 2014-10-03 14:07 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-03 14:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-03 14:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-03 14:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-03 14:06 - 2014-10-03 14:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marion\Desktop\mbam-setup-2.0.2.1012.exe
2014-10-03 13:49 - 2014-10-03 18:14 - 00069788 _____ () C:\Windows\PFRO.log
2014-10-03 10:28 - 2014-10-04 12:19 - 00000000 ____D () C:\FRST
2014-10-03 10:27 - 2014-10-03 10:27 - 02109440 _____ (Farbar) C:\Users\Marion\Desktop\FRST64.exe
2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\VisualShape
2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\ProgramData\VisualShape
2014-10-03 09:52 - 2014-10-03 09:52 - 00001023 _____ () C:\Users\Public\Desktop\Farm to Fork Sammleredition.lnk
2014-10-03 09:06 - 2014-10-04 12:17 - 00000728 _____ () C:\Windows\setupact.log
2014-10-03 09:06 - 2014-10-03 09:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-01 10:53 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 10:53 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 17:45 - 2014-09-30 17:45 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\10tons
2014-09-25 19:46 - 2014-09-25 19:46 - 00000975 _____ () C:\Users\Public\Desktop\Königliche Puzzle 2.lnk
2014-09-25 19:45 - 2014-09-25 19:45 - 00000967 _____ () C:\Users\Public\Desktop\Königliche Puzzle.lnk
2014-09-25 19:27 - 2014-09-25 19:27 - 00001031 _____ () C:\Users\Public\Desktop\Puzzle-Holiday Valentinstag.lnk
2014-09-25 18:55 - 2014-09-25 18:56 - 00000000 ____D () C:\Users\Marion\Desktop\Programme
2014-09-25 12:03 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-25 12:03 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-25 12:03 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-25 12:03 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-25 11:51 - 2014-09-25 11:50 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-25 11:50 - 2014-09-25 11:50 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-25 11:50 - 2014-09-25 11:50 - 00000000 ____D () C:\Program Files\Java
2014-09-25 10:52 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-09-25 10:49 - 2014-10-03 13:23 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-25 10:41 - 2014-10-03 17:08 - 00001111 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-25 10:29 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-25 10:29 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-25 10:29 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-25 10:29 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-25 10:29 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-25 10:29 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-25 10:29 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-25 10:29 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-25 10:29 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-25 10:29 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-25 10:29 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-25 10:29 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-25 10:29 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-25 10:29 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-25 10:29 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-25 10:29 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-25 10:28 - 2014-09-25 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-25 10:28 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-25 10:28 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-25 10:28 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-09-25 10:28 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-25 10:28 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-25 10:27 - 2014-09-25 10:27 - 00007605 _____ () C:\Users\Marion\AppData\Local\Resmon.ResmonCfg
2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-25 10:26 - 2014-09-25 10:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-09-25 10:25 - 2014-09-25 10:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2014-09-25 10:12 - 2014-09-27 12:13 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-25 10:12 - 2014-09-25 10:12 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-24 09:37 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:37 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 10:36 - 2014-09-16 10:36 - 00001039 _____ () C:\Users\Public\Desktop\Gizmos - Rätsel des Universums.lnk
2014-09-16 10:36 - 2014-09-16 10:36 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Western Software Technologies
2014-09-12 00:29 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:29 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 00:29 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:29 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 00:29 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 00:29 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:29 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 00:29 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 00:29 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:29 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 00:29 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:29 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:29 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:29 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 00:29 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:29 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 00:29 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 00:29 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:29 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 00:29 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 00:29 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:29 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 00:29 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:29 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:29 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 00:29 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 00:29 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 00:29 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 00:29 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 00:29 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 00:29 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 00:29 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 00:29 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:29 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:29 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 00:29 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:29 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 00:29 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 00:29 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 00:29 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:29 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 00:29 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 00:29 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:29 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:29 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 00:29 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 00:29 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 00:29 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 00:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 00:28 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:28 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 00:22 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 00:22 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 21:21 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 21:21 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 21:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 21:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 21:21 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 21:21 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 21:21 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 21:21 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 21:21 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 21:21 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 21:21 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-08 08:34 - 2014-10-04 12:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 08:34 - 2014-10-04 11:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 08:34 - 2014-10-03 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-08 08:34 - 2014-09-27 11:42 - 00004116 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-08 08:34 - 2014-09-27 11:42 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-07 21:43 - 2014-09-25 11:24 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-07 21:43 - 2014-09-07 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-09-07 21:39 - 2014-09-25 11:24 - 00000000 ____D () C:\Program Files (x86)\Yahoo!

