Win 8.1 / System sehr langsam, Trojaner Agent.csji.3 noch aktiv ?, oder andere

effizient61 · 09.09.2014, 22:25

Hallo vor ca. 8 Tagen drückte ich idiotischerweise auf eine Datei Bildschirmschoner.scr in einem E-Mailanhang.
Im gleichen Atemzug ahnte ich bereits nichts gutes. Seit dem habe ich vermehrte Probleme mit meinen Win 8 .1. Der Rechner bootet wesentlich langsamer als zuvor. In geöffneten Fenstern blinkt der Rahmen (wechselt immer zwischen 2 Farben und langsam nervt es ). Mein Ziel ist es den Rechner kpl neu aufzubauen, habe aber bedenken jetzt eine Sicherung durchzuführen. Ich habe 2 Benutzer mit admin. Rechten auf meinem Lappi laufen. Muss ich jeden Benutzer einzeln durchforschen?. Antivir läuft nicht mehr kpl. durch, das Programm meldet bei ca. 10% meistens einen Fehler. Zudem blinkt jetzt neben dem Mauszeiger immer für einen Bruchteil einer Sekunde ein kleiner Kreis auf, ( als wenn im Hintergrund was durchweg arbeitet, oder lädt). Erbitte Hilfe bei der Durchsicht nach Infektionen.

anbei: Avir-Fehlermeldung und bisher gefundene Quarantäne
https://onedrive.live.com/redir?resid=AB517F062DA645EA!2771&authkey=!AC43grHsRfpNoaU&ithint=folder%2cpng

Typ: Datei
Quelle: C:\$Recycle.Bin\S-1-5-21-1712287575-707860769-2332151246-1007\$RP6JGLT.scr
Status: Infiziert
Quarantäne-Objekt: 51cb65ed.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.24.22
Virendefinitionsdatei: 8.11.171.32
Gefunden: TR/Agent.cjsi.3
Datum/Uhrzeit: 07.09.2014, 23:12

Typ: Datei
Quelle: C:\Users\wiewi_2\Downloads\Player_Setup.exe
Status: Infiziert
Quarantäne-Objekt: 5174bcbf.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.34
Virendefinitionsdatei: 8.11.160.234
Gefunden: APPL/DomaIQ.Gen
Datum/Uhrzeit: 17.07.2014, 01:56

Typ: Datei
Quelle: C:\Users\wiewi_2\Downloads\Player_Setup(1).exe
Status: Infiziert
Quarantäne-Objekt: 49e39318.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.34
Virendefinitionsdatei: 8.11.160.234
Gefunden: APPL/DomaIQ.Gen
Datum/Uhrzeit: 17.07.2014, 01:56

Typ: Datei
Quelle: C:\Users\wiewi_2\Downloads\Player-Firefox.exe
Status: Infiziert
Quarantäne-Objekt: 5b0710e0.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.18.04
Virendefinitionsdatei: 7.11.143.18
Gefunden: ADWARE/Adware.Gen7
Datum/Uhrzeit: 13.04.2014, 17:44

Typ: Datei
Quelle: C:\Users\wiewi_2\Downloads\Player-Firefox(1).exe
Status: Infiziert
Quarantäne-Objekt: 11cf65af.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.18.04
Virendefinitionsdatei: 7.11.143.18
Gefunden: ADWARE/Adware.Gen7
Datum/Uhrzeit: 13.04.2014, 17:44

Typ: Datei
Quelle: C:\Users\wiewi_2\Downloads\Player-Firefox(2).exe
Status: Infiziert
Quarantäne-Objekt: 43903f47.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.18.04
Virendefinitionsdatei: 7.11.143.18
Gefunden: ADWARE/Adware.Gen7
Datum/Uhrzeit: 13.04.2014, 17:44

Typ: Datei
Quelle: C:\Users\wiewi_2\AppData\Local\Microsoft\Windows\INetCache\Low\IE\SFMYRAUF\yet_another_cleaner_mar[1].exe
Status: Infiziert
Quarantäne-Objekt: 557e1147.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.18.04
Virendefinitionsdatei: 7.11.142.214
Gefunden: ADWARE/Adware.Gen2
Datum/Uhrzeit: 12.04.2014, 20:07

Typ: Datei
Quelle: C:\Users\wiewi_2\AppData\Local\Microsoft\Windows\INetCache\Low\IE\SFMYRAUF\yet_another_cleaner_mar[1].exe
Status: Infiziert
Quarantäne-Objekt: 564912d8.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.18.04
Virendefinitionsdatei: 7.11.142.214
Gefunden: ADWARE/Adware.Gen2
Datum/Uhrzeit: 12.04.2014, 20:06

Typ: Datei
Quelle: C:\Users\wiewi_2\Downloads\ZipOpenerSetup.exe
Status: Infiziert
Quarantäne-Objekt: 5d1a378a.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.168
Virendefinitionsdatei: 7.11.124.210
Gefunden: ADWARE/InstallCore.Gen7
Datum/Uhrzeit: 12.01.2014, 15:05

Typ: Datei
Quelle: C:\Users\Administrator\AppData\Local\Temp\is357113909\16680135_stp\uninstaller.exe
Status: Infiziert
Quarantäne-Objekt: 55f25919.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.164
Virendefinitionsdatei: 7.11.119.210
Gefunden: ADWARE/InstallCore.Gen
Datum/Uhrzeit: 15.12.2013, 16:35

Typ: Datei
Quelle: C:\Users\wiewi\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe
Status: Infiziert
Quarantäne-Objekt: 555de31a.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.140
Virendefinitionsdatei: 7.11.112.90
Gefunden: ADWARE/DealPly.I
Datum/Uhrzeit: 10.11.2013, 10:10

Typ: Datei
Quelle: C:\Users\wiewi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\38Z1E03L\adclick_de[1].htm
Status: Infiziert
Quarantäne-Objekt: 55bc117f.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.66
Virendefinitionsdatei: 7.11.86.62
Gefunden: HTML/Infected.WebPage.Gen
Datum/Uhrzeit: 22.06.2013, 16:11

Lg
effizient61

Bootsektor · 10.09.2014, 00:41

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
Poste die Logfiles direkt in deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:

Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

effizient61 · 10.09.2014, 06:34

Hallo Sandra,

mein Dank ist dir sicher. Ich möchte sehr gerne bereinigen.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by wiewi_2 (administrator) on WIEWIWOZILAPPI on 09-09-2014 21:17:27
Running from C:\Users\wiewi_2\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
() C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\wiewi_2\Downloads\Defogger.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-06] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "c:\program files (x86)\intel\bluetooth\btmshellex.dll",trayapp
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [Amazon Cloud Player] => C:\Users\wiewi_2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [DellSystemDetect] => C:\Users\wiewi_2\AppData\Local\Apps\2.0\6T098KXE.N9P\5BG4V21Z.OJC\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-09-08] (Dell)
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {0938b0d5-7f1c-11e2-be65-806e6f6e6963} - "D:\FSetup.exe" 
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {4f8f8b6a-149d-11e4-beae-5cf9dd5b149d} - "F:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {4f8f8bbe-149d-11e4-beae-5cf9dd5b149d} - "F:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {57dedbe8-cd50-11e3-bea0-6036ddbd3679} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {57dedc31-cd50-11e3-bea0-6036ddbd3679} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {57dedd1e-cd50-11e3-bea0-6036ddbd3679} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {72622507-d0a6-11e3-bea4-6036ddbd3679} - "F:\.\Setup.exe" AUTORUN=1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\Users\wiewi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\wiewi\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
Startup: C:\Users\wiewi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\wiewi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
Startup: C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388511968&from=vit&uid=ST1000LM024XHN-M101MBB_S2WZJ90CB85632B85632&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1388511968&from=vit&uid=ST1000LM024XHN-M101MBB_S2WZJ90CB85632B85632
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1388511968&from=vit&uid=ST1000LM024XHN-M101MBB_S2WZJ90CB85632B85632
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388511968&from=vit&uid=ST1000LM024XHN-M101MBB_S2WZJ90CB85632B85632&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388511968&from=vit&uid=ST1000LM024XHN-M101MBB_S2WZJ90CB85632B85632&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1388511968&from=vit&uid=ST1000LM024XHN-M101MBB_S2WZJ90CB85632B85632
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388511968&from=vit&uid=ST1000LM024XHN-M101MBB_S2WZJ90CB85632B85632&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388511968&from=vit&uid=ST1000LM024XHN-M101MBB_S2WZJ90CB85632B85632&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388511968&from=vit&uid=ST1000LM024XHN-M101MBB_S2WZJ90CB85632B85632&q={searchTerms}
SearchScopes: HKLM - {F4A7530A-1FCB-42B5-9D0A-107769777F7E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388511968&from=vit&uid=ST1000LM024XHN-M101MBB_S2WZJ90CB85632B85632&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388511968&from=vit&uid=ST1000LM024XHN-M101MBB_S2WZJ90CB85632B85632&q={searchTerms}
SearchScopes: HKLM-x32 - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm010^YY^de&si=CO6tkomoobcCFerHtAodK3wA3A&ptb=2275BE6C-A1D0-4937-8D17-6D7FBA46E2DB&ind=2013053000&n=77fcc048&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {F4A7530A-1FCB-42B5-9D0A-107769777F7E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {F4A7530A-1FCB-42B5-9D0A-107769777F7E} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @IObit.com/np_Asc_Plugin -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\user.js
FF SearchPlugin: C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\searchplugins\search-the-web.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml.moz-backup
FF Extension: Avira Browser Safety - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\abs@avira.com [2014-06-11]
FF Extension: Ads Removal - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\adremoveext@adremoveext.net [2014-09-09]
FF Extension: AccelerateTab - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\speeddial@instair.net [2014-09-09]
FF Extension: ImTranslator - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-02-27]
FF Extension: Gamers Unite! Snag Bar - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi [2014-03-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-03]
CHR Extension: (Google Drive) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-09-09]
CHR Extension: (YouTube) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-03]
CHR Extension: (Google-Suche) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-03]
CHR Extension: (AccelerateTab) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg [2014-09-09]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-02-03]
CHR Extension: (Domain Error Assistant) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-02-03]
CHR Extension: (Slick Savings) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-02-03]
CHR Extension: (Google Wallet) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-02-03]
CHR Extension: (Google Mail) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-03]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2013-11-06]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2014-04-27] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-01-24] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
S4 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
S2 SecureUpdateSvc; C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2473296 2013-10-30] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-22] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 WBA_Agent_Client; C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe [86016 2009-01-27] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 ACDaemon; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-05-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-06] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 DxVGrb; C:\Windows\system32\drivers\DxVGrb.sys [222464 2012-01-10] (Dexetek )
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2014-04-27] (Huawei Technologies Co., Ltd.)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-05-16] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-01-23] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3346912 2013-10-31] (Intel Corporation)
R2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [38392 2012-11-23] (IObit Information Technology)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
S3 TDKLIB; No ImagePath
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 21:17 - 2014-09-09 21:18 - 00029722 _____ () C:\Users\wiewi_2\Downloads\FRST.txt
2014-09-09 21:16 - 2014-09-09 21:17 - 00000000 ____D () C:\FRST
2014-09-09 21:14 - 2014-09-09 21:14 - 00000476 _____ () C:\Users\wiewi_2\Downloads\defogger_disable.log
2014-09-09 21:14 - 2014-09-09 21:14 - 00000000 _____ () C:\Users\wiewi_2\defogger_reenable
2014-09-09 21:08 - 2014-09-09 21:08 - 00380416 _____ () C:\Users\wiewi_2\Downloads\Gmer-19357.exe
2014-09-09 21:07 - 2014-09-09 21:07 - 02105344 _____ (Farbar) C:\Users\wiewi_2\Downloads\FRST64.exe
2014-09-09 21:06 - 2014-09-09 21:06 - 00050477 _____ () C:\Users\wiewi_2\Downloads\Defogger.exe
2014-09-09 21:03 - 2014-09-09 21:03 - 00000000 ____D () C:\Users\wiewi_2\Desktop\trojaner-board
2014-09-08 21:28 - 2014-09-08 21:28 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\PCDr
2014-09-08 04:49 - 2014-09-08 04:49 - 00000592 _____ () C:\WINDOWS\PFRO.log
2014-09-07 23:18 - 2014-09-07 23:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Guild Wars 2
2014-09-07 19:38 - 2014-09-07 19:38 - 01769472 _____ () C:\Users\wiewi_2\Downloads\tapi_eumex800_v_1.30_98SE-Win7.exe
2014-09-07 19:37 - 2014-09-07 19:37 - 03055616 _____ () C:\Users\wiewi_2\Downloads\capi_eumex800_v_1.10_2000_xp_vista_Win7.exe
2014-09-07 19:37 - 2014-09-07 19:37 - 01597776 _____ () C:\Users\wiewi_2\Downloads\fw_Eumex800_1.21_RC01.exe
2014-09-07 19:36 - 2014-09-07 19:36 - 01564672 _____ () C:\Users\wiewi_2\Downloads\util_Eumex800_RNDIS64 Treiber_Vista_Win7_V1.02.msi
2014-09-06 07:26 - 2014-09-06 07:26 - 00243207 _____ () C:\Users\wiewi_2\Downloads\quickfilters-2.7-sm+tb.xpi
2014-09-05 05:33 - 2006-12-14 13:42 - 00069120 ____R (AVM Berlin) C:\WINDOWS\SysWOW64\avmadd32.dll
2014-09-05 05:33 - 2006-05-29 02:00 - 00016384 ____R (AVM Berlin GmbH) C:\WINDOWS\SysWOW64\avmprmon.dll
2014-09-05 03:53 - 2014-09-05 03:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
2014-09-05 03:52 - 2014-09-05 05:33 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-09-05 03:52 - 2014-09-05 05:32 - 00000000 ____D () C:\Program Files (x86)\FRITZ!BoxPrint
2014-09-03 21:53 - 2014-09-03 21:53 - 00000000 ____D () C:\Users\wiewi_2\Documents\OneNote-Notizbücher
2014-09-03 19:39 - 2014-09-03 20:10 - 216528367 _____ () C:\Users\wiewi_2\Downloads\Weih_92.wmv
2014-09-03 19:39 - 2014-09-03 19:40 - 83519842 _____ () C:\Users\wiewi_2\Downloads\bambu.zip
2014-09-03 19:35 - 2014-09-03 19:36 - 00501825 _____ () C:\Users\wiewi_2\Downloads\archive03092014_193533.zip
2014-09-03 19:23 - 2014-09-05 18:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-08-29 05:17 - 2014-08-29 05:17 - 00001203 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-28 18:40 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-27 22:54 - 2014-08-27 22:54 - 00000000 ____D () C:\Users\wiewi_2\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-27 21:53 - 2014-09-08 21:01 - 00005190 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for WiewiWoziLappi-Administrator WiewiWoziLappi
2014-08-27 21:53 - 2014-08-27 21:53 - 00000000 ____D () C:\Users\Administrator\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-27 20:42 - 2014-08-27 22:57 - 00187951 _____ () C:\Users\Public\Documents\Stromkonto211213.ods
2014-08-27 18:55 - 2014-08-27 18:47 - 00052224 _____ () C:\Users\Public\Documents\Verguetung_Strom_Photovoltaik.xls
2014-08-27 18:47 - 2014-08-27 18:47 - 00052224 _____ () C:\Users\Administrator\Documents\Verguetung_Strom_Photovoltaik.xls
2014-08-22 18:10 - 2014-08-22 18:10 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-22 18:05 - 2014-09-08 20:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-08-19 18:21 - 2014-08-19 18:21 - 00000000 ____D () C:\Users\wiewi_2\Documents\GUILD WARS
2014-08-17 20:13 - 2014-08-17 20:13 - 00000000 __RHD () C:\MSOCache
2014-08-17 20:06 - 2014-09-09 19:33 - 00005166 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for WIEWIWOZILAPPI-wiewi_2 WiewiWoziLappi
2014-08-17 20:06 - 2014-08-17 20:06 - 00003112 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1712287575-707860769-2332151246-1007
2014-08-17 20:06 - 2014-08-17 20:06 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-08-17 19:58 - 2014-08-17 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-17 19:57 - 2014-08-27 05:06 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-17 19:55 - 2014-08-17 19:55 - 01038520 _____ (Microsoft Corporation) C:\Users\wiewi_2\Downloads\Setup.X86.de-DE_O365HomePremRetail_e70b3fb2-ae2c-4aa1-8b7a-2a158949a351_TX_DB_.exe
2014-08-17 04:05 - 2014-08-17 04:31 - 00000000 ____D () C:\Users\Administrator\Documents\GUILD WARS
2014-08-17 04:05 - 2014-08-17 04:05 - 00165248 _____ (ArenaNet) C:\Users\wiewi_2\Downloads\GwSetup.exe
2014-08-17 04:05 - 2014-08-17 04:05 - 00000000 ____D () C:\Program Files (x86)\GUILD WARS
2014-08-17 00:55 - 2014-08-17 00:55 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\Guild Wars 2
2014-08-16 09:41 - 2014-08-16 16:58 - 00000000 __SHD () C:\System Recovery
2014-08-16 08:04 - 2014-08-16 08:04 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-08-16 08:03 - 2014-09-08 21:26 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\Deployment
2014-08-16 08:03 - 2014-08-16 08:03 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\Apps\2.0
2014-08-16 08:01 - 2014-08-16 08:01 - 00417824 _____ () C:\Users\wiewi_2\Downloads\DellSystemDetect(1).exe
2014-08-14 23:00 - 2014-08-14 23:01 - 144390436 _____ () C:\Users\wiewi_2\Documents\wiewi61@t-online.de_20140814_230042.zip
2014-08-14 08:41 - 2014-08-14 08:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
2014-08-14 08:37 - 2014-08-14 08:37 - 40820736 _____ () C:\WINDOWS\system32\config\COMPONENTS.iodefrag.bak
2014-08-14 08:37 - 2014-08-14 08:37 - 00000000 _____ () C:\asc_rdflag
2014-08-14 07:05 - 2014-08-02 02:17 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-14 07:05 - 2014-08-02 02:17 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 01:58 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-14 01:58 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-14 01:58 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-14 01:58 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-14 01:58 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-14 01:58 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-14 01:58 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-14 01:58 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-14 01:58 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-14 01:58 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-14 01:58 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-14 01:58 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-14 01:58 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-14 01:58 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-14 01:58 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-14 01:58 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-14 01:58 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-14 01:58 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-14 01:58 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-14 01:58 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 01:58 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-14 01:58 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-14 01:58 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-14 01:58 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-14 01:58 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-14 01:58 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-14 01:58 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-14 01:58 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-14 01:58 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-14 01:58 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-14 01:58 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-14 01:58 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-14 01:58 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-14 01:58 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-14 01:58 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-14 01:58 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-14 01:58 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-14 01:58 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-14 01:58 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-14 01:57 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-14 01:57 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-14 01:54 - 2014-08-07 00:38 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-14 01:54 - 2014-08-02 07:44 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-14 01:54 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-14 01:54 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-14 01:54 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-14 01:54 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-14 01:54 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-14 01:54 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-14 01:54 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-14 01:54 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-14 01:53 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-14 01:53 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-14 01:53 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-14 01:53 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-14 01:53 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-14 01:53 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-14 01:53 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-14 01:53 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-14 01:53 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-14 01:53 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-14 01:48 - 2014-08-14 01:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-14 01:48 - 2014-08-14 01:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-14 01:48 - 2014-08-14 01:48 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-14 01:48 - 2014-08-14 01:48 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-14 01:47 - 2014-08-14 01:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-14 01:47 - 2014-08-14 01:47 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-14 01:47 - 2014-08-14 01:47 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-12 07:25 - 2014-08-12 07:25 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\Thunderbird
2014-08-12 07:25 - 2014-08-12 07:25 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\Thunderbird
2014-08-12 07:23 - 2014-08-12 07:23 - 00002164 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-08-12 07:23 - 2014-08-12 07:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Thunderbird
2014-08-12 07:23 - 2014-08-12 07:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Thunderbird
2014-08-12 07:19 - 2014-08-12 07:19 - 01101648 _____ () C:\Users\wiewi_2\Downloads\Thunderbird - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 21:18 - 2014-09-09 21:17 - 00029722 _____ () C:\Users\wiewi_2\Downloads\FRST.txt
2014-09-09 21:17 - 2014-09-09 21:16 - 00000000 ____D () C:\FRST
2014-09-09 21:17 - 2013-11-01 19:20 - 01876763 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-09 21:14 - 2014-09-09 21:14 - 00000476 _____ () C:\Users\wiewi_2\Downloads\defogger_disable.log
2014-09-09 21:14 - 2014-09-09 21:14 - 00000000 _____ () C:\Users\wiewi_2\defogger_reenable
2014-09-09 21:14 - 2013-11-04 20:11 - 00000000 ____D () C:\Users\wiewi_2
2014-09-09 21:11 - 2013-11-05 00:11 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8ACA7EFE-FA35-404F-802E-24AB48E877EC}
2014-09-09 21:09 - 2013-09-23 17:09 - 00000322 _____ () C:\WINDOWS\Tasks\UpdaterEX.job
2014-09-09 21:08 - 2014-09-09 21:08 - 00380416 _____ () C:\Users\wiewi_2\Downloads\Gmer-19357.exe
2014-09-09 21:07 - 2014-09-09 21:07 - 02105344 _____ (Farbar) C:\Users\wiewi_2\Downloads\FRST64.exe
2014-09-09 21:06 - 2014-09-09 21:06 - 00050477 _____ () C:\Users\wiewi_2\Downloads\Defogger.exe
2014-09-09 21:03 - 2014-09-09 21:03 - 00000000 ____D () C:\Users\wiewi_2\Desktop\trojaner-board
2014-09-09 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-09 20:34 - 2013-12-15 17:34 - 00000348 _____ () C:\WINDOWS\Tasks\FoxTab.job
2014-09-09 20:29 - 2014-02-03 20:02 - 00001154 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 20:21 - 2014-02-11 06:24 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-09 20:21 - 2014-02-11 06:24 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-09 19:33 - 2014-08-17 20:06 - 00005166 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for WIEWIWOZILAPPI-wiewi_2 WiewiWoziLappi
2014-09-09 18:02 - 2014-06-21 18:43 - 00000000 ___DO () C:\Users\wiewi_2\OneDrive
2014-09-09 18:01 - 2014-01-23 20:20 - 00165659 _____ () C:\MyXML.xml
2014-09-09 18:01 - 2013-02-25 10:09 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-09-09 17:53 - 2014-02-03 20:02 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 17:53 - 2014-01-23 20:11 - 00000330 _____ () C:\WINDOWS\Tasks\Driver Booster Update.job
2014-09-09 17:51 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-09 04:49 - 2014-01-04 14:13 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-09 04:48 - 2013-12-28 11:13 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-09-08 21:28 - 2014-09-08 21:28 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\PCDr
2014-09-08 21:28 - 2013-02-25 10:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-09-08 21:26 - 2014-08-16 08:03 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\Deployment
2014-09-08 21:19 - 2013-11-04 20:17 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1712287575-707860769-2332151246-1007
2014-09-08 21:19 - 2013-11-01 19:26 - 00000000 ____D () C:\Users\Administrator
2014-09-08 21:07 - 2013-11-04 19:17 - 00003986 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D405FC3A-7A6D-4AF0-AF86-4518C8518313}
2014-09-08 21:01 - 2014-08-27 21:53 - 00005190 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for WiewiWoziLappi-Administrator WiewiWoziLappi
2014-09-08 20:59 - 2014-01-23 02:47 - 00000136 _____ () C:\WINDOWS\ODBC.INI
2014-09-08 20:48 - 2014-08-22 18:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-09-08 04:58 - 2013-06-12 08:26 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1712287575-707860769-2332151246-500
2014-09-08 04:49 - 2014-09-08 04:49 - 00000592 _____ () C:\WINDOWS\PFRO.log
2014-09-07 23:18 - 2014-09-07 23:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Guild Wars 2
2014-09-07 23:18 - 2013-08-29 19:52 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-09-07 23:10 - 2014-07-17 02:58 - 00002275 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-09-07 23:10 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-07 19:38 - 2014-09-07 19:38 - 01769472 _____ () C:\Users\wiewi_2\Downloads\tapi_eumex800_v_1.30_98SE-Win7.exe
2014-09-07 19:37 - 2014-09-07 19:37 - 03055616 _____ () C:\Users\wiewi_2\Downloads\capi_eumex800_v_1.10_2000_xp_vista_Win7.exe
2014-09-07 19:37 - 2014-09-07 19:37 - 01597776 _____ () C:\Users\wiewi_2\Downloads\fw_Eumex800_1.21_RC01.exe
2014-09-07 19:36 - 2014-09-07 19:36 - 01564672 _____ () C:\Users\wiewi_2\Downloads\util_Eumex800_RNDIS64 Treiber_Vista_Win7_V1.02.msi
2014-09-07 12:50 - 2013-09-24 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-07 08:21 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-06 07:26 - 2014-09-06 07:26 - 00243207 _____ () C:\Users\wiewi_2\Downloads\quickfilters-2.7-sm+tb.xpi
2014-09-05 18:02 - 2014-09-03 19:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-05 05:33 - 2014-09-05 03:52 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-09-05 05:32 - 2014-09-05 03:52 - 00000000 ____D () C:\Program Files (x86)\FRITZ!BoxPrint
2014-09-05 05:12 - 2013-06-13 00:49 - 00000090 _____ () C:\WINDOWS\SysWOW64\BRAgent.dat
2014-09-05 03:53 - 2014-09-05 03:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
2014-09-03 21:53 - 2014-09-03 21:53 - 00000000 ____D () C:\Users\wiewi_2\Documents\OneNote-Notizbücher
2014-09-03 20:10 - 2014-09-03 19:39 - 216528367 _____ () C:\Users\wiewi_2\Downloads\Weih_92.wmv
2014-09-03 19:40 - 2014-09-03 19:39 - 83519842 _____ () C:\Users\wiewi_2\Downloads\bambu.zip
2014-09-03 19:36 - 2014-09-03 19:35 - 00501825 _____ () C:\Users\wiewi_2\Downloads\archive03092014_193533.zip
2014-08-31 17:55 - 2013-09-30 06:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-31 17:55 - 2013-09-30 05:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-31 17:55 - 2013-09-30 05:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-31 17:54 - 2013-12-15 13:34 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\vlc
2014-08-29 05:17 - 2014-08-29 05:17 - 00001203 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-29 05:17 - 2013-12-25 17:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-29 05:17 - 2013-06-12 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-29 05:17 - 2013-06-12 08:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-29 05:09 - 2013-08-22 16:44 - 00520672 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-29 05:08 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-27 23:03 - 2013-11-04 20:11 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\Packages
2014-08-27 22:57 - 2014-08-27 20:42 - 00187951 _____ () C:\Users\Public\Documents\Stromkonto211213.ods
2014-08-27 22:54 - 2014-08-27 22:54 - 00000000 ____D () C:\Users\wiewi_2\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-27 21:53 - 2014-08-27 21:53 - 00000000 ____D () C:\Users\Administrator\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-27 18:47 - 2014-08-27 18:55 - 00052224 _____ () C:\Users\Public\Documents\Verguetung_Strom_Photovoltaik.xls
2014-08-27 18:47 - 2014-08-27 18:47 - 00052224 _____ () C:\Users\Administrator\Documents\Verguetung_Strom_Photovoltaik.xls
2014-08-27 18:47 - 2013-06-16 14:14 - 00000000 ____D () C:\Users\Administrator\Documents\USB_Sticks
2014-08-27 05:06 - 2014-08-17 19:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-27 04:49 - 2014-02-18 19:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-26 21:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-08-26 21:29 - 2014-07-17 02:58 - 00000288 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Administrator.job
2014-08-26 20:52 - 2013-02-25 10:10 - 00000000 ____D () C:\Temp
2014-08-24 17:28 - 2014-02-06 08:03 - 00030208 ___SH () C:\Users\wiewi_2\Desktop\Thumbs.db
2014-08-24 10:43 - 2014-01-12 16:06 - 00091648 ___SH () C:\Users\wiewi_2\Downloads\Thumbs.db
2014-08-23 02:42 - 2014-08-28 18:40 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 18:10 - 2014-08-22 18:10 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-19 18:21 - 2014-08-19 18:21 - 00000000 ____D () C:\Users\wiewi_2\Documents\GUILD WARS
2014-08-17 20:13 - 2014-08-17 20:13 - 00000000 __RHD () C:\MSOCache
2014-08-17 20:06 - 2014-08-17 20:06 - 00003112 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1712287575-707860769-2332151246-1007
2014-08-17 20:06 - 2014-08-17 20:06 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-08-17 20:06 - 2013-02-25 10:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-17 20:01 - 2014-08-17 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-17 19:58 - 2013-11-04 20:11 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\VirtualStore
2014-08-17 19:55 - 2014-08-17 19:55 - 01038520 _____ (Microsoft Corporation) C:\Users\wiewi_2\Downloads\Setup.X86.de-DE_O365HomePremRetail_e70b3fb2-ae2c-4aa1-8b7a-2a158949a351_TX_DB_.exe
2014-08-17 04:31 - 2014-08-17 04:05 - 00000000 ____D () C:\Users\Administrator\Documents\GUILD WARS
2014-08-17 04:05 - 2014-08-17 04:05 - 00165248 _____ (ArenaNet) C:\Users\wiewi_2\Downloads\GwSetup.exe
2014-08-17 04:05 - 2014-08-17 04:05 - 00000000 ____D () C:\Program Files (x86)\GUILD WARS
2014-08-17 00:55 - 2014-08-17 00:55 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\Guild Wars 2
2014-08-16 16:58 - 2014-08-16 09:41 - 00000000 __SHD () C:\System Recovery
2014-08-16 16:58 - 2013-12-29 11:15 - 00000000 ____D () C:\ProgramData\softthinks
2014-08-16 09:28 - 2013-05-21 22:12 - 00000000 ____D () C:\Program Files\My Dell
2014-08-16 09:05 - 2013-06-12 08:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\PCDr
2014-08-16 08:04 - 2014-08-16 08:04 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-08-16 08:03 - 2014-08-16 08:03 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\Apps\2.0
2014-08-16 08:01 - 2014-08-16 08:01 - 00417824 _____ () C:\Users\wiewi_2\Downloads\DellSystemDetect(1).exe
2014-08-14 23:01 - 2014-08-14 23:00 - 144390436 _____ () C:\Users\wiewi_2\Documents\wiewi61@t-online.de_20140814_230042.zip
2014-08-14 21:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-14 08:41 - 2014-08-14 08:41 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
2014-08-14 08:41 - 2014-07-17 03:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Assistant
2014-08-14 08:41 - 2013-10-04 19:33 - 00000000 ____D () C:\ProgramData\IObit
2014-08-14 08:37 - 2014-08-14 08:37 - 40820736 _____ () C:\WINDOWS\system32\config\COMPONENTS.iodefrag.bak
2014-08-14 08:37 - 2014-08-14 08:37 - 00000000 _____ () C:\asc_rdflag
2014-08-14 08:37 - 2014-02-08 04:59 - 74219520 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2014-08-14 08:37 - 2014-02-08 04:59 - 01019904 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2014-08-14 08:37 - 2014-02-08 04:59 - 00036864 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-08-14 08:37 - 2014-02-08 04:59 - 00036864 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-08-14 08:35 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-14 08:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-14 08:27 - 2013-06-12 08:37 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 08:17 - 2014-04-27 13:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ALDITALKVerbindungsassistent
2014-08-14 07:34 - 2013-11-07 19:53 - 00000000 ___RD () C:\Users\wiewi_2\Mediencenter
2014-08-14 07:10 - 2013-07-15 07:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-14 07:06 - 2013-05-08 17:24 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-14 07:05 - 2014-07-13 00:05 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-14 01:48 - 2014-08-14 01:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-14 01:48 - 2014-08-14 01:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-14 01:48 - 2014-08-14 01:48 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-14 01:48 - 2014-08-14 01:48 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-14 01:47 - 2014-08-14 01:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-14 01:47 - 2014-08-14 01:47 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-14 01:47 - 2014-08-14 01:47 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-14 01:47 - 2014-08-14 01:47 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-12 07:25 - 2014-08-12 07:25 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\Thunderbird
2014-08-12 07:25 - 2014-08-12 07:25 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\Thunderbird
2014-08-12 07:23 - 2014-08-12 07:23 - 00002164 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-08-12 07:23 - 2014-08-12 07:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Thunderbird
2014-08-12 07:23 - 2014-08-12 07:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Thunderbird
2014-08-12 07:19 - 2014-08-12 07:19 - 01101648 _____ () C:\Users\wiewi_2\Downloads\Thunderbird - CHIP-Installer.exe
2014-08-10 10:52 - 2013-11-07 19:51 - 00001219 _____ () C:\Users\wiewi_2\Desktop\Mediencenter.lnk
2014-08-10 10:52 - 2013-11-07 19:51 - 00001205 _____ () C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediencenter.lnk

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\wiewi_2\AppData\Local\Temp\avgnt.exe
C:\Users\wiewi_2\AppData\Local\Temp\install_flashplayer13x32au_gtba_chra_dy_aaa_aih.exe
C:\Users\wiewi_2\AppData\Local\Temp\install_flashplayer13x32_ltr5x64d_awc_aih.exe
C:\Users\wiewi_2\AppData\Local\Temp\Mediencenter_3.9.1055.64.exe
C:\Users\wiewi_2\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-09 19:33

==================== End Of Log ============================

--- --- ---

-----------------------------------------------------------------------------------------
ADDITIONAL

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by wiewi_2 at 2014-09-09 21:19:22
Running from C:\Users\wiewi_2\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
Any Video Converter 5.5.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version:  - ArcSoft)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Brother BRAdmin Light 1.23.0003 (HKLM-x32\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.23.0003 - Brother)
Brother BRAgent 1.34.0001 (HKLM-x32\...\{9390DEE7-32CF-4A2E-A47B-30270D624AA1}) (Version: 1.34.0001 - Brother)
calibre (HKLM-x32\...\{8AD7B42A-01A4-44EA-98FA-4437712168FC}) (Version: 0.9.37 - Kovid Goyal)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Conexant Polaris Unused CIR Function (HKLM\...\VID_1D19&PID_6109&MI_00) (Version: 1.0.0.0 - Conexant Systems)
CrystalDiskInfo 6.0.4 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.0.4 - Crystal Dew World)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.4 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.4 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.10.0.8 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.214 - ALPS ELECTRIC CO., LTD.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version:  - )
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.2 - IObit)
Easyweather Version 7.1 (HKLM-x32\...\{83C98CF2-952F-41EC-8702-D80490A59A2C}_is1) (Version: 7.1 - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Game Assistant (HKLM-x32\...\GameAssistant_is1) (Version: 1.0 - VTools)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.2 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Mediencenter 3.9.1055.64 (HKCU\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.1.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.0 (x86 de)) (Version: 31.1.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NirSoft Network Password Recovery (HKLM-x32\...\NirSoft Network Password Recovery) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
POIbase 1.071 (HKLM-x32\...\POIbase_is1) (Version:  - POIbase)
Protected Folder (HKLM-x32\...\Protected Folder_is1) (Version:  - IObit)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.27 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.0 - IObit)
StarMoney (x32 Version: 3.0.6.28 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 8.0  (HKLM-x32\...\{FC8756EE-E345-49FC-A861-23F559F633A6}) (Version: 8.0 - Star Finanz GmbH)
StarMoney 9.0  (HKLM-x32\...\{56225BFD-5A94-41E4-A50D-2A8F9324347A}) (Version: 9.0 - Star Finanz GmbH)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.4.0.0 - IObit)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
TOP Blu-ray to MP3 Converter 8.12.13 (HKLM-x32\...\TOP Blu-ray to MP3 Converter_is1) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Video Grabber (HKLM\...\VID_1D19&PID_6109&MI_01) (Version: 1.0.0.0 - Conexant Systems)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WsWin V2.96.10 - 2012-01-07 (HKLM-x32\...\PC-Wetterstation_is1) (Version: 2.96.10 - Werner Krenn)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\wiewi_2\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1438BFA9-92B5-4E19-AE17-DF2A6A618B8E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-05-06] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2533619D-4BAD-4B2A-A536-88FEA2F02BB0} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {29671858-C7C2-4EE0-86A9-FF5ED80B4262} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WIEWIWOZILAPPI-wiewi_2 WiewiWoziLappi => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-27] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {3360A669-83F4-49BE-9918-687DDA49EE67} - System32\Tasks\ASC7_SkipUac_Administrator => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-04] (IObit)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37D87894-3A21-4CE0-A37A-3C125AE19A4A} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {415160F3-0D81-49C8-AA7A-456CA57C13CD} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {416C99E5-0667-48CF-BDE4-27C0DFF41632} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-05-06] (IObit)
Task: {45E17C30-CDEA-421A-AD54-9D2BFBA45667} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-27] (Microsoft Corporation)
Task: {4762F013-2DE8-4612-BB59-6FAB609CF3E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4D754EC6-20C9-450D-8208-8D9CD9847EB4} - System32\Tasks\UpdaterEX => C:\Users\wiewi\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {69C17A37-C978-4FC0-AB99-A12A0E0AF944} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-01-07] (IObit)
Task: {6A5D4CBF-C141-437B-82E4-1C58C71B4EA3} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1712287575-707860769-2332151246-1007 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6FD650AF-BBD5-4FEC-B715-B693A5EFD7D7} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {728936D4-585C-4A30-AA46-2DF94A934210} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A7104B50-8D3D-444A-AD27-68579535F632} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {C66ABB29-628E-48C2-8CDC-7706E9ECDA3A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D2E11464-F476-40A8-BB64-1D120C9460D3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {D5FE03B2-E347-4CE1-B1AB-4123CEC99159} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D90F5FBC-6690-4A75-B347-21F86D69DEBD} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WiewiWoziLappi-Administrator WiewiWoziLappi => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-27] (Microsoft Corporation)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCC08FD7-E0C4-43EA-A6B2-572B74B16AC5} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E2E504B8-6903-4630-A6BD-0CC8831CE20B} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EF09DD38-ADED-42EA-88DB-7CD1D73714A2} - System32\Tasks\EPUpdater => C:\Users\wiewi\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] () <==== ATTENTION
Task: {F2E0EFCB-1F03-4151-9AA8-90EE4A07E939} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-01-10] (IObit)
Task: {FC4F95C4-570B-48D4-A57B-1D9D7BE6561B} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-12-09] (IObit)
Task: {FCFD929E-6BEB-487E-8832-4D72E97FA7F3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {FF114D2D-07CB-418B-8101-234190AE28A4} - System32\Tasks\FoxTab => C:\Users\ADMINI~1\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\WINDOWS\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
Task: C:\WINDOWS\Tasks\FoxTab.job => C:\Users\ADMINI~1\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\wiewi\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-27 13:21 - 2014-04-27 13:38 - 00358968 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-08-27 05:02 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-02-25 10:04 - 2012-04-25 04:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-06-13 00:49 - 2009-01-27 18:39 - 00086016 _____ () C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe
2014-09-09 21:06 - 2014-09-09 21:06 - 00050477 _____ () C:\Users\wiewi_2\Downloads\Defogger.exe
2014-07-17 02:58 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2013-05-15 20:38 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 8.0\ouservice\PATCHW32.dll
2014-08-06 07:14 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2014-02-22 13:22 - 2013-12-09 17:10 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2014-02-22 13:22 - 2013-12-09 17:10 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2014-02-22 13:22 - 2013-12-09 17:10 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-05-10 00:15 - 2014-05-10 00:15 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\f95a84be655dce46534e2570f3b8bef6\PSIClient.ni.dll
2013-02-25 09:50 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-20 22:32 - 2013-11-21 22:00 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-02-22 04:05 - 2012-11-26 06:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-02-22 04:05 - 2012-11-26 06:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-22 13:22 - 2013-12-09 17:10 - 00089920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\NTFSScan.dll
2014-02-22 13:22 - 2013-12-09 17:11 - 00041280 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2014-08-17 19:57 - 2014-08-17 19:57 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-08-17 19:57 - 2014-08-17 20:01 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-06-10 18:01 - 2014-06-10 18:01 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Syst4C107639:$WIMMOUNTDATA
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\Users\wiewi\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\wiewi_2\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BTMTrayAgent => 
MSCONFIG\startupreg: NextLive => 
MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files (x86)\common files\java\java update\jusched.exe
HKLM\...\StartupApproved\StartupFolder: => "honestech Audio Recorder 2.0 Deluxe Launcher.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Launcher.lnk"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "FromDocToPDF Home Page Guard 64 bit"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "FromDocToPDF Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "FromDocToPDF_65 Browser Plugin Loader"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "FILSHtray"
HKCU\...\StartupApproved\StartupFolder: => "Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk"
HKCU\...\StartupApproved\StartupFolder: => "Mediencenter.lnk"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKCU\...\StartupApproved\Run: => "Amazon Cloud Player"
HKCU\...\StartupApproved\Run: => "PC Suite Tray"
HKCU\...\StartupApproved\Run: => "NokiaSuite.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2014 09:20:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DBRCrawler.exe, Version: 1.0.0.43458, Zeitstempel: 0x516ff4a7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532954fb
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000005bf8
ID des fehlerhaften Prozesses: 0x1be0
Startzeit der fehlerhaften Anwendung: 0xDBRCrawler.exe0
Pfad der fehlerhaften Anwendung: DBRCrawler.exe1
Pfad des fehlerhaften Moduls: DBRCrawler.exe2
Berichtskennung: DBRCrawler.exe3
Vollständiger Name des fehlerhaften Pakets: DBRCrawler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DBRCrawler.exe5

Error: (09/09/2014 09:20:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/09/2014 09:20:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DBRCrawler.exe, Version: 1.0.0.43458, Zeitstempel: 0x516ff4a7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532954fb
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000005bf8
ID des fehlerhaften Prozesses: 0x594
Startzeit der fehlerhaften Anwendung: 0xDBRCrawler.exe0
Pfad der fehlerhaften Anwendung: DBRCrawler.exe1
Pfad des fehlerhaften Moduls: DBRCrawler.exe2
Berichtskennung: DBRCrawler.exe3
Vollständiger Name des fehlerhaften Pakets: DBRCrawler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DBRCrawler.exe5

Error: (09/09/2014 09:20:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/09/2014 09:19:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DBRCrawler.exe, Version: 1.0.0.43458, Zeitstempel: 0x516ff4a7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532954fb
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000005bf8
ID des fehlerhaften Prozesses: 0x14f4
Startzeit der fehlerhaften Anwendung: 0xDBRCrawler.exe0
Pfad der fehlerhaften Anwendung: DBRCrawler.exe1
Pfad des fehlerhaften Moduls: DBRCrawler.exe2
Berichtskennung: DBRCrawler.exe3
Vollständiger Name des fehlerhaften Pakets: DBRCrawler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DBRCrawler.exe5

Error: (09/09/2014 09:19:59 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/09/2014 09:19:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DBRCrawler.exe, Version: 1.0.0.43458, Zeitstempel: 0x516ff4a7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532954fb
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000005bf8
ID des fehlerhaften Prozesses: 0x4b8
Startzeit der fehlerhaften Anwendung: 0xDBRCrawler.exe0
Pfad der fehlerhaften Anwendung: DBRCrawler.exe1
Pfad des fehlerhaften Moduls: DBRCrawler.exe2
Berichtskennung: DBRCrawler.exe3
Vollständiger Name des fehlerhaften Pakets: DBRCrawler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DBRCrawler.exe5

Error: (09/09/2014 09:19:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/09/2014 09:19:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DBRCrawler.exe, Version: 1.0.0.43458, Zeitstempel: 0x516ff4a7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532954fb
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000005bf8
ID des fehlerhaften Prozesses: 0x1b2c
Startzeit der fehlerhaften Anwendung: 0xDBRCrawler.exe0
Pfad der fehlerhaften Anwendung: DBRCrawler.exe1
Pfad des fehlerhaften Moduls: DBRCrawler.exe2
Berichtskennung: DBRCrawler.exe3
Vollständiger Name des fehlerhaften Pakets: DBRCrawler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DBRCrawler.exe5

Error: (09/09/2014 09:19:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()


System errors:
=============
Error: (09/09/2014 05:56:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (09/09/2014 05:56:32 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/09/2014 05:54:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SecureUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/09/2014 05:54:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (09/09/2014 05:51:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎09.‎09.‎2014 um 04:47:56 unerwartet heruntergefahren.

Error: (09/09/2014 04:51:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (09/09/2014 04:51:51 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/09/2014 04:50:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SecureUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/09/2014 04:48:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (09/09/2014 04:47:56 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎08.‎09.‎2014 um 21:24:19 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (09/09/2014 09:20:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DBRCrawler.exe1.0.0.43458516ff4a7KERNELBASE.dll6.3.9600.17055532954fbe04343520000000000005bf8114001cfcc6313870d59C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exeC:\WINDOWS\system32\KERNELBASE.dll513ac03e-3856-11e4-beb9-5cf9dd5b149d

Error: (09/09/2014 09:20:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/09/2014 09:20:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DBRCrawler.exe1.0.0.43458516ff4a7KERNELBASE.dll6.3.9600.17055532954fbe04343520000000000005bf81be001cfcc631120ccc5C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exeC:\WINDOWS\system32\KERNELBASE.dll4ed47fc0-3856-11e4-beb9-5cf9dd5b149d

Error: (09/09/2014 09:20:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/09/2014 09:20:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DBRCrawler.exe1.0.0.43458516ff4a7KERNELBASE.dll6.3.9600.17055532954fbe04343520000000000005bf859401cfcc630eb9a628C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exeC:\WINDOWS\system32\KERNELBASE.dll4c6d5940-3856-11e4-beb9-5cf9dd5b149d

Error: (09/09/2014 09:20:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/09/2014 09:19:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DBRCrawler.exe1.0.0.43458516ff4a7KERNELBASE.dll6.3.9600.17055532954fbe04343520000000000005bf814f401cfcc630c527b5dC:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exeC:\WINDOWS\system32\KERNELBASE.dll4a0890b5-3856-11e4-beb9-5cf9dd5b149d

Error: (09/09/2014 09:19:59 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/09/2014 09:19:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DBRCrawler.exe1.0.0.43458516ff4a7KERNELBASE.dll6.3.9600.17055532954fbe04343520000000000005bf84b801cfcc6309eb54afC:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exeC:\WINDOWS\system32\KERNELBASE.dll479f07b2-3856-11e4-beb9-5cf9dd5b149d

Error: (09/09/2014 09:19:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()


CodeIntegrity Errors:
===================================
  Date: 2014-09-09 17:54:01.783
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-09 04:48:35.197
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-08 04:54:54.358
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-07 22:55:01.106
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-07 12:53:08.474
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-05 05:15:35.786
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-29 20:17:39.450
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-29 05:10:22.738
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-29 05:06:01.133
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-14 08:39:05.529
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8048.93 MB
Available physical RAM: 5460.48 MB
Total Pagefile: 16240.93 MB
Available Pagefile: 10310.98 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.01 GB) (Free:357.78 GB) NTFS
Drive d: (AVM FRITZ!Box) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS
Drive e: (wiewi_wozi) (Removable) (Total:61.87 GB) (Free:7.11 GB) exFAT
Drive x: () (Fixed) (Total:0.34 GB) (Free:0.05 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:14.02 GB) (Free:0.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D2203EA4)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 61.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Bootsektor · 10.09.2014, 13:14

Hallo,

bitte mache nun folgendes

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

file: C:\Program Files\Windows Defender\MsMpEng.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

effizient61 · 10.09.2014, 18:57

Hallo Sandra,

beim Ausführen von FRST gab es eine Fehlermeldung. (wurde kurz vorher auf eine neuere Version upgegradet)

siehe hier:

Code:

ATTFilter

Exception EAccessVioIation in module ERLINT.exe at DDD03A38. 
Access violation at address DC403A38 in module 'ERLINT.exe'. Read of 
address D076D05D.

Code:

ATTFilter

Error 
Runtime error 216 at DDD02EOC

ich habe es ignoriert

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by wiewi_2 at 2014-09-10 19:00:49 Run:1
Running from C:\Users\wiewi_2\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
file: C:\Program Files\Windows Defender\MsMpEng.exe
*****************


========================= file: C:\Program Files\Windows Defender\MsMpEng.exe ========================

MD5: ED70EDCC4107F3727973C312E0049BD5
Creation and modification date: 2014-05-14 04:43 - 2014-03-24 04:31
Size: 0023824
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: MsMpEng.exe
Original Name: MsMpEng.exe
Product Name: Microsoft Malware Protection
Description: Antimalware Service Executable
File Version: 4.5.0218.0
Product Version: 4.5.0218.0
Copyright: © Microsoft Corporation.  All rights reserved.

====== End Of File: ======


==== End of Fixlog ====

und Teil Nr 2

Der TDSS-File ist minimal zu gross, soll ich hochladen ?

ansonsten hier:

https://onedrive.live.com/redir?resid=AB517F062DA645EA!2765&authkey=!AM75wRrA7oVYU4A&ithint=folder%2ctxt

Ich hoffe, ich mache alles richtig ?

Lg
effizient

Bootsektor · 10.09.2014, 23:55

Hallo,

ja, alles gut

Soweit ist in den Logs nicht viel zu sehen. Ein bißchen Adware. Du schriebst, dass du den Rechner eh neu machen möchtest (heißt das für dich formatieren und alles neu? ), dann lohnt sich das eigentlich nicht das zu entfernen. Wir könnten noch einen sehr ausgiebigen Scan mit ESET machen, um zu schauen ob wir noch was finden.

Ich poste dir die weiteren Schritte und du entscheidest dann, was du möchtest.

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

effizient61 · 11.09.2014, 22:15

Hallo Sandra,

so, es geht los..Ich war fleissig. was für ein Datenmüll rauskommt, erstaunlich.
Ob ich den Rechner kpl. neu aufbaue, weiss ich noch nicht so genau, wenn dann erst im tiefsten Winter, sofern wir einen bekommen.