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 12:17 - 2014-02-15 19:35 - 01349197 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 12:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-04 12:16 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 12:16 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 11:25 - 2014-02-15 21:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-04 09:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-04 09:11 - 2014-02-23 00:08 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-03 23:34 - 2014-02-16 17:53 - 00000000 ____D () C:\Users\Marion\AppData\Local\Microsoft Games
2014-10-03 18:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-03 17:08 - 2014-02-15 19:58 - 00001004 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-03 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2014-10-03 10:25 - 2014-02-15 20:28 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Skype
2014-10-03 09:53 - 2014-02-20 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
2014-10-02 20:17 - 2014-02-15 20:03 - 00000000 ____D () C:\Users\Marion\AppData\Local\CrashDumps
2014-10-02 13:57 - 2014-06-02 11:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-10-02 13:34 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Adobe
2014-10-02 09:16 - 2014-02-21 21:35 - 00000000 ____D () C:\Users\Marion\Desktop\Spiele
2014-09-29 19:55 - 2014-02-15 21:23 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\vlc
2014-09-29 13:13 - 2014-08-10 20:12 - 00000000 ____D () C:\Users\Marion\Documents\8floor
2014-09-27 12:26 - 2014-02-15 23:24 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-09-27 12:25 - 2014-02-15 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-09-27 11:04 - 2014-02-15 23:16 - 00001185 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-27 09:13 - 2014-06-04 09:10 - 00003854 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1392487835
2014-09-27 09:13 - 2014-02-15 20:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-26 12:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 18:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-25 16:31 - 2014-02-15 23:42 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-09-25 11:36 - 2014-02-24 21:59 - 00000000 ____D () C:\Users\Marion\Documents\EfficientPIM AutoBackup
2014-09-25 11:36 - 2014-02-16 00:56 - 00598016 _____ () C:\Users\Marion\Documents\MyStickyNotes.esn
2014-09-25 11:13 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Local\VirtualStore
2014-09-25 10:32 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-25 10:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-25 10:15 - 2014-02-15 23:16 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\TeamViewer
2014-09-25 10:15 - 2013-11-19 11:32 - 00000000 ____D () C:\Windows\Panther
2014-09-24 19:25 - 2014-02-15 21:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 19:25 - 2014-02-15 21:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 19:25 - 2014-02-15 21:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 09:35 - 2014-02-15 21:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-23 09:33 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-20 09:09 - 2014-02-21 10:34 - 00000000 ____D () C:\Users\Acronis Agent User\AppData\Local\CrashDumps
2014-09-18 09:41 - 2014-02-15 20:28 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 10:05 - 2014-08-18 18:24 - 00000000 ____D () C:\Users\Marion\Documents\Outlook-Dateien
2014-09-12 00:28 - 2014-02-15 21:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 00:28 - 2013-11-19 11:37 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 00:28 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 00:28 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 00:28 - 2009-07-14 07:13 - 01592628 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 00:27 - 2014-02-18 10:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 00:22 - 2014-05-06 23:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 21:46 - 2014-02-15 21:08 - 00000000 ____D () C:\Users\Marion\AppData\Local\Adobe
2014-09-08 08:47 - 2014-02-15 21:09 - 00000000 ____D () C:\Users\Marion\AppData\Local\Google
2014-09-08 08:34 - 2014-02-15 21:09 - 00000000 ____D () C:\Program Files (x86)\Google

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 12:35

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by Marion at 2014-10-04 12:19:59
Running from C:\Users\Marion\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis Disk Director 11 Advanced Bootable Media Builder (HKLM-x32\...\{8EF18153-2F5C-4511-9C05-2BF39F5A241A}) (Version: 11.0.12077 - Acronis)
Acronis Disk Director 11 Advanced* Agent (HKLM-x32\...\{53B91797-7CC8-41AA-999E-C33DAEC63A1A}) (Version: 11.0.12077 - Acronis)
Acronis Disk Director 11 Advanced*Management*Console (HKLM-x32\...\{AFDDB79D-3FB6-4E82-832C-728F73FAC327}) (Version: 11.0.12077 - Acronis)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon MX390 series Benutzerregistrierung (HKLM-x32\...\Canon MX390 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MX390 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX390_series) (Version: 1.00 - Canon Inc.)