1. Adw-Cleaner

Code:

ATTFilter

# AdwCleaner v3.309 - Bericht erstellt am 11/09/2014 um 19:23:40
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : wiewi_2 - WIEWIWOZILAPPI
# Gestartet von : C:\Users\wiewi_2\Desktop\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : SecureUpdateSvc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\Secure Speed Dial
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Spigot
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\iac
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\FoxTab
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\newnext.me
Ordner Gelöscht : C:\Users\Administrator\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\wangzhisong\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\wiewi\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\wiewi\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\wiewi\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\wiewi\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\wiewi\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\wiewi\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\wiewi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
Ordner Gelöscht : C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\FCTB
Ordner Gelöscht : C:\Users\wiewi\AppData\Roaming\Mozilla\Firefox\Profiles\1han2dda.default\Extensions\staged\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
Ordner Gelöscht : C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\speeddial@instair.net
Ordner Gelöscht : C:\Users\wiewi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg
Ordner Gelöscht : C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Ordner Gelöscht : C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Ordner Gelöscht : C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Ordner Gelöscht : C:\Users\wiewi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Ordner Gelöscht : C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Ordner Gelöscht : C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Ordner Gelöscht : C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Ordner Gelöscht : C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Ordner Gelöscht : C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Ordner Gelöscht : C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Ordner Gelöscht : C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Ordner Gelöscht : C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\Administrator\daemonprocess.txt
Datei Gelöscht : C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\searchplugins\search-the-web.xml
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\g5abcfgy.default-1390417107882\user.js
Datei Gelöscht : C:\Users\wiewi\AppData\Roaming\Mozilla\Firefox\Profiles\1han2dda.default\user.js
Datei Gelöscht : C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\user.js
Datei Gelöscht : C:\Users\wiewi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage

***** [ Tasks ] *****

Task Gelöscht : Driver Booster Scan
Task Gelöscht : Driver Booster Update
Task Gelöscht : EPUpdater
Task Gelöscht : FoxTab
Task Gelöscht : UpdaterEX

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\aartemisSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\Vittalia
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\g5abcfgy.default-1390417107882\prefs.js ]


[ Datei : C:\Users\wiewi\AppData\Roaming\Mozilla\Firefox\Profiles\1han2dda.default\prefs.js ]


[ Datei : C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\prefs.js ]

Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.2808538.KeywordHistory", "");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.AutoSearchEventData", "auto%20search");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ClearCacheDate", 10);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DNSCatch", false);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DisplayEULA", false);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DnsCatchEventData", "dns%20catch");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.FirstLaunchShown", true);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.LoadLayoutDate.62781", 10);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.NewTabSearchEventData", "tab%20search");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ShowRecommendedOptions", true);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.StateReportDate", "1410278543144");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.TopRightSearchEventData", "top%20right%20search");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeInstallSaved", true);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.homepage", "www.google.de");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.search", "Google");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.comp.affiliate.2810218.disabled", false);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.customNewTab", true);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.helpUsImprove", true);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.hideOthers", false);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.processAddrBar", true);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.restoreSearch", false);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.searchHistory", false);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.session", "286E49F50024F9093938AEEABD850B656A2DC4C87A0C218F717B826DF9BB77D66DDA2C45629ABF697807A8F6D2A758BC8104320523F9EBC390AAD06D8CE4BBDD");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.showFirstLaunchOptions", false);
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tb_lang", "en");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tool_id", "62781");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_id", "85141614");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_key", "12da35adb4ad678239fb3ebd8db3bc46fbf68095");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_layouts", "62781");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_lnames", "Gamers%20Unite%21%20Snag%20Bar");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.xml_service_url", "64e3a27980eeceb34248bc3e680b4e63");
Zeile gelöscht : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.yahooSearch", true);

-\\ Google Chrome v

[ Datei : C:\Users\wiewi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Homepage] : hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=46F26036DDBD3676&affID=119357&tt=160913_c1&tsp=5014
Gelöscht [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Gelöscht [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Gelöscht [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Gelöscht [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Gelöscht [Extension] : ieadcoanfjloocmfafkebdnfefmohngj
Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Gelöscht [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Gelöscht [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[ Datei : C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Gelöscht [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Gelöscht [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Gelöscht [Extension] : pfndaklgolladniicklehhancnlgocpp
Gelöscht [Extension] : glmfgahfleepmdfffonfckpmkondpdkg

*************************

AdwCleaner[R0].txt - [15877 octets] - [11/09/2014 19:22:17]
AdwCleaner[S0].txt - [14229 octets] - [11/09/2014 19:23:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14290 octets] ##########

-----------------------------------------------------------------------------------------
So...jetzt MBAM

-----------------------------------------------------------------------------------------

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 11.09.2014
Suchlauf-Zeit: 19:44:12
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.11.06
Rootkit Datenbank: v2014.09.10.02
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: wiewi_2

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 466953
Verstrichene Zeit: 13 Min, 32 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

-----------------------------------------------------------------------------------------
und ESET passt nicht mehr..poste ich morgen
-----------------------------------------------------------------------------------------

Bootsektor · 11.09.2014, 22:17

Alles klar

Bis morgen.

effizient61 · 14.09.2014, 08:26

Huhu, so hat ein bischen länger gedauert, habe jetzt auch noch HW-Probleme, Rechner wird zu heiss, und schaltet dann sofort und mittendrin aus :-(, Dell-Service ist angefordert.

jetzt aber der letzte Log File

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=28bc5d6ec953ec489b30c5e925ed60ad
# engine=20112
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-11 08:50:15
# local_time=2014-09-11 10:50:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 11811 275891905 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10103685 35349908 0 0
# scanned=357272
# found=22
# cleaned=0
# scan_time=7392
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\genienext\nengine.dll.vir"
sh=E075096D25B65981B61BA64BD595310C95BEA7B2 ft=0 fh=0000000000000000 vn="Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.35.zip.vir"
sh=460FAB593C52A20FF1C135BCB9045359E8D08DA4 ft=1 fh=7d490d691a4e705b vn="Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=A0FD1396ED2D7B79BDFB9AF24FD98AC701632E07 ft=1 fh=32cb4b5a2245d585 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=B3E9B985A45EF896577466209FC1FDEDB066EB70 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir"
sh=570EB9952C88AF1EBF1B6E444948897310CCDC6B ft=1 fh=8dd053864897c267 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Roaming\newnext.me\nengine.dll.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\wiewi\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=5353C2021C1DB25B027D5E97680131AC9CB2C43D ft=1 fh=a62584fabc5db667 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=69ED55634A2A663A7EB6387A8BE7C2E228BBA0A3 ft=1 fh=d6c4398625351359 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\IObit\Advanced SystemCare 7\driver-booster-setup.exe"
sh=4B898B05DB9E603FDA67FCEA700DB6773CC9402C ft=1 fh=acfae6a1968281b8 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\IObit\Advanced SystemCare 7\unlocker-setup.exe"
sh=233F1C3AD7A29D83DD801D21A7DCE44B0DD5CD33 ft=1 fh=3b4842aa11a44987 vn="Win32/Toolbar.Widgi.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\IObit\Smart Defrag 2\smartdefrag3-free.exe"
sh=580B85C50C36B4F1CFD9A9BB671E290ADDFE4720 ft=1 fh=0b4e6b0fccc6cfd1 vn="Win32/Toolbar.Widgi.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\IObit\Smart Defrag 3\SDUpgrate.exe"
sh=BE646C6CFF817AEF33DD0BCBB9B549D4D1406491 ft=1 fh=ee37cf4e4ca74df9 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare.exe"
sh=B4B3FC21BD2C6DD54417E7F8C50F8C8561CEA7B4 ft=1 fh=4b872402019d2224 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\Documents\Laptop_dell\Uwe\Downloads\registrybooster.exe"
sh=70BF0E2E4AC086276FB5D6FDB5DE8A6A3D6A8E5C ft=1 fh=da732fd67ad3c782 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\Documents\Laptop_dell\Uwe\Downloads\SoftonicDownloader_fuer_tvuplayer.exe"
sh=70BF0E2E4AC086276FB5D6FDB5DE8A6A3D6A8E5C ft=1 fh=da732fd67ad3c782 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\Documents\Laptop_dell\Uwe\Downloads\SoftonicDownloader_fuer_tvuplayer_000.exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\Downloads\asc-setup_6pro.exe"
sh=BE646C6CFF817AEF33DD0BCBB9B549D4D1406491 ft=1 fh=ee37cf4e4ca74df9 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe"
sh=2B45417F54BF7AFC6B33DE95BE7D8A2A6DCE41DD ft=1 fh=f1a18365dee0181f vn="Win32/Conduit.SearchProtect.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\wiewi_2\Downloads\FreeVideoToMP3Converter_5-0-32-1219.exe"

eigentlich sollte der Rechner frei sein, oder ?

muss ich das gleiche jetzt auch für den anderen Anwender durchziehen ? Ich habe 2 User mit Adminrechten auf diesem Lapptop angemeldet ?

noch einen schönen Sonntag,

lg Skygge

Bootsektor · 14.09.2014, 23:21

Hallo Skygge,

nein brauchst du nicht vor jeden User einzeln machen, ist schon geschehen

Eset hat auch nur Adwarekrams gefunden

Du solltest dir überlegen, ob du die Sachen von IO-Bit wirklich nutzen willst, ich würd die entfernen

Pass mit Registrycleanern auf, die können dir das ganze System zerschiessen und lad nichts von softonic herunter, generell downloads von Programmen immer von der Herstellerseite

Schritt 1
Bitte deinstalliere folgende Programme:
Java 7 Update 45
Dazu drücke auf:
Windowstaste und X
dann:
Programme und Funktionen --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Ich brauche noch einen letzen Scan mit FRST und abschließend aufräumen zu können
Schritt 2
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

effizient61 · 15.09.2014, 22:23

Hallo Sandra,
einiges habe ich jetzt bereits deinstalliert, hier dein gewünschter FRST-file

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by wiewi_2 (ATTENTION: The logged in user is not administrator) on WIEWIWOZILAPPI on 15-09-2014 23:10:36
Running from C:\Users\wiewi_2\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell) C:\Users\wiewi_2\AppData\Local\Apps\2.0\6T098KXE.N9P\5BG4V21Z.OJC\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\DelayLoad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-06] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "c:\program files (x86)\intel\bluetooth\btmshellex.dll",trayapp
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\program files (x86)\cyberlink\power2go8\virtualdrive.exe [491120 2012-07-04] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [Amazon Cloud Player] => c:\users\wiewi_2\appdata\local\amazon cloud player\amazon music helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [PC Suite Tray] => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [DellSystemDetect] => C:\Users\wiewi_2\AppData\Local\Apps\2.0\6T098KXE.N9P\5BG4V21Z.OJC\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-09-08] (Dell)
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {4f8f8b6a-149d-11e4-beae-5cf9dd5b149d} - "F:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {4f8f8bbe-149d-11e4-beae-5cf9dd5b149d} - "F:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {57dedbe8-cd50-11e3-bea0-6036ddbd3679} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {57dedc31-cd50-11e3-bea0-6036ddbd3679} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {57dedd1e-cd50-11e3-bea0-6036ddbd3679} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {72622507-d0a6-11e3-bea4-6036ddbd3679} - "F:\.\Setup.exe" AUTORUN=1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll No File
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll No File
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKLM - {F4A7530A-1FCB-42B5-9D0A-107769777F7E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {F4A7530A-1FCB-42B5-9D0A-107769777F7E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - {F4A7530A-1FCB-42B5-9D0A-107769777F7E} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\abs@avira.com [2014-06-11]
FF Extension: Ads Removal - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\adremoveext@adremoveext.net [2014-09-09]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\ascsurfingprotection@iobit.com [2014-09-10]
FF Extension: ImTranslator - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-02-27]
FF Extension: Gamers Unite! Snag Bar - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi [2014-03-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-03]
CHR Extension: (Google Drive) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-09-09]
CHR Extension: (YouTube) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-03]
CHR Extension: (Google-Suche) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-03]
CHR Extension: (Ads Removal) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-09-12]
CHR Extension: (Google Wallet) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
CHR Extension: (Google Mail) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2014-04-27] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
S4 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-22] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 WBA_Agent_Client; C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe [86016 2009-01-27] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 ACDaemon; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-05-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-06] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 DxVGrb; C:\Windows\system32\drivers\DxVGrb.sys [222464 2012-01-10] (Dexetek )
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2014-04-27] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-05-16] ()
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-01-23] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3346912 2013-10-31] (Intel Corporation)
R2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [38392 2012-11-23] (IObit Information Technology)
S3 TDKLIB; No ImagePath
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 23:10 - 2014-09-15 23:10 - 02105856 _____ (Farbar) C:\Users\wiewi_2\Downloads\FRST64.exe
2014-09-15 23:10 - 2014-09-15 23:10 - 00020593 _____ () C:\Users\wiewi_2\Desktop\FRST.txt
2014-09-15 23:07 - 2014-09-15 23:08 - 00013002 _____ () C:\Users\wiewi_2\Desktop\Addition.txt
2014-09-15 22:39 - 2014-09-15 22:40 - 00014850 _____ () C:\WINDOWS\DPINST.LOG
2014-09-14 18:53 - 2014-09-14 18:53 - 00000156 _____ () C:\WINDOWS\setupact.log
2014-09-14 18:53 - 2014-09-14 18:53 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-09-14 06:51 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-14 06:51 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-14 06:51 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-14 06:51 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-14 06:51 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-14 06:51 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-14 06:51 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-14 06:51 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-14 06:51 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-14 06:51 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-14 06:51 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-14 06:50 - 2014-07-24 17:28 - 00468288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-14 06:50 - 2014-07-24 17:28 - 00419648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-14 06:50 - 2014-07-24 17:28 - 00412992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-14 06:50 - 2014-07-24 17:28 - 00143680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-09-14 06:50 - 2014-07-24 17:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-09-14 06:50 - 2014-07-24 17:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-14 06:50 - 2014-07-24 17:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-14 06:50 - 2014-07-24 17:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-14 06:50 - 2014-07-24 17:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-09-14 06:50 - 2014-07-24 17:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-09-14 06:50 - 2014-07-24 17:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-14 06:50 - 2014-07-24 17:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-14 06:50 - 2014-07-24 17:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-09-14 06:50 - 2014-07-24 17:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-09-14 06:50 - 2014-07-24 17:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-09-14 06:50 - 2014-07-24 17:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-09-14 06:50 - 2014-07-24 17:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-14 06:50 - 2014-07-24 17:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-14 06:50 - 2014-07-24 17:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-09-14 06:50 - 2014-07-24 17:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-14 06:50 - 2014-07-24 17:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-09-14 06:50 - 2014-07-24 17:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-09-14 06:50 - 2014-07-24 16:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-14 06:50 - 2014-07-24 16:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-09-14 06:50 - 2014-07-24 15:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-09-14 06:50 - 2014-07-24 15:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-14 06:50 - 2014-07-24 15:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-14 06:50 - 2014-07-24 15:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-14 06:50 - 2014-07-24 15:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-14 06:50 - 2014-07-24 15:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-09-14 06:50 - 2014-07-24 15:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-14 06:50 - 2014-07-24 15:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-09-14 06:50 - 2014-07-24 13:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-14 06:50 - 2014-07-24 13:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-14 06:50 - 2014-07-24 13:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-14 06:50 - 2014-07-24 13:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-09-14 06:50 - 2014-07-24 13:42 - 01200640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-09-14 06:50 - 2014-07-24 13:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-14 06:50 - 2014-07-24 13:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-09-14 06:50 - 2014-07-24 13:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-09-14 06:50 - 2014-07-24 13:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-09-14 06:50 - 2014-07-24 13:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-14 06:50 - 2014-07-24 12:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-09-14 06:50 - 2014-07-24 12:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-09-14 06:50 - 2014-07-24 12:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-09-14 06:50 - 2014-07-24 12:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-14 06:50 - 2014-07-24 12:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-14 06:50 - 2014-07-24 12:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-14 06:50 - 2014-07-24 12:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-14 06:50 - 2014-07-24 12:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-09-14 06:50 - 2014-07-24 12:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-14 06:50 - 2014-07-24 11:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2014-09-14 06:50 - 2014-07-24 11:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-09-14 06:50 - 2014-07-24 11:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-14 06:50 - 2014-07-24 11:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-14 06:50 - 2014-07-24 11:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-09-14 06:50 - 2014-07-24 11:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-14 06:50 - 2014-07-24 11:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-09-14 06:50 - 2014-07-24 11:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-14 06:50 - 2014-07-24 11:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-09-14 06:50 - 2014-07-24 11:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-09-14 06:50 - 2014-07-24 11:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-09-14 06:50 - 2014-07-24 11:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-09-14 06:50 - 2014-07-24 11:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-14 06:50 - 2014-07-24 11:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-14 06:50 - 2014-07-24 11:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-14 06:50 - 2014-07-24 10:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-14 06:50 - 2014-07-24 10:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-14 06:50 - 2014-07-24 10:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-14 06:50 - 2014-07-24 10:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-09-14 06:50 - 2014-07-24 10:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-14 06:50 - 2014-07-24 10:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-14 06:50 - 2014-07-24 10:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-14 06:50 - 2014-07-24 10:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-14 06:50 - 2014-07-24 10:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-09-14 06:50 - 2014-07-24 10:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-14 06:50 - 2014-07-24 10:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-09-14 06:50 - 2014-07-24 10:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-14 06:50 - 2014-07-24 10:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-14 06:50 - 2014-07-24 10:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-14 06:50 - 2014-07-24 10:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-14 06:50 - 2014-07-24 10:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-09-14 06:50 - 2014-07-24 10:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-09-14 06:50 - 2014-07-24 10:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-09-14 06:50 - 2014-07-24 10:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-14 06:50 - 2014-07-24 10:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-09-14 06:50 - 2014-07-24 10:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-14 06:50 - 2014-07-24 10:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-14 06:50 - 2014-07-24 10:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-14 06:50 - 2014-07-24 10:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-14 06:50 - 2014-07-24 10:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-14 06:50 - 2014-07-24 10:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-14 06:50 - 2014-07-24 10:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-14 06:50 - 2014-07-24 10:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-14 06:50 - 2014-07-24 10:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-09-14 06:50 - 2014-07-24 09:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-09-14 06:50 - 2014-07-24 09:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-09-14 06:50 - 2014-07-24 09:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-14 06:50 - 2014-07-24 09:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2014-09-14 06:50 - 2014-07-24 09:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-09-14 06:50 - 2014-07-24 09:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-14 06:50 - 2014-07-24 09:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-09-14 06:50 - 2014-07-24 09:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-14 06:50 - 2014-07-24 09:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-14 06:50 - 2014-07-24 09:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-14 06:50 - 2014-07-24 09:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-14 06:50 - 2014-07-24 09:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-14 06:50 - 2014-07-24 09:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-14 06:50 - 2014-07-24 09:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-14 06:50 - 2014-07-24 06:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-09-14 06:50 - 2014-07-24 06:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-09-14 06:50 - 2014-07-12 07:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-09-14 06:50 - 2014-07-12 06:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-09-14 06:50 - 2014-07-12 06:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-14 06:50 - 2014-07-04 12:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-09-14 06:50 - 2014-07-04 12:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-14 06:50 - 2014-07-04 12:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-09-14 06:50 - 2014-07-04 11:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-09-14 06:50 - 2014-07-04 11:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-09-14 06:50 - 2014-06-27 08:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-14 06:50 - 2014-06-26 02:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-14 06:50 - 2014-06-20 01:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-14 06:50 - 2014-06-19 04:13 - 00310080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-14 06:50 - 2014-06-14 08:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-09-14 06:50 - 2014-06-14 07:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-09-14 06:50 - 2014-06-05 16:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-09-14 06:50 - 2014-06-05 12:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-14 06:50 - 2014-06-05 11:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-14 06:50 - 2014-05-31 07:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-09-14 06:50 - 2014-05-31 06:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-09-14 06:50 - 2014-05-29 08:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-14 06:50 - 2014-05-29 07:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-14 06:50 - 2014-05-10 12:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-09-14 06:50 - 2014-05-10 10:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-09-14 06:50 - 2014-05-06 06:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-14 06:50 - 2014-05-06 02:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-14 06:50 - 2014-03-25 04:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-09-14 06:50 - 2014-03-25 04:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-09-14 06:50 - 2014-03-25 03:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-09-14 06:49 - 2014-07-24 17:28 - 00280384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-09-14 06:49 - 2014-07-24 17:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-14 06:49 - 2014-07-24 17:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-14 06:49 - 2014-07-24 15:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-14 06:49 - 2014-07-24 15:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-09-14 06:49 - 2014-07-24 13:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-09-14 06:49 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-09-14 06:49 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-09-14 06:49 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-09-14 06:49 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-09-14 06:49 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-09-14 06:49 - 2014-07-24 13:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-09-14 06:49 - 2014-07-24 13:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-09-14 06:49 - 2014-07-24 13:43 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2014-09-14 06:49 - 2014-07-24 13:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2014-09-14 06:49 - 2014-07-24 13:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-14 06:49 - 2014-07-24 13:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-14 06:49 - 2014-07-24 13:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2014-09-14 06:49 - 2014-07-24 13:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-09-14 06:49 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-09-14 06:49 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-09-14 06:49 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-09-14 06:49 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-09-14 06:49 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-09-14 06:49 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-09-14 06:49 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-09-14 06:49 - 2014-07-24 12:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-14 06:49 - 2014-07-24 12:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-09-14 06:49 - 2014-07-24 12:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-09-14 06:49 - 2014-07-24 12:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-09-14 06:49 - 2014-07-24 11:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-09-14 06:49 - 2014-07-24 11:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-09-14 06:49 - 2014-07-24 11:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-09-14 06:49 - 2014-07-24 11:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-14 06:49 - 2014-07-24 11:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-14 06:49 - 2014-07-24 11:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-09-14 06:49 - 2014-07-24 11:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-09-14 06:49 - 2014-07-24 11:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-09-14 06:49 - 2014-07-24 11:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-14 06:49 - 2014-07-24 11:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-09-14 06:49 - 2014-07-24 11:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-09-14 06:49 - 2014-07-24 11:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-09-14 06:49 - 2014-07-24 10:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-09-14 06:49 - 2014-07-24 10:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-09-14 06:49 - 2014-07-24 10:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-14 06:49 - 2014-07-24 10:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-14 06:49 - 2014-07-24 10:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-09-14 06:49 - 2014-07-24 10:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-09-14 06:49 - 2014-07-24 10:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-09-14 06:49 - 2014-07-24 10:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-09-14 06:49 - 2014-07-24 10:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 06:49 - 2014-07-24 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2014-09-14 06:49 - 2014-07-24 10:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-09-14 06:49 - 2014-07-24 10:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-14 06:49 - 2014-07-24 10:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-09-14 06:49 - 2014-07-24 10:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-09-14 06:49 - 2014-07-24 10:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 06:49 - 2014-07-24 10:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-09-14 06:49 - 2014-07-24 10:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-09-14 06:49 - 2014-07-24 10:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-14 06:49 - 2014-07-24 10:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-09-14 06:49 - 2014-07-24 10:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-14 06:49 - 2014-07-24 10:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-14 06:49 - 2014-07-24 09:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-09-14 06:49 - 2014-07-24 09:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-09-14 06:49 - 2014-07-24 09:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-14 06:49 - 2014-07-24 09:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-09-14 06:49 - 2014-07-24 09:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-09-14 06:49 - 2014-07-12 07:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-14 06:49 - 2014-07-12 06:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-14 06:49 - 2014-07-10 01:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-14 06:49 - 2014-07-04 14:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-09-14 06:49 - 2014-07-04 12:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-14 06:49 - 2014-06-26 02:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-09-14 06:49 - 2014-06-07 14:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-14 06:49 - 2014-06-07 12:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-14 06:49 - 2014-05-29 07:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-09-14 06:49 - 2014-05-29 06:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-09-14 06:49 - 2014-05-26 09:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-09-14 06:49 - 2014-03-25 03:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-09-14 06:43 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-11 20:43 - 2014-09-11 20:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-11 20:41 - 2014-09-11 20:42 - 02347384 _____ (ESET) C:\Users\wiewi_2\Desktop\esetsmartinstaller_deu.exe
2014-09-11 20:01 - 2014-09-11 20:01 - 00001146 _____ () C:\Users\wiewi_2\Desktop\mbam.txt
2014-09-11 19:41 - 2014-09-14 18:56 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 19:41 - 2014-09-11 19:41 - 00001172 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-11 19:41 - 2014-09-11 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-11 19:41 - 2014-09-11 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 19:41 - 2014-09-11 19:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-11 19:41 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-11 19:41 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-11 19:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-11 19:40 - 2014-09-11 19:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\wiewi_2\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-11 19:29 - 2014-09-02 22:06 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-11 19:29 - 2014-09-02 22:06 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 19:21 - 2014-09-11 23:36 - 00000000 ____D () C:\AdwCleaner
2014-09-11 19:19 - 2014-09-11 19:19 - 01370483 _____ () C:\Users\wiewi_2\Desktop\adwcleaner_3.309.exe
2014-09-11 06:03 - 2014-09-11 06:03 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-11 06:03 - 2014-09-11 06:03 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-11 06:03 - 2014-09-11 06:03 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-11 06:02 - 2014-09-11 06:02 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-11 06:02 - 2014-09-11 06:02 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-11 06:02 - 2014-09-11 06:02 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-11 06:02 - 2014-09-11 06:02 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-11 06:02 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-11 06:02 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-11 06:02 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-11 06:02 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-11 06:02 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-11 06:02 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-11 06:02 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-11 06:02 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-11 06:02 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-11 06:02 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-11 06:02 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-11 06:02 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-11 06:02 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-11 06:02 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-11 06:02 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-11 06:02 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-11 06:02 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-11 06:02 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-11 06:02 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-11 06:02 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-11 06:02 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-11 06:02 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 06:02 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-11 06:02 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-11 06:02 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-11 06:02 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-11 06:02 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-11 06:02 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-11 06:02 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-11 06:02 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-11 06:02 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-11 06:02 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-11 06:02 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-11 06:02 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-11 06:02 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-11 05:00 - 2014-09-05 04:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-11 05:00 - 2014-09-05 04:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-11 05:00 - 2014-09-05 02:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-11 05:00 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-11 04:59 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-11 04:59 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-10 23:01 - 2014-09-11 19:23 - 00000276 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_wiewi_2.job
2014-09-10 23:01 - 2014-09-10 23:02 - 00002275 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-09-10 23:01 - 2014-09-10 23:01 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\Apple Computer
2014-09-10 20:06 - 2014-09-10 20:06 - 00048681 _____ () C:\Users\wiewi_2\Desktop\TDSS100914.zip
2014-09-10 20:05 - 2014-09-10 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-10 20:05 - 2014-09-10 20:05 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-09-10 19:50 - 2014-09-10 19:50 - 01110476 _____ () C:\Users\wiewi_2\Desktop\7z920.exe
2014-09-10 19:46 - 2014-09-10 19:46 - 00124307 _____ () C:\Users\wiewi_2\Desktop\TDSS100914.txt
2014-09-10 19:16 - 2014-09-10 19:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\wiewi_2\Desktop\tdsskiller.exe
2014-09-10 18:57 - 2014-09-10 18:57 - 02105856 _____ (Farbar) C:\Users\wiewi_2\Desktop\FRST64.exe
2014-09-10 18:57 - 2014-09-10 18:57 - 00000000 ____D () C:\Users\wiewi_2\Desktop\FRST-OlderVersion
2014-09-10 05:03 - 2014-09-10 05:03 - 00001203 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 21:45 - 2014-09-09 21:45 - 00000476 _____ () C:\Users\wiewi_2\Desktop\defogger_disable.log
2014-09-09 21:19 - 2014-09-09 21:20 - 00050675 _____ () C:\Users\wiewi_2\Downloads\Addition.txt
2014-09-09 21:17 - 2014-09-09 21:20 - 00062083 _____ () C:\Users\wiewi_2\Downloads\FRST.txt
2014-09-09 21:16 - 2014-09-15 23:10 - 00000000 ____D () C:\FRST
2014-09-09 21:14 - 2014-09-09 21:34 - 00000476 _____ () C:\Users\wiewi_2\Downloads\defogger_disable.log
2014-09-09 21:14 - 2014-09-09 21:14 - 00000000 _____ () C:\Users\wiewi_2\defogger_reenable
2014-09-09 21:08 - 2014-09-09 21:08 - 00380416 _____ () C:\Users\wiewi_2\Desktop\Gmer-19357.exe
2014-09-09 21:06 - 2014-09-09 21:06 - 00050477 _____ () C:\Users\wiewi_2\Desktop\Defogger.exe
2014-09-09 21:03 - 2014-09-09 21:03 - 00000000 ____D () C:\Users\wiewi_2\Desktop\trojaner-board
2014-09-08 21:28 - 2014-09-08 21:28 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\PCDr
2014-09-08 04:49 - 2014-09-15 22:56 - 00018524 _____ () C:\WINDOWS\PFRO.log
2014-09-07 23:18 - 2014-09-07 23:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Guild Wars 2
2014-09-07 19:38 - 2014-09-07 19:38 - 01769472 _____ () C:\Users\wiewi_2\Downloads\tapi_eumex800_v_1.30_98SE-Win7.exe
2014-09-07 19:37 - 2014-09-07 19:37 - 03055616 _____ () C:\Users\wiewi_2\Downloads\capi_eumex800_v_1.10_2000_xp_vista_Win7.exe
2014-09-07 19:37 - 2014-09-07 19:37 - 01597776 _____ () C:\Users\wiewi_2\Downloads\fw_Eumex800_1.21_RC01.exe
2014-09-07 19:36 - 2014-09-07 19:36 - 01564672 _____ () C:\Users\wiewi_2\Downloads\util_Eumex800_RNDIS64 Treiber_Vista_Win7_V1.02.msi
2014-09-06 07:26 - 2014-09-06 07:26 - 00243207 _____ () C:\Users\wiewi_2\Downloads\quickfilters-2.7-sm+tb.xpi
2014-09-05 05:33 - 2006-12-14 13:42 - 00069120 ____R (AVM Berlin) C:\WINDOWS\SysWOW64\avmadd32.dll
2014-09-05 05:33 - 2006-05-29 02:00 - 00016384 ____R (AVM Berlin GmbH) C:\WINDOWS\SysWOW64\avmprmon.dll
2014-09-05 03:53 - 2014-09-05 03:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
2014-09-05 03:52 - 2014-09-05 05:33 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-09-05 03:52 - 2014-09-05 05:32 - 00000000 ____D () C:\Program Files (x86)\FRITZ!BoxPrint
2014-09-03 21:53 - 2014-09-03 21:53 - 00000000 ____D () C:\Users\wiewi_2\Documents\OneNote-Notizbücher
2014-09-03 19:39 - 2014-09-03 20:10 - 216528367 _____ () C:\Users\wiewi_2\Downloads\Weih_92.wmv
2014-09-03 19:39 - 2014-09-03 19:40 - 83519842 _____ () C:\Users\wiewi_2\Downloads\bambu.zip
2014-09-03 19:35 - 2014-09-03 19:36 - 00501825 _____ () C:\Users\wiewi_2\Downloads\archive03092014_193533.zip
2014-09-03 19:23 - 2014-09-05 18:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-08-28 18:40 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-27 22:54 - 2014-08-27 22:54 - 00000000 ____D () C:\Users\wiewi_2\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-27 21:53 - 2014-08-27 21:53 - 00000000 ____D () C:\Users\Administrator\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-27 20:42 - 2014-08-27 22:57 - 00187951 _____ () C:\Users\Public\Documents\Stromkonto211213.ods
2014-08-27 18:55 - 2014-08-27 18:47 - 00052224 _____ () C:\Users\Public\Documents\Verguetung_Strom_Photovoltaik.xls
2014-08-27 18:47 - 2014-08-27 18:47 - 00052224 _____ () C:\Users\Administrator\Documents\Verguetung_Strom_Photovoltaik.xls
2014-08-22 18:10 - 2014-08-22 18:10 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-22 18:05 - 2014-09-08 20:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-08-19 18:21 - 2014-08-19 18:21 - 00000000 ____D () C:\Users\wiewi_2\Documents\GUILD WARS
2014-08-17 20:13 - 2014-08-17 20:13 - 00000000 __RHD () C:\MSOCache
2014-08-17 20:06 - 2014-08-17 20:06 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-08-17 19:58 - 2014-08-17 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-17 19:57 - 2014-08-27 05:06 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-17 19:55 - 2014-08-17 19:55 - 01038520 _____ (Microsoft Corporation) C:\Users\wiewi_2\Downloads\Setup.X86.de-DE_O365HomePremRetail_e70b3fb2-ae2c-4aa1-8b7a-2a158949a351_TX_DB_.exe
2014-08-17 04:05 - 2014-08-17 04:31 - 00000000 ____D () C:\Users\Administrator\Documents\GUILD WARS
2014-08-17 04:05 - 2014-08-17 04:05 - 00165248 _____ (ArenaNet) C:\Users\wiewi_2\Downloads\GwSetup.exe
2014-08-17 04:05 - 2014-08-17 04:05 - 00000000 ____D () C:\Program Files (x86)\GUILD WARS
2014-08-17 00:55 - 2014-08-17 00:55 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\Guild Wars 2
2014-08-16 09:41 - 2014-08-16 16:58 - 00000000 __SHD () C:\System Recovery
2014-08-16 08:04 - 2014-08-16 08:04 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-08-16 08:03 - 2014-09-08 21:26 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\Deployment
2014-08-16 08:03 - 2014-08-16 08:03 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\Apps\2.0
2014-08-16 08:01 - 2014-08-16 08:01 - 00417824 _____ () C:\Users\wiewi_2\Downloads\DellSystemDetect(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 23:10 - 2014-09-15 23:10 - 02105856 _____ (Farbar) C:\Users\wiewi_2\Downloads\FRST64.exe
2014-09-15 23:10 - 2014-09-15 23:10 - 00020593 _____ () C:\Users\wiewi_2\Desktop\FRST.txt
2014-09-15 23:10 - 2014-09-09 21:16 - 00000000 ____D () C:\FRST
2014-09-15 23:08 - 2014-09-15 23:07 - 00013002 _____ () C:\Users\wiewi_2\Desktop\Addition.txt
2014-09-15 23:02 - 2013-11-01 19:20 - 01886590 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-15 23:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-15 23:01 - 2014-06-21 18:43 - 00000000 ___DO () C:\Users\wiewi_2\OneDrive
2014-09-15 23:01 - 2013-02-25 10:09 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-09-15 23:00 - 2014-02-03 20:02 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 22:56 - 2014-09-08 04:49 - 00018524 _____ () C:\WINDOWS\PFRO.log
2014-09-15 22:56 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-15 22:55 - 2013-11-04 20:11 - 00000000 ____D () C:\Users\wiewi_2
2014-09-15 22:42 - 2014-04-27 14:55 - 00000000 ____D () C:\Program Files (x86)\Nokia
2014-09-15 22:40 - 2014-09-15 22:39 - 00014850 _____ () C:\WINDOWS\DPINST.LOG
2014-09-15 22:40 - 2013-10-04 19:33 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-15 22:39 - 2014-04-27 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nokia
2014-09-15 22:39 - 2014-04-27 18:52 - 00000000 ____D () C:\ProgramData\Installations
2014-09-15 22:39 - 2013-11-04 18:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\IObit
2014-09-15 22:36 - 2014-01-23 20:20 - 00165659 _____ () C:\MyXML.xml
2014-09-15 22:35 - 2013-07-31 14:56 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-09-15 22:32 - 2013-11-01 19:26 - 00000000 ____D () C:\Users\Administrator
2014-09-15 22:31 - 2013-02-25 09:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-15 22:29 - 2014-02-03 20:02 - 00001154 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 22:22 - 2013-09-30 06:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-15 22:22 - 2013-09-30 05:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-15 22:22 - 2013-09-30 05:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-15 22:21 - 2014-02-11 06:24 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-15 17:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-15 17:09 - 2014-01-04 14:13 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-14 23:47 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-09-14 23:38 - 2013-08-22 16:44 - 00520672 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-14 18:56 - 2014-09-11 19:41 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 18:53 - 2014-09-14 18:53 - 00000156 _____ () C:\WINDOWS\setupact.log
2014-09-14 18:53 - 2014-09-14 18:53 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-09-14 14:54 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-14 14:54 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-14 14:54 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-14 14:53 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-14 14:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-14 14:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-14 14:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-09-14 14:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-09-14 14:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-09-14 14:53 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-14 13:59 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-14 06:26 - 2013-09-24 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-13 21:23 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-13 14:59 - 2014-02-18 19:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-13 14:59 - 2013-09-24 19:53 - 00001219 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-13 14:59 - 2013-09-24 19:53 - 00001207 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-11 23:36 - 2014-09-11 19:21 - 00000000 ____D () C:\AdwCleaner
2014-09-11 20:43 - 2014-09-11 20:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-11 20:42 - 2014-09-11 20:41 - 02347384 _____ (ESET) C:\Users\wiewi_2\Desktop\esetsmartinstaller_deu.exe
2014-09-11 20:01 - 2014-09-11 20:01 - 00001146 _____ () C:\Users\wiewi_2\Desktop\mbam.txt
2014-09-11 19:41 - 2014-09-11 19:41 - 00001172 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-11 19:41 - 2014-09-11 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-11 19:41 - 2014-09-11 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 19:41 - 2014-09-11 19:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-11 19:40 - 2014-09-11 19:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\wiewi_2\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-11 19:25 - 2014-07-13 00:05 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-11 19:23 - 2014-09-10 23:01 - 00000276 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_wiewi_2.job
2014-09-11 19:19 - 2014-09-11 19:19 - 01370483 _____ () C:\Users\wiewi_2\Desktop\adwcleaner_3.309.exe
2014-09-11 06:03 - 2014-09-11 06:03 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-11 06:03 - 2014-09-11 06:03 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-11 06:03 - 2014-09-11 06:03 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-11 06:02 - 2014-09-11 06:02 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-11 06:02 - 2014-09-11 06:02 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-11 06:02 - 2014-09-11 06:02 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-11 06:02 - 2014-09-11 06:02 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-11 06:02 - 2013-07-15 07:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 05:56 - 2013-05-08 17:24 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-10 23:04 - 2014-05-22 21:33 - 00000000 ____D () C:\Users\wiewi_2\Downloads\html
2014-09-10 23:04 - 2013-11-07 20:15 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\IObit
2014-09-10 23:04 - 2013-10-04 19:33 - 00000000 ____D () C:\ProgramData\IObit
2014-09-10 23:02 - 2014-09-10 23:01 - 00002275 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-09-10 23:01 - 2014-09-10 23:01 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\Apple Computer
2014-09-10 23:01 - 2014-01-04 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-09-10 20:06 - 2014-09-10 20:06 - 00048681 _____ () C:\Users\wiewi_2\Desktop\TDSS100914.zip
2014-09-10 20:05 - 2014-09-10 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-10 20:05 - 2014-09-10 20:05 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-09-10 19:50 - 2014-09-10 19:50 - 01110476 _____ () C:\Users\wiewi_2\Desktop\7z920.exe
2014-09-10 19:46 - 2014-09-10 19:46 - 00124307 _____ () C:\Users\wiewi_2\Desktop\TDSS100914.txt
2014-09-10 19:16 - 2014-09-10 19:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\wiewi_2\Desktop\tdsskiller.exe
2014-09-10 18:57 - 2014-09-10 18:57 - 02105856 _____ (Farbar) C:\Users\wiewi_2\Desktop\FRST64.exe
2014-09-10 18:57 - 2014-09-10 18:57 - 00000000 ____D () C:\Users\wiewi_2\Desktop\FRST-OlderVersion
2014-09-10 05:03 - 2014-09-10 05:03 - 00001203 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 05:03 - 2013-12-25 17:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 05:03 - 2013-06-12 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-10 05:03 - 2013-06-12 08:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-09 21:45 - 2014-09-09 21:45 - 00000476 _____ () C:\Users\wiewi_2\Desktop\defogger_disable.log
2014-09-09 21:34 - 2014-09-09 21:14 - 00000476 _____ () C:\Users\wiewi_2\Downloads\defogger_disable.log
2014-09-09 21:20 - 2014-09-09 21:19 - 00050675 _____ () C:\Users\wiewi_2\Downloads\Addition.txt
2014-09-09 21:20 - 2014-09-09 21:17 - 00062083 _____ () C:\Users\wiewi_2\Downloads\FRST.txt
2014-09-09 21:14 - 2014-09-09 21:14 - 00000000 _____ () C:\Users\wiewi_2\defogger_reenable
2014-09-09 21:08 - 2014-09-09 21:08 - 00380416 _____ () C:\Users\wiewi_2\Desktop\Gmer-19357.exe
2014-09-09 21:06 - 2014-09-09 21:06 - 00050477 _____ () C:\Users\wiewi_2\Desktop\Defogger.exe
2014-09-09 21:03 - 2014-09-09 21:03 - 00000000 ____D () C:\Users\wiewi_2\Desktop\trojaner-board
2014-09-09 04:48 - 2013-12-28 11:13 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-09-08 21:28 - 2014-09-08 21:28 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\PCDr
2014-09-08 21:28 - 2013-02-25 10:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-09-08 21:26 - 2014-08-16 08:03 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\Deployment
2014-09-08 20:59 - 2014-01-23 02:47 - 00000136 _____ () C:\WINDOWS\ODBC.INI
2014-09-08 20:48 - 2014-08-22 18:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-09-07 23:18 - 2014-09-07 23:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Guild Wars 2
2014-09-07 23:18 - 2013-08-29 19:52 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-09-07 19:38 - 2014-09-07 19:38 - 01769472 _____ () C:\Users\wiewi_2\Downloads\tapi_eumex800_v_1.30_98SE-Win7.exe
2014-09-07 19:37 - 2014-09-07 19:37 - 03055616 _____ () C:\Users\wiewi_2\Downloads\capi_eumex800_v_1.10_2000_xp_vista_Win7.exe
2014-09-07 19:37 - 2014-09-07 19:37 - 01597776 _____ () C:\Users\wiewi_2\Downloads\fw_Eumex800_1.21_RC01.exe
2014-09-07 19:36 - 2014-09-07 19:36 - 01564672 _____ () C:\Users\wiewi_2\Downloads\util_Eumex800_RNDIS64 Treiber_Vista_Win7_V1.02.msi
2014-09-06 07:26 - 2014-09-06 07:26 - 00243207 _____ () C:\Users\wiewi_2\Downloads\quickfilters-2.7-sm+tb.xpi
2014-09-05 18:02 - 2014-09-03 19:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-05 05:33 - 2014-09-05 03:52 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-09-05 05:32 - 2014-09-05 03:52 - 00000000 ____D () C:\Program Files (x86)\FRITZ!BoxPrint
2014-09-05 05:12 - 2013-06-13 00:49 - 00000090 _____ () C:\WINDOWS\SysWOW64\BRAgent.dat
2014-09-05 04:36 - 2014-09-11 05:00 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-05 04:31 - 2014-09-11 05:00 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-05 03:53 - 2014-09-05 03:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
2014-09-05 02:48 - 2014-09-11 05:00 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-03 21:53 - 2014-09-03 21:53 - 00000000 ____D () C:\Users\wiewi_2\Documents\OneNote-Notizbücher
2014-09-03 20:10 - 2014-09-03 19:39 - 216528367 _____ () C:\Users\wiewi_2\Downloads\Weih_92.wmv
2014-09-03 19:40 - 2014-09-03 19:39 - 83519842 _____ () C:\Users\wiewi_2\Downloads\bambu.zip
2014-09-03 19:36 - 2014-09-03 19:35 - 00501825 _____ () C:\Users\wiewi_2\Downloads\archive03092014_193533.zip
2014-09-02 22:06 - 2014-09-11 19:29 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 22:06 - 2014-09-11 19:29 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-31 17:54 - 2013-12-15 13:34 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\vlc
2014-08-27 23:03 - 2013-11-04 20:11 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\Packages
2014-08-27 22:57 - 2014-08-27 20:42 - 00187951 _____ () C:\Users\Public\Documents\Stromkonto211213.ods
2014-08-27 22:54 - 2014-08-27 22:54 - 00000000 ____D () C:\Users\wiewi_2\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-27 21:53 - 2014-08-27 21:53 - 00000000 ____D () C:\Users\Administrator\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-27 18:47 - 2014-08-27 18:55 - 00052224 _____ () C:\Users\Public\Documents\Verguetung_Strom_Photovoltaik.xls
2014-08-27 18:47 - 2014-08-27 18:47 - 00052224 _____ () C:\Users\Administrator\Documents\Verguetung_Strom_Photovoltaik.xls
2014-08-27 18:47 - 2013-06-16 14:14 - 00000000 ____D () C:\Users\Administrator\Documents\USB_Sticks
2014-08-27 05:06 - 2014-08-17 19:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-26 21:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-08-26 21:29 - 2014-07-17 02:58 - 00000288 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Administrator.job
2014-08-26 20:52 - 2013-02-25 10:10 - 00000000 ____D () C:\Temp
2014-08-24 17:28 - 2014-02-06 08:03 - 00030208 ___SH () C:\Users\wiewi_2\Desktop\Thumbs.db
2014-08-24 10:43 - 2014-01-12 16:06 - 00091648 ___SH () C:\Users\wiewi_2\Downloads\Thumbs.db
2014-08-23 09:48 - 2014-09-14 06:51 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-08-23 09:13 - 2014-09-14 06:51 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-08-23 08:10 - 2014-09-14 06:51 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-08-23 07:32 - 2014-09-14 06:51 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-08-23 06:44 - 2014-09-14 06:51 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-23 06:34 - 2014-09-14 06:51 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-08-23 06:33 - 2014-09-14 06:51 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-08-23 06:31 - 2014-09-14 06:51 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-23 06:20 - 2014-09-14 06:51 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-08-23 02:42 - 2014-08-28 18:40 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 18:10 - 2014-08-22 18:10 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-19 18:21 - 2014-08-19 18:21 - 00000000 ____D () C:\Users\wiewi_2\Documents\GUILD WARS
2014-08-17 20:13 - 2014-08-17 20:13 - 00000000 __RHD () C:\MSOCache
2014-08-17 20:06 - 2014-08-17 20:06 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-08-17 20:06 - 2013-02-25 10:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-17 20:01 - 2014-08-17 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-17 19:58 - 2013-11-04 20:11 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\VirtualStore
2014-08-17 19:55 - 2014-08-17 19:55 - 01038520 _____ (Microsoft Corporation) C:\Users\wiewi_2\Downloads\Setup.X86.de-DE_O365HomePremRetail_e70b3fb2-ae2c-4aa1-8b7a-2a158949a351_TX_DB_.exe
2014-08-17 04:31 - 2014-08-17 04:05 - 00000000 ____D () C:\Users\Administrator\Documents\GUILD WARS
2014-08-17 04:05 - 2014-08-17 04:05 - 00165248 _____ (ArenaNet) C:\Users\wiewi_2\Downloads\GwSetup.exe
2014-08-17 04:05 - 2014-08-17 04:05 - 00000000 ____D () C:\Program Files (x86)\GUILD WARS
2014-08-17 00:55 - 2014-08-17 00:55 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\Guild Wars 2
2014-08-16 16:58 - 2014-08-16 09:41 - 00000000 __SHD () C:\System Recovery
2014-08-16 16:58 - 2013-12-29 11:15 - 00000000 ____D () C:\ProgramData\softthinks
2014-08-16 09:28 - 2013-05-21 22:12 - 00000000 ____D () C:\Program Files\My Dell
2014-08-16 09:05 - 2013-06-12 08:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\PCDr
2014-08-16 08:04 - 2014-08-16 08:04 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-08-16 08:03 - 2014-08-16 08:03 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\Apps\2.0
2014-08-16 08:01 - 2014-08-16 08:01 - 00417824 _____ () C:\Users\wiewi_2\Downloads\DellSystemDetect(1).exe
2014-08-16 04:40 - 2014-09-11 06:02 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-16 04:04 - 2014-09-11 06:02 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-16 04:00 - 2014-09-11 06:02 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-16 04:00 - 2014-09-11 06:02 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-16 03:56 - 2014-09-11 06:02 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-16 03:54 - 2014-09-11 06:02 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-16 03:45 - 2014-09-11 06:02 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-16 03:43 - 2014-09-11 06:02 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-16 03:32 - 2014-09-11 06:02 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-16 03:25 - 2014-09-11 06:02 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-16 03:22 - 2014-09-11 06:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-16 03:20 - 2014-09-11 06:02 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-16 03:19 - 2014-09-11 06:02 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-16 03:18 - 2014-09-11 06:02 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-16 03:18 - 2014-09-11 06:02 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-16 03:11 - 2014-09-11 06:02 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-16 03:06 - 2014-09-11 06:02 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-16 03:05 - 2014-09-11 06:02 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-16 03:05 - 2014-09-11 06:02 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-16 03:03 - 2014-09-11 06:02 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-16 03:03 - 2014-09-11 06:02 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-16 02:58 - 2014-09-11 06:02 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 02:56 - 2014-09-11 06:02 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-16 02:53 - 2014-09-11 06:02 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-16 02:53 - 2014-09-11 06:02 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-16 02:53 - 2014-09-11 06:02 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-16 02:51 - 2014-09-11 06:02 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-16 02:45 - 2014-09-11 06:02 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-16 02:44 - 2014-09-11 06:02 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-16 02:44 - 2014-09-11 06:02 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-16 02:34 - 2014-09-11 06:02 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-16 02:20 - 2014-09-11 06:02 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-16 02:18 - 2014-09-11 06:02 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-16 02:14 - 2014-09-11 06:02 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-16 02:12 - 2014-09-11 06:02 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\wiewi_2\AppData\Local\Temp\avgnt.exe
C:\Users\wiewi_2\AppData\Local\Temp\install_flashplayer13x32au_gtba_chra_dy_aaa_aih.exe
C:\Users\wiewi_2\AppData\Local\Temp\install_flashplayer13x32_ltr5x64d_awc_aih.exe
C:\Users\wiewi_2\AppData\Local\Temp\Mediencenter_3.9.1055.64.exe
C:\Users\wiewi_2\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\wiewi_2\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