Canon MX390 series On-screen Manual (HKLM-x32\...\Canon MX390 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Gold von Kalifornien (HKLM-x32\...\Das Gold von Kalifornien) (Version: 1.0.0.0 - INTENIUM GmbH)
Das Tal der Träume 2 (HKLM-x32\...\Das Tal der Träume 2) (Version: 1.0.0.0 - INTENIUM GmbH)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Delicious: Emily und die Traumhochzeit Sammleredition (HKLM-x32\...\Delicious: Emily und die Traumhochzeit Sammleredition) (Version: 0.0.0.0 - INTENIUM GmbH)
Delicious: Emily und die Wahre Liebe Sammleredition (HKLM-x32\...\Delicious: Emily und die Wahre Liebe Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Der bartlose Zauberer (HKLM-x32\...\Der bartlose Zauberer) (Version: 2.0.0.0 - INTENIUM GmbH)
Der Bau der Chinesischen Mauer Sammleredition (HKLM-x32\...\Der Bau der Chinesischen Mauer Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Der Ruf der Zeit (HKLM-x32\...\Der Ruf der Zeit) (Version: 1.0.0.0 - INTENIUM GmbH)
Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.13 - INTENIUM GmbH)
Die 12 Heldentaten des Herkules 2: Der Kretische Stier (HKLM-x32\...\Die 12 Heldentaten des Herkules 2: Der Kretische Stier) (Version: 2.0.0.0 - INTENIUM GmbH)
Die Meister der Rätselrunde (HKLM-x32\...\Die Meister der Rätselrunde) (Version: 1.0.0.0 - INTENIUM GmbH)
Die Welt der Puzzle: Jigsaw Boom (HKLM-x32\...\Die Welt der Puzzle: Jigsaw Boom) (Version: 1.0.0.0 - INTENIUM GmbH)
Dr.Wise: Wunder der Medizin (HKLM-x32\...\Dr.Wise: Wunder der Medizin) (Version: 2.0.0.0 - INTENIUM GmbH)
Efficient Sticky Notes 1.68 (HKLM-x32\...\Efficient Sticky Notes_is1) (Version:  - Efficient Software)
Farm to Fork Sammleredition (HKLM-x32\...\Farm to Fork Sammleredition) (Version: 0.0.0.0 - INTENIUM GmbH)
Farm Tribe 2: Jetzt wird geackert! (HKLM-x32\...\Farm Tribe 2: Jetzt wird geackert!) (Version: 1.0.0.0 - INTENIUM GmbH)
Farmington Tales: Geschichten vom Land (HKLM-x32\...\Farmington Tales: Geschichten vom Land) (Version: 1.0.0.0 - INTENIUM GmbH)
Ferne Königreiche (HKLM-x32\...\Ferne Königreiche) (Version: 1.0.0.0 - INTENIUM GmbH)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Geschichten aus dem Orient: Die aufgehende Sonne (HKLM-x32\...\Geschichten aus dem Orient: Die aufgehende Sonne) (Version: 2.0.0.0 - INTENIUM GmbH)
Gizmos: Rätsel des Universums (HKLM-x32\...\Gizmos: Rätsel des Universums) (Version: 0.0.0.0 - INTENIUM GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hama Wireless LAN Adapter (HKLM-x32\...\{E91E8912-769D-42F0-8408-0E329443BABC}) (Version: 1.00.01 - Hama)
Heart's Medicine: Ärztin mit Herz (HKLM-x32\...\Heart's Medicine: Ärztin mit Herz) (Version: 1.0.0.0 - INTENIUM GmbH)
Herr des Wetters: Auf der Spur des Schamanen (HKLM-x32\...\Herr des Wetters: Auf der Spur des Schamanen) (Version: 0.0.0.0 - INTENIUM GmbH)
Hometown Poker Hero Sammleredition (HKLM-x32\...\Hometown Poker Hero Sammleredition) (Version: 0.0.0.0 - INTENIUM GmbH)
Imperial Island: Ursprung eines Imperiums (HKLM-x32\...\Imperial Island: Ursprung eines Imperiums) (Version: 1.0.0.0 - INTENIUM GmbH)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 4 (HKLM-x32\...\Jewel Match 4) (Version: 2.0.0.0 - INTENIUM GmbH)
Jo´s großer Traum 2: Das Café-Festival (HKLM-x32\...\Jo´s großer Traum 2: Das Café-Festival) (Version: 1.0.0.0 - INTENIUM GmbH)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Königliche Puzzle (HKLM-x32\...\Königliche Puzzle) (Version: 1.0.0.0 - INTENIUM GmbH)
Königliche Puzzle 2 (HKLM-x32\...\Königliche Puzzle 2) (Version: 2.0.0.0 - INTENIUM GmbH)
Legends of Solitaire: Der Fluch des Drachen (HKLM-x32\...\Legends of Solitaire: Der Fluch des Drachen) (Version: 1.0.0.0 - INTENIUM GmbH)
Legends of Solitaire: Die verlorenen Karten (HKLM-x32\...\Legends of Solitaire: Die verlorenen Karten) (Version: 1.0.0.0 - INTENIUM GmbH)
Magic Heroes: Der verzauberte Park (HKLM-x32\...\Magic Heroes: Der verzauberte Park) (Version: 2.0.0.0 - INTENIUM GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mein Gartenparadies 2: Das Feenland XXL (HKLM-x32\...\Mein Gartenparadies 2: Das Feenland XXL) (Version: 1.0.0.0 - INTENIUM GmbH)
Meine Boutique (HKLM-x32\...\Meine Boutique) (Version: 0.0.0.0 - INTENIUM GmbH)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (FRA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Opera Stable 24.0.1558.64 (HKLM-x32\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Puzzle-Holiday: Valentinstag (HKLM-x32\...\Puzzle-Holiday: Valentinstag) (Version: 1.0.0.0 - INTENIUM GmbH)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Rätsel des Olymp: Olympus Griddlers (HKLM-x32\...\Rätsel des Olymp: Olympus Griddlers) (Version: 2.0.0.0 - INTENIUM GmbH)
Ritter Arthur 4 (HKLM-x32\...\Ritter Arthur 4) (Version: 1.0.0.0 - INTENIUM GmbH)
Ritter Arthur III (HKLM-x32\...\Ritter Arthur III) (Version: 1.0.0.0 - INTENIUM GmbH)
Schlag den Raab (HKLM-x32\...\Schlag den Raab) (Version: 1.0.0.0 - INTENIUM GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Settlers of the West: Abenteuer im Wilden Westen (HKLM-x32\...\Settlers of the West: Abenteuer im Wilden Westen) (Version: 2.0.0.0 - INTENIUM GmbH)
Shangri La 2: Das Tal der Worte (HKLM-x32\...\Shangri La 2: Das Tal der Worte) (Version: 0.0.0.0 - INTENIUM GmbH)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Solitaire Mystery: Die vier Jahreszeiten (HKLM-x32\...\Solitaire Mystery: Die vier Jahreszeiten) (Version: 1.0.0.0 - INTENIUM GmbH)
Sparkle Unleashed: Im Bann der Dunkelheit (HKLM-x32\...\Sparkle Unleashed: Im Bann der Dunkelheit) (Version: 0.0.0.0 - INTENIUM GmbH)
SpeedCommander 12 (HKLM-x32\...\SpeedCommander 12) (Version: 12 - SpeedProject)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.245 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Village Quest: Von Rittern und Rätseln (HKLM-x32\...\Village Quest: Von Rittern und Rätseln) (Version: 0.0.0.0 - INTENIUM GmbH)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wedding Salon (HKLM-x32\...\Wedding Salon) (Version: 1.0.0.0 - INTENIUM GmbH)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-10-2014 10:35:01 Windows Update
03-10-2014 11:47:29 RCP Fr, Okt 03, 14  13:47

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4F3F3696-E97A-4509-A93A-7B77B31CC4A9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3133097954-3543690179-3637798621-1000
Task: {720E00B8-68C2-4B74-BB52-B29260BC4A1E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {856D90DA-5E17-4652-B8BF-2DE52CD2FAAD} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2014-01-28] (TuneUp Software)
Task: {92E718FB-2B6C-4484-93B2-5EC8A3818F2F} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {9B89519F-772F-4B50-8567-C4783B24DF07} - System32\Tasks\Opera scheduled Autoupdate 1392487835 => C:\Program Files (x86)\Opera\launcher.exe [2014-09-25] (Opera Software)
Task: {9EF41853-296D-4259-BE2D-B1E1D2D433AF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {A2B59F6E-6008-469D-A0DD-A647FDED97EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {CC56AB9F-76DC-453C-B07A-1852AEEA3C8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-08] (Google Inc.)