--- --- ---

additional kommt morgen, passt nicht..

cu Skygge

effizient61 · 15.09.2014, 22:26

oder Ich hänge ihn jetzt hier ran .....

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by wiewi_2 at 2014-09-15 23:10:58
Running from C:\Users\wiewi_2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
Any Video Converter 5.5.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version:  - ArcSoft)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Brother BRAdmin Light 1.23.0003 (HKLM-x32\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.23.0003 - Brother)
Brother BRAgent 1.34.0001 (HKLM-x32\...\{9390DEE7-32CF-4A2E-A47B-30270D624AA1}) (Version: 1.34.0001 - Brother)
calibre (HKLM-x32\...\{8AD7B42A-01A4-44EA-98FA-4437712168FC}) (Version: 0.9.37 - Kovid Goyal)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Conexant Polaris Unused CIR Function (HKLM\...\VID_1D19&PID_6109&MI_00) (Version: 1.0.0.0 - Conexant Systems)
CrystalDiskInfo 6.0.4 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.0.4 - Crystal Dew World)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.4 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.4 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.10.0.8 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.214 - ALPS ELECTRIC CO., LTD.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version:  - )
Easyweather Version 7.1 (HKLM-x32\...\{83C98CF2-952F-41EC-8702-D80490A59A2C}_is1) (Version: 7.1 - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
Mozilla Thunderbird 31.1.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.0 (x86 de)) (Version: 31.1.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
POIbase 1.071 (HKLM-x32\...\POIbase_is1) (Version:  - POIbase)
Protected Folder (HKLM-x32\...\Protected Folder_is1) (Version:  - IObit)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.27 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
StarMoney (x32 Version: 3.0.6.28 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0  (HKLM-x32\...\{56225BFD-5A94-41E4-A50D-2A8F9324347A}) (Version: 9.0 - Star Finanz GmbH)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
TOP Blu-ray to MP3 Converter 8.12.13 (HKLM-x32\...\TOP Blu-ray to MP3 Converter_is1) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Video Grabber (HKLM\...\VID_1D19&PID_6109&MI_01) (Version: 1.0.0.0 - Conexant Systems)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\wiewi_2\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Administrator.job => ?
Task: C:\WINDOWS\Tasks\ASC7_SkipUac_wiewi_2.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Syst4C107639:$WIMMOUNTDATA
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\Users\wiewi_2\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Amazon Cloud Player => 
MSCONFIG\startupreg: BTMTrayAgent => 
MSCONFIG\startupreg: CLVirtualDrive => 
MSCONFIG\startupreg: DellSystemDetect => 
MSCONFIG\startupreg: NextLive => 
MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files (x86)\common files\java\java update\jusched.exe
HKLM\...\StartupApproved\StartupFolder: => "honestech Audio Recorder 2.0 Deluxe Launcher.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Launcher.lnk"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "FromDocToPDF Home Page Guard 64 bit"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "FromDocToPDF Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "FromDocToPDF_65 Browser Plugin Loader"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "FILSHtray"
HKCU\...\StartupApproved\StartupFolder: => "Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk"
HKCU\...\StartupApproved\StartupFolder: => "Mediencenter.lnk"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKCU\...\StartupApproved\Run: => "Amazon Cloud Player"
HKCU\...\StartupApproved\Run: => "PC Suite Tray"
HKCU\...\StartupApproved\Run: => "NokiaSuite.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2014 11:07:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FRST64.exe, Version: 10.9.2014.0, Zeitstempel: 0x5410306f
Name des fehlerhaften Moduls: FRST64.exe, Version: 10.9.2014.0, Zeitstempel: 0x5410306f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000247c9
ID des fehlerhaften Prozesses: 0x133c
Startzeit der fehlerhaften Anwendung: 0xFRST64.exe0
Pfad der fehlerhaften Anwendung: FRST64.exe1
Pfad des fehlerhaften Moduls: FRST64.exe2
Berichtskennung: FRST64.exe3
Vollständiger Name des fehlerhaften Pakets: FRST64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FRST64.exe5