Task: {ED274A92-FBB5-4550-94F9-944BF65BB4DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {F815ED6C-3E59-4F6B-A912-252646955D08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-01-28 10:37 - 2014-01-28 10:37 - 00741176 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll
2014-09-27 09:13 - 2014-09-27 09:12 - 01372280 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-11-30 19:42 - 2010-11-30 19:42 - 00213208 _____ () C:\Program Files (x86)\Common Files\Acronis\DiskDirectorAdvanced\Common\events_trace.dll
2010-11-30 18:11 - 2010-11-30 18:11 - 00283256 _____ () C:\Program Files (x86)\Common Files\Acronis\DiskDirectorAdvanced\Common\fnls.dll
2010-11-30 18:12 - 2010-11-30 18:12 - 00424576 _____ () C:\Program Files (x86)\Common Files\Acronis\DiskDirectorAdvanced\Common\FileTrace.dll
2014-09-07 21:43 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-09-27 09:12 - 2014-09-27 09:12 - 01378936 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\libglesv2.dll
2014-09-27 09:12 - 2014-09-27 09:12 - 00182392 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\libegl.dll
2014-09-27 09:12 - 2014-09-27 09:12 - 00974968 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\ffmpegsumo.dll
2014-09-10 13:25 - 2014-09-10 21:46 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Acronis Agent User (S-1-5-21-3133097954-3543690179-3637798621-1002 - Limited - Enabled) => C:\Users\Acronis Agent User
Administrator (S-1-5-21-3133097954-3543690179-3637798621-500 - Administrator - Disabled)
Gast (S-1-5-21-3133097954-3543690179-3637798621-501 - Limited - Disabled)
Marion (S-1-5-21-3133097954-3543690179-3637798621-1000 - Administrator - Enabled) => C:\Users\Marion

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2014 00:19:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2014 00:11:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2014 09:09:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 06:16:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 05:11:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 05:02:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 05:00:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 04:59:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 04:56:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 04:53:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/04/2014 00:18:02 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/04/2014 00:18:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "quick_share_account" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/04/2014 00:18:02 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{62E2272D-8C50-4A19-A942-6EA421F41204} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (10/04/2014 00:17:49 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/04/2014 00:09:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "quick_share_account" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/04/2014 00:09:39 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/04/2014 00:09:39 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{62E2272D-8C50-4A19-A942-6EA421F41204} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (10/04/2014 00:09:29 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/04/2014 09:51:37 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (10/04/2014 09:49:43 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "MARION-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.25
registriert werden. Der Computer mit IP-Adresse 192.168.2.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (10/04/2014 00:19:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2014 00:11:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2014 09:09:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 06:16:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 05:11:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 05:02:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 05:00:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 04:59:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 04:56:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 04:53:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: AMD A8-6600K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 27%
Total physical RAM: 7367.42 MB
Available physical RAM: 5308.68 MB
Total Pagefile: 14733.02 MB
Available Pagefile: 12348.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:100.39 GB) (Free:52.15 GB) NTFS
Drive f: (Programme) (Fixed) (Total:359.59 GB) (Free:348.86 GB) NTFS
Drive g: (Musik) (Fixed) (Total:359.62 GB) (Free:297.05 GB) NTFS
Drive i: (Datensicherung) (Fixed) (Total:100.53 GB) (Free:63.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6EA1E8E1)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=830.8 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=11 GB) - (Type=27)

==================== End Of Log ============================

deeprybka 04.10.2014 11:40
Schau mal bitte in Dein Postfach hier beim Trojaner-Board. ;)


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:18 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132