Error: (09/15/2014 05:15:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20605 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: fc0

Startzeit: 01cfd0f6ea24525b

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 14670ccb-3ceb-11e4-bec6-5cf9dd5b149d

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/15/2014 05:03:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AutoUpdate.exe, Version: 1.0.0.184, Zeitstempel: 0x5178bf2a
Name des fehlerhaften Moduls: AutoUpdate.exe, Version: 1.0.0.184, Zeitstempel: 0x5178bf2a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00054259
ID des fehlerhaften Prozesses: 0xb38
Startzeit der fehlerhaften Anwendung: 0xAutoUpdate.exe0
Pfad der fehlerhaften Anwendung: AutoUpdate.exe1
Pfad des fehlerhaften Moduls: AutoUpdate.exe2
Berichtskennung: AutoUpdate.exe3
Vollständiger Name des fehlerhaften Pakets: AutoUpdate.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AutoUpdate.exe5

Error: (09/14/2014 02:51:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DBRCrawler.exe, Version: 1.0.0.43458, Zeitstempel: 0x516ff4a7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532954fb
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000005bf8
ID des fehlerhaften Prozesses: 0x179c
Startzeit der fehlerhaften Anwendung: 0xDBRCrawler.exe0
Pfad der fehlerhaften Anwendung: DBRCrawler.exe1
Pfad des fehlerhaften Moduls: DBRCrawler.exe2
Berichtskennung: DBRCrawler.exe3
Vollständiger Name des fehlerhaften Pakets: DBRCrawler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DBRCrawler.exe5

Error: (09/14/2014 02:51:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/14/2014 02:51:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DBRCrawler.exe, Version: 1.0.0.43458, Zeitstempel: 0x516ff4a7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532954fb
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000005bf8
ID des fehlerhaften Prozesses: 0x1dbc
Startzeit der fehlerhaften Anwendung: 0xDBRCrawler.exe0
Pfad der fehlerhaften Anwendung: DBRCrawler.exe1
Pfad des fehlerhaften Moduls: DBRCrawler.exe2
Berichtskennung: DBRCrawler.exe3
Vollständiger Name des fehlerhaften Pakets: DBRCrawler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DBRCrawler.exe5

Error: (09/14/2014 02:51:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/14/2014 02:51:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DBRCrawler.exe, Version: 1.0.0.43458, Zeitstempel: 0x516ff4a7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532954fb
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000005bf8
ID des fehlerhaften Prozesses: 0x18c0
Startzeit der fehlerhaften Anwendung: 0xDBRCrawler.exe0
Pfad der fehlerhaften Anwendung: DBRCrawler.exe1
Pfad des fehlerhaften Moduls: DBRCrawler.exe2
Berichtskennung: DBRCrawler.exe3
Vollständiger Name des fehlerhaften Pakets: DBRCrawler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DBRCrawler.exe5

Error: (09/14/2014 02:51:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/14/2014 02:51:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DBRCrawler.exe, Version: 1.0.0.43458, Zeitstempel: 0x516ff4a7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532954fb
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000005bf8
ID des fehlerhaften Prozesses: 0x2138
Startzeit der fehlerhaften Anwendung: 0xDBRCrawler.exe0
Pfad der fehlerhaften Anwendung: DBRCrawler.exe1
Pfad des fehlerhaften Moduls: DBRCrawler.exe2
Berichtskennung: DBRCrawler.exe3
Vollständiger Name des fehlerhaften Pakets: DBRCrawler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DBRCrawler.exe5


System errors:
=============
Error: (09/15/2014 11:01:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (09/15/2014 11:01:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/15/2014 10:57:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (09/15/2014 10:55:34 PM) (Source: DCOM) (EventID: 10010) (User: WIEWIWOZILAPPI)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/15/2014 10:55:34 PM) (Source: DCOM) (EventID: 10010) (User: WIEWIWOZILAPPI)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/15/2014 10:50:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StartMenu8 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/15/2014 05:12:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (09/15/2014 05:12:11 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/15/2014 05:11:57 PM) (Source: DCOM) (EventID: 10010) (User: WIEWIWOZILAPPI)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (09/15/2014 05:10:25 PM) (Source: DCOM) (EventID: 10016) (User: WIEWIWOZILAPPI)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}WiewiWoziLappiwiewi_2S-1-5-21-1712287575-707860769-2332151246-1007LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (09/15/2014 11:07:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe10.9.2014.05410306fFRST64.exe10.9.2014.05410306fc000000500000000000247c9133c01cfd128e174da8cC:\Users\wiewi_2\Desktop\FRST64.exeC:\Users\wiewi_2\Desktop\FRST64.exe479831e2-3d1c-11e4-bec7-5cf9dd5b149d

Error: (09/15/2014 05:15:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20605fc001cfd0f6ea24525b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe14670ccb-3ceb-11e4-bec6-5cf9dd5b149dmicrosoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/15/2014 05:03:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoUpdate.exe1.0.0.1845178bf2aAutoUpdate.exe1.0.0.1845178bf2ac000000500054259b3801cfd0646f1022e6C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exeC:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exee3e12131-3c84-11e4-bec5-5cf9dd5b149d

Error: (09/14/2014 02:51:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DBRCrawler.exe1.0.0.43458516ff4a7KERNELBASE.dll6.3.9600.17055532954fbe04343520000000000005bf8179c01cfd01a98fa3a5eC:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exeC:\WINDOWS\system32\KERNELBASE.dlld6cf4ea7-3c0d-11e4-bec3-5cf9dd5b149d

Error: (09/14/2014 02:51:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/14/2014 02:51:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DBRCrawler.exe1.0.0.43458516ff4a7KERNELBASE.dll6.3.9600.17055532954fbe04343520000000000005bf81dbc01cfd01a96906e5aC:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exeC:\WINDOWS\system32\KERNELBASE.dlld4956038-3c0d-11e4-bec3-5cf9dd5b149d

Error: (09/14/2014 02:51:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/14/2014 02:51:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DBRCrawler.exe1.0.0.43458516ff4a7KERNELBASE.dll6.3.9600.17055532954fbe04343520000000000005bf818c001cfd01a9427361bC:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exeC:\WINDOWS\system32\KERNELBASE.dlld1f785a8-3c0d-11e4-bec3-5cf9dd5b149d

Error: (09/14/2014 02:51:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: DBRCrawler.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
   bei DBRCrawler.Program.LaunchCrawler(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/14/2014 02:51:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DBRCrawler.exe1.0.0.43458516ff4a7KERNELBASE.dll6.3.9600.17055532954fbe04343520000000000005bf8213801cfd01a9089807cC:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exeC:\WINDOWS\system32\KERNELBASE.dllce576da7-3c0d-11e4-bec3-5cf9dd5b149d


CodeIntegrity Errors:
===================================
  Date: 2014-09-15 22:57:27.451
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-15 17:09:26.064
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-14 23:39:26.424
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-14 18:49:55.632
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-14 09:10:25.984
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-14 06:28:13.970
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-13 05:17:28.640
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-12 18:43:18.133
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-12 07:08:13.402
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-12 05:54:00.369
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 20%
Total physical RAM: 8048.93 MB
Available physical RAM: 6365.79 MB
Total Pagefile: 16240.93 MB
Available Pagefile: 13956.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.01 GB) (Free:352.82 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Bootsektor · 17.09.2014, 23:44

Hallo Skygge,

was sagt denn der Dell Service?

Da ist noch was verbogen
Schritt 1
Downloade dir von Hier Repair WMI und führe das aus.

Schritt 2
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

effizient61 · 18.09.2014, 19:03

Hallo Sandra,

jepp, Dell war heute hier und hat den Lüfter ausgetauscht, der war defekt. Spielen war nahezu unmöglich. Der Rechner wurde zu heiss, und schwupp hat er sich verabschiedet.

so, nun die Log-Files

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by wiewi_2 at 2014-09-18 19:58:28
Running from C:\Users\wiewi_2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
Any Video Converter 5.5.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version:  - ArcSoft)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.55.0005 - Brother)
Brother BRAdmin Light 1.23.0003 (HKLM-x32\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.23.0003 - Brother)
Brother BRAgent 1.34.0001 (HKLM-x32\...\{9390DEE7-32CF-4A2E-A47B-30270D624AA1}) (Version: 1.34.0001 - Brother)
calibre (HKLM-x32\...\{8AD7B42A-01A4-44EA-98FA-4437712168FC}) (Version: 0.9.37 - Kovid Goyal)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Conexant Polaris Unused CIR Function (HKLM\...\VID_1D19&PID_6109&MI_00) (Version: 1.0.0.0 - Conexant Systems)
CrystalDiskInfo 6.0.4 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.0.4 - Crystal Dew World)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.4 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.4 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.10.0.8 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.214 - ALPS ELECTRIC CO., LTD.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version:  - )
Easyweather Version 7.1 (HKLM-x32\...\{83C98CF2-952F-41EC-8702-D80490A59A2C}_is1) (Version: 7.1 - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
Mozilla Thunderbird 31.1.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.0 (x86 de)) (Version: 31.1.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
POIbase 1.071 (HKLM-x32\...\POIbase_is1) (Version:  - POIbase)
Protected Folder (HKLM-x32\...\Protected Folder_is1) (Version:  - IObit)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.27 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
StarMoney (x32 Version: 3.0.6.28 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0  (HKLM-x32\...\{56225BFD-5A94-41E4-A50D-2A8F9324347A}) (Version: 9.0 - Star Finanz GmbH)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
TOP Blu-ray to MP3 Converter 8.12.13 (HKLM-x32\...\TOP Blu-ray to MP3 Converter_is1) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Video Grabber (HKLM\...\VID_1D19&PID_6109&MI_01) (Version: 1.0.0.0 - Conexant Systems)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1712287575-707860769-2332151246-1007_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\wiewi_2\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Administrator.job => ?
Task: C:\WINDOWS\Tasks\ASC7_SkipUac_wiewi_2.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Syst4C107639:$WIMMOUNTDATA
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\Users\wiewi_2\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Amazon Cloud Player => 
MSCONFIG\startupreg: BTMTrayAgent => 
MSCONFIG\startupreg: CLVirtualDrive => 
MSCONFIG\startupreg: DellSystemDetect => 
MSCONFIG\startupreg: NextLive => 
MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files (x86)\common files\java\java update\jusched.exe
HKLM\...\StartupApproved\StartupFolder: => "honestech Audio Recorder 2.0 Deluxe Launcher.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Launcher.lnk"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "FromDocToPDF Home Page Guard 64 bit"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "FromDocToPDF Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "FromDocToPDF_65 Browser Plugin Loader"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "FILSHtray"
HKCU\...\StartupApproved\StartupFolder: => "Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk"
HKCU\...\StartupApproved\StartupFolder: => "Mediencenter.lnk"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKCU\...\StartupApproved\Run: => "Amazon Cloud Player"
HKCU\...\StartupApproved\Run: => "PC Suite Tray"
HKCU\...\StartupApproved\Run: => "NokiaSuite.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2014 07:48:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (09/18/2014 07:22:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (09/18/2014 07:16:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (09/18/2014 07:10:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (09/18/2014 06:29:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (09/18/2014 06:15:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageModificationEvent" zu registrieren, deren Zielklasse "MSFT_StorageModificationEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (09/18/2014 06:15:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageDepartureEvent" zu registrieren, deren Zielklasse "MSFT_StorageDepartureEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (09/18/2014 06:15:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageArrivalEvent" zu registrieren, deren Zielklasse "MSFT_StorageArrivalEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (09/18/2014 06:15:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageAlertEvent" zu registrieren, deren Zielklasse "MSFT_StorageAlertEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (09/18/2014 06:15:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from MSFT_StorageModificationEvent" zu registrieren, deren Zielklasse "MSFT_StorageModificationEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.


System errors:
=============
Error: (09/18/2014 05:40:56 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (09/18/2014 09:18:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (09/18/2014 09:18:54 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/18/2014 09:15:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (09/18/2014 09:12:22 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 3netprofmNicht verfügbar{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (09/18/2014 09:12:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (09/18/2014 09:12:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (09/18/2014 09:12:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Netzwerklistendienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (09/18/2014 09:12:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMWebAccessControl" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%19

Error: (09/18/2014 09:10:25 AM) (Source: NetBT) (EventID: 4300) (User: )
Description: Der Treiber konnte nicht erstellt werden.


Microsoft Office Sessions:
=========================
Error: (09/18/2014 07:48:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/18/2014 07:22:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/18/2014 07:16:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/18/2014 07:10:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/18/2014 06:29:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/18/2014 06:15:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: StorageWMIselect * from MSFT_StorageModificationEventMSFT_StorageModificationEvent//./root/Microsoft/Windows/Storage

Error: (09/18/2014 06:15:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: StorageWMIselect * from MSFT_StorageDepartureEventMSFT_StorageDepartureEvent//./root/Microsoft/Windows/Storage

Error: (09/18/2014 06:15:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: StorageWMIselect * from MSFT_StorageArrivalEventMSFT_StorageArrivalEvent//./root/Microsoft/Windows/Storage

Error: (09/18/2014 06:15:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: StorageWMIselect * from MSFT_StorageAlertEventMSFT_StorageAlertEvent//./root/Microsoft/Windows/Storage

Error: (09/18/2014 06:15:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: select * from MSFT_StorageModificationEventMSFT_StorageModificationEvent//./root/Microsoft/Windows/Storage


CodeIntegrity Errors:
===================================
  Date: 2014-09-18 09:15:48.125
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-18 09:08:28.863
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-18 07:21:33.516
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-17 17:20:10.243
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-16 07:12:59.672
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-16 07:08:45.175
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-15 22:57:27.451
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-15 17:09:26.064
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-14 23:39:26.424
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-14 18:49:55.632
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 30%
Total physical RAM: 8048.93 MB
Available physical RAM: 5583.1 MB
Total Pagefile: 16240.93 MB
Available Pagefile: 13068.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.01 GB) (Free:350.7 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

effizient61 · 18.09.2014, 19:05

und Teil 1

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by wiewi_2 (ATTENTION: The logged in user is not administrator) on WIEWIWOZILAPPI on 18-09-2014 19:57:36
Running from C:\Users\wiewi_2\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Farbar) C:\Users\wiewi_2\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-06] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "c:\program files (x86)\intel\bluetooth\btmshellex.dll",trayapp
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\program files (x86)\cyberlink\power2go8\virtualdrive.exe [491120 2012-07-04] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [Amazon Cloud Player] => c:\users\wiewi_2\appdata\local\amazon cloud player\amazon music helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [PC Suite Tray] => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\Run: [DellSystemDetect] => C:\Users\wiewi_2\AppData\Local\Apps\2.0\6T098KXE.N9P\5BG4V21Z.OJC\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-09-08] (Dell)
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {4f8f8b6a-149d-11e4-beae-5cf9dd5b149d} - "F:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {4f8f8bbe-149d-11e4-beae-5cf9dd5b149d} - "F:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {57dedbe8-cd50-11e3-bea0-6036ddbd3679} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {57dedc31-cd50-11e3-bea0-6036ddbd3679} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {57dedd1e-cd50-11e3-bea0-6036ddbd3679} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-1007\...\MountPoints2: {72622507-d0a6-11e3-bea4-6036ddbd3679} - "F:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-1712287575-707860769-2332151246-500\...\Run: [DriverTurbo] => C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe [6525088 2013-04-15] ()
HKU\S-1-5-21-1712287575-707860769-2332151246-500\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-1712287575-707860769-2332151246-500\...\Run: [DellSystemDetect] => C:\Users\wiewi_2\AppData\Local\Apps\2.0\6T098KXE.N9P\5BG4V21Z.OJC\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe [263232 2014-08-16] (Dell)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\wiewi_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll No File
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll No File
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\wiewi_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKLM - {F4A7530A-1FCB-42B5-9D0A-107769777F7E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {F4A7530A-1FCB-42B5-9D0A-107769777F7E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - {F4A7530A-1FCB-42B5-9D0A-107769777F7E} URL = 
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\abs@avira.com [2014-06-11]
FF Extension: Ads Removal - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\adremoveext@adremoveext.net [2014-09-09]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\ascsurfingprotection@iobit.com [2014-09-10]
FF Extension: ImTranslator - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-02-27]
FF Extension: Gamers Unite! Snag Bar - C:\Users\wiewi_2\AppData\Roaming\Mozilla\Firefox\Profiles\htw4dn1m.default\Extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}.xpi [2014-03-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-03]
CHR Extension: (Google Drive) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-09-09]
CHR Extension: (YouTube) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-03]
CHR Extension: (Google-Suche) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-03]
CHR Extension: (Ads Removal) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-09-12]
CHR Extension: (Google Wallet) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
CHR Extension: (Google Mail) - C:\Users\wiewi_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2014-04-27] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99328 2014-08-15] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
S4 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-22] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 WBA_Agent_Client; C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe [86016 2009-01-27] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 ACDaemon; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-05-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-06] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 DxVGrb; C:\Windows\system32\drivers\DxVGrb.sys [222464 2012-01-10] (Dexetek )
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2014-04-27] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-05-16] ()
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-01-23] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3346912 2013-10-31] (Intel Corporation)
R2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [38392 2012-11-23] (IObit Information Technology)
S3 TDKLIB; No ImagePath
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 19:57 - 2014-09-18 19:58 - 00020775 _____ () C:\Users\wiewi_2\Desktop\FRST.txt
2014-09-18 19:56 - 2014-09-18 19:56 - 02105856 _____ (Farbar) C:\Users\wiewi_2\Desktop\FRST64(1).exe
2014-09-18 19:00 - 2014-09-18 19:00 - 00000000 ___HD () C:\OneDriveTemp
2014-09-18 17:48 - 2014-02-14 12:38 - 00000000 ____D () C:\Users\wiewi_2\Desktop\Tweaking.com - Repair WMI
2014-09-18 17:47 - 2014-09-18 17:47 - 01328064 _____ () C:\Users\wiewi_2\Desktop\Tweaking.com-RepairWMI.exe
2014-09-16 20:10 - 2014-09-16 20:10 - 00004608 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-16 20:05 - 2014-09-16 20:05 - 00000000 ___DC () C:\Users\Administrator\AppData\Local\MigWiz
2014-09-16 20:03 - 2014-09-16 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-16 20:03 - 2014-09-16 20:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-16 20:03 - 2014-09-16 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-16 18:41 - 2014-09-16 18:41 - 00924173 _____ () C:\Users\wiewi_2\Downloads\BrMain480.exe
2014-09-16 18:36 - 2014-09-16 18:36 - 00000000 ____D () C:\Users\wiewi_2\Desktop\NetTool
2014-09-16 18:36 - 2014-09-16 18:36 - 00000000 ____D () C:\ProgramData\Brother
2014-09-16 18:35 - 2014-09-16 18:35 - 00002228 _____ () C:\Users\Public\Desktop\BRAdmin Professional 3.lnk
2014-09-16 18:34 - 2014-09-16 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother Administrator Utilities
2014-09-16 07:06 - 2014-09-17 17:19 - 00003336 _____ () C:\WINDOWS\PFRO.log
2014-09-15 23:48 - 2014-09-15 23:48 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-09-15 23:48 - 2014-09-15 23:48 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 02779136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-15 23:48 - 2014-09-15 23:48 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-09-15 23:48 - 2014-09-15 23:48 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-09-15 23:48 - 2014-09-15 23:48 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-15 23:48 - 2014-09-15 23:48 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-15 23:10 - 2014-09-15 23:10 - 02105856 _____ (Farbar) C:\Users\wiewi_2\Downloads\FRST64.exe
2014-09-14 06:51 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-14 06:51 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-14 06:51 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-14 06:51 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-14 06:51 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-14 06:51 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-14 06:51 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-14 06:51 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-14 06:51 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-14 06:51 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-14 06:51 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-14 06:50 - 2014-07-24 17:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-14 06:50 - 2014-07-24 17:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-14 06:50 - 2014-07-24 17:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-14 06:50 - 2014-07-24 17:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-09-14 06:50 - 2014-07-24 17:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-09-14 06:50 - 2014-07-24 17:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-14 06:50 - 2014-07-24 17:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-14 06:50 - 2014-07-24 17:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-09-14 06:50 - 2014-07-24 17:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-09-14 06:50 - 2014-07-24 17:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-14 06:50 - 2014-07-24 17:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-14 06:50 - 2014-07-24 17:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-09-14 06:50 - 2014-07-24 17:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-09-14 06:50 - 2014-07-24 17:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-09-14 06:50 - 2014-07-24 17:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-09-14 06:50 - 2014-07-24 17:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-14 06:50 - 2014-07-24 17:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-14 06:50 - 2014-07-24 17:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-09-14 06:50 - 2014-07-24 17:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-14 06:50 - 2014-07-24 17:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-09-14 06:50 - 2014-07-24 17:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-09-14 06:50 - 2014-07-24 16:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-09-14 06:50 - 2014-07-24 15:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-09-14 06:50 - 2014-07-24 15:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-14 06:50 - 2014-07-24 15:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-14 06:50 - 2014-07-24 15:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-14 06:50 - 2014-07-24 15:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-09-14 06:50 - 2014-07-24 15:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-14 06:50 - 2014-07-24 15:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-09-14 06:50 - 2014-07-24 13:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-14 06:50 - 2014-07-24 13:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-14 06:50 - 2014-07-24 13:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-14 06:50 - 2014-07-24 13:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-09-14 06:50 - 2014-07-24 13:42 - 01200640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-09-14 06:50 - 2014-07-24 13:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-14 06:50 - 2014-07-24 13:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-09-14 06:50 - 2014-07-24 13:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-09-14 06:50 - 2014-07-24 13:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-09-14 06:50 - 2014-07-24 13:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-14 06:50 - 2014-07-24 12:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-09-14 06:50 - 2014-07-24 12:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-09-14 06:50 - 2014-07-24 12:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-09-14 06:50 - 2014-07-24 12:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-14 06:50 - 2014-07-24 12:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-14 06:50 - 2014-07-24 12:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-14 06:50 - 2014-07-24 12:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-14 06:50 - 2014-07-24 12:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-09-14 06:50 - 2014-07-24 12:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-14 06:50 - 2014-07-24 11:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2014-09-14 06:50 - 2014-07-24 11:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-09-14 06:50 - 2014-07-24 11:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-14 06:50 - 2014-07-24 11:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-14 06:50 - 2014-07-24 11:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-09-14 06:50 - 2014-07-24 11:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-14 06:50 - 2014-07-24 11:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-09-14 06:50 - 2014-07-24 11:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-14 06:50 - 2014-07-24 11:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-09-14 06:50 - 2014-07-24 11:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-09-14 06:50 - 2014-07-24 11:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-09-14 06:50 - 2014-07-24 11:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-09-14 06:50 - 2014-07-24 11:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-14 06:50 - 2014-07-24 11:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-14 06:50 - 2014-07-24 10:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-14 06:50 - 2014-07-24 10:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-14 06:50 - 2014-07-24 10:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-14 06:50 - 2014-07-24 10:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-09-14 06:50 - 2014-07-24 10:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-14 06:50 - 2014-07-24 10:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-14 06:50 - 2014-07-24 10:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-14 06:50 - 2014-07-24 10:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-14 06:50 - 2014-07-24 10:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-09-14 06:50 - 2014-07-24 10:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-09-14 06:50 - 2014-07-24 10:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-14 06:50 - 2014-07-24 10:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-14 06:50 - 2014-07-24 10:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-14 06:50 - 2014-07-24 10:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-14 06:50 - 2014-07-24 10:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-09-14 06:50 - 2014-07-24 10:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-09-14 06:50 - 2014-07-24 10:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-09-14 06:50 - 2014-07-24 10:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-14 06:50 - 2014-07-24 10:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-09-14 06:50 - 2014-07-24 10:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-14 06:50 - 2014-07-24 10:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-14 06:50 - 2014-07-24 10:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-14 06:50 - 2014-07-24 10:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-14 06:50 - 2014-07-24 10:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-14 06:50 - 2014-07-24 10:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-14 06:50 - 2014-07-24 10:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-14 06:50 - 2014-07-24 10:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-09-14 06:50 - 2014-07-24 09:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-09-14 06:50 - 2014-07-24 09:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-09-14 06:50 - 2014-07-24 09:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2014-09-14 06:50 - 2014-07-24 09:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-09-14 06:50 - 2014-07-24 09:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-09-14 06:50 - 2014-07-24 09:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-14 06:50 - 2014-07-24 09:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-14 06:50 - 2014-07-24 09:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-14 06:50 - 2014-07-24 09:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-14 06:50 - 2014-07-24 09:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-14 06:50 - 2014-07-24 06:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-09-14 06:50 - 2014-07-24 06:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-09-14 06:50 - 2014-07-12 07:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-09-14 06:50 - 2014-07-12 06:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-09-14 06:50 - 2014-07-12 06:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-14 06:50 - 2014-07-04 12:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-09-14 06:50 - 2014-07-04 12:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-14 06:50 - 2014-07-04 12:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-09-14 06:50 - 2014-07-04 11:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-09-14 06:50 - 2014-07-04 11:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-09-14 06:50 - 2014-06-27 08:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-14 06:50 - 2014-06-26 02:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-14 06:50 - 2014-06-20 01:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-14 06:50 - 2014-06-19 04:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-14 06:50 - 2014-06-14 08:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-09-14 06:50 - 2014-06-14 07:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-09-14 06:50 - 2014-06-05 16:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-09-14 06:50 - 2014-06-05 12:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-14 06:50 - 2014-06-05 11:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-14 06:50 - 2014-05-31 07:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-09-14 06:50 - 2014-05-31 06:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-09-14 06:50 - 2014-05-29 08:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-14 06:50 - 2014-05-29 07:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-14 06:50 - 2014-05-10 12:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-09-14 06:50 - 2014-05-10 10:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-09-14 06:50 - 2014-05-06 06:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-14 06:50 - 2014-05-06 02:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-14 06:50 - 2014-03-25 04:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-09-14 06:50 - 2014-03-25 04:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-09-14 06:50 - 2014-03-25 03:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-09-14 06:49 - 2014-07-24 17:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-09-14 06:49 - 2014-07-24 17:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-14 06:49 - 2014-07-24 17:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-14 06:49 - 2014-07-24 15:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-14 06:49 - 2014-07-24 15:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-09-14 06:49 - 2014-07-24 13:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-09-14 06:49 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-09-14 06:49 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-09-14 06:49 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-09-14 06:49 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-09-14 06:49 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-09-14 06:49 - 2014-07-24 13:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-09-14 06:49 - 2014-07-24 13:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-09-14 06:49 - 2014-07-24 13:43 - 00064000 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2014-09-14 06:49 - 2014-07-24 13:41 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2014-09-14 06:49 - 2014-07-24 13:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-14 06:49 - 2014-07-24 13:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-14 06:49 - 2014-07-24 13:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2014-09-14 06:49 - 2014-07-24 13:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-09-14 06:49 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-09-14 06:49 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-09-14 06:49 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-09-14 06:49 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-09-14 06:49 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-09-14 06:49 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-09-14 06:49 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-09-14 06:49 - 2014-07-24 12:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-14 06:49 - 2014-07-24 12:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-09-14 06:49 - 2014-07-24 12:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-09-14 06:49 - 2014-07-24 12:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-09-14 06:49 - 2014-07-24 11:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-09-14 06:49 - 2014-07-24 11:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-09-14 06:49 - 2014-07-24 11:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-09-14 06:49 - 2014-07-24 11:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-14 06:49 - 2014-07-24 11:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-14 06:49 - 2014-07-24 11:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-09-14 06:49 - 2014-07-24 11:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-09-14 06:49 - 2014-07-24 11:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-09-14 06:49 - 2014-07-24 11:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-14 06:49 - 2014-07-24 11:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-09-14 06:49 - 2014-07-24 11:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-09-14 06:49 - 2014-07-24 11:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-09-14 06:49 - 2014-07-24 10:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-09-14 06:49 - 2014-07-24 10:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-09-14 06:49 - 2014-07-24 10:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-14 06:49 - 2014-07-24 10:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-09-14 06:49 - 2014-07-24 10:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-09-14 06:49 - 2014-07-24 10:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-09-14 06:49 - 2014-07-24 10:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-09-14 06:49 - 2014-07-24 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2014-09-14 06:49 - 2014-07-24 10:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-09-14 06:49 - 2014-07-24 10:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-14 06:49 - 2014-07-24 10:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-09-14 06:49 - 2014-07-24 10:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-09-14 06:49 - 2014-07-24 10:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-09-14 06:49 - 2014-07-24 10:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-09-14 06:49 - 2014-07-24 10:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-14 06:49 - 2014-07-24 10:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-09-14 06:49 - 2014-07-24 10:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-14 06:49 - 2014-07-24 09:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-09-14 06:49 - 2014-07-24 09:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-09-14 06:49 - 2014-07-24 09:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-09-14 06:49 - 2014-07-24 09:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-09-14 06:49 - 2014-07-12 07:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-14 06:49 - 2014-07-12 06:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-14 06:49 - 2014-07-04 14:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-09-14 06:49 - 2014-07-04 12:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-14 06:49 - 2014-06-26 02:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-09-14 06:49 - 2014-06-07 14:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-14 06:49 - 2014-06-07 12:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-14 06:49 - 2014-05-29 07:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-09-14 06:49 - 2014-05-29 06:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-09-14 06:49 - 2014-05-26 09:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-09-14 06:49 - 2014-03-25 03:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-09-14 06:43 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-11 20:43 - 2014-09-11 20:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-11 20:41 - 2014-09-11 20:42 - 02347384 _____ (ESET) C:\Users\wiewi_2\Desktop\esetsmartinstaller_deu.exe
2014-09-11 19:41 - 2014-09-18 09:44 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 19:41 - 2014-09-11 19:41 - 00001172 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-11 19:41 - 2014-09-11 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-11 19:41 - 2014-09-11 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 19:41 - 2014-09-11 19:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-11 19:41 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-11 19:41 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-11 19:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-11 19:40 - 2014-09-11 19:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\wiewi_2\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-11 19:29 - 2014-09-02 22:06 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-11 19:29 - 2014-09-02 22:06 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 19:21 - 2014-09-11 23:36 - 00000000 ____D () C:\AdwCleaner
2014-09-11 19:19 - 2014-09-11 19:19 - 01370483 _____ () C:\Users\wiewi_2\Desktop\adwcleaner_3.309.exe
2014-09-11 06:03 - 2014-09-11 06:03 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-11 06:03 - 2014-09-11 06:03 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-11 06:03 - 2014-09-11 06:03 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-11 06:02 - 2014-09-11 06:02 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-11 06:02 - 2014-09-11 06:02 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-11 06:02 - 2014-09-11 06:02 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-11 06:02 - 2014-09-11 06:02 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-11 06:02 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-11 06:02 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-11 06:02 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-11 06:02 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-11 06:02 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-11 06:02 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-11 06:02 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-11 06:02 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-11 06:02 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-11 06:02 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-11 06:02 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-11 06:02 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-11 06:02 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-11 06:02 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-11 06:02 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-11 06:02 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-11 06:02 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-11 06:02 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-11 06:02 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-11 06:02 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-11 06:02 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-11 06:02 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 06:02 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-11 06:02 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-11 06:02 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-11 06:02 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-11 06:02 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-11 06:02 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-11 06:02 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-11 06:02 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-11 06:02 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-11 06:02 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-11 06:02 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-11 06:02 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-11 06:02 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-11 05:00 - 2014-09-05 04:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-11 05:00 - 2014-09-05 04:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-11 05:00 - 2014-09-05 02:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-11 05:00 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-11 04:59 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-11 04:59 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-10 23:01 - 2014-09-18 07:23 - 00002275 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-09-10 23:01 - 2014-09-15 23:52 - 00000276 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_wiewi_2.job
2014-09-10 23:01 - 2014-09-10 23:01 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\Apple Computer
2014-09-10 20:06 - 2014-09-10 20:06 - 00048681 _____ () C:\Users\wiewi_2\Desktop\TDSS100914.zip
2014-09-10 20:05 - 2014-09-10 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-10 20:05 - 2014-09-10 20:05 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-09-10 19:50 - 2014-09-10 19:50 - 01110476 _____ () C:\Users\wiewi_2\Desktop\7z920.exe
2014-09-10 19:16 - 2014-09-10 19:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\wiewi_2\Desktop\tdsskiller.exe
2014-09-10 18:57 - 2014-09-10 18:57 - 02105856 _____ (Farbar) C:\Users\wiewi_2\Desktop\FRST64.exe
2014-09-10 05:03 - 2014-09-10 05:03 - 00001203 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 21:19 - 2014-09-09 21:20 - 00050675 _____ () C:\Users\wiewi_2\Downloads\Addition.txt
2014-09-09 21:17 - 2014-09-09 21:20 - 00062083 _____ () C:\Users\wiewi_2\Downloads\FRST.txt
2014-09-09 21:16 - 2014-09-18 19:57 - 00000000 ____D () C:\FRST
2014-09-09 21:14 - 2014-09-09 21:34 - 00000476 _____ () C:\Users\wiewi_2\Downloads\defogger_disable.log
2014-09-09 21:14 - 2014-09-09 21:14 - 00000000 _____ () C:\Users\wiewi_2\defogger_reenable
2014-09-09 21:08 - 2014-09-09 21:08 - 00380416 _____ () C:\Users\wiewi_2\Desktop\Gmer-19357.exe
2014-09-09 21:06 - 2014-09-09 21:06 - 00050477 _____ () C:\Users\wiewi_2\Desktop\Defogger.exe
2014-09-09 21:03 - 2014-09-09 21:03 - 00000000 ____D () C:\Users\wiewi_2\Desktop\trojaner-board
2014-09-08 21:28 - 2014-09-08 21:28 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\PCDr
2014-09-07 23:18 - 2014-09-07 23:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Guild Wars 2
2014-09-07 19:38 - 2014-09-07 19:38 - 01769472 _____ () C:\Users\wiewi_2\Downloads\tapi_eumex800_v_1.30_98SE-Win7.exe
2014-09-07 19:37 - 2014-09-07 19:37 - 03055616 _____ () C:\Users\wiewi_2\Downloads\capi_eumex800_v_1.10_2000_xp_vista_Win7.exe
2014-09-07 19:37 - 2014-09-07 19:37 - 01597776 _____ () C:\Users\wiewi_2\Downloads\fw_Eumex800_1.21_RC01.exe
2014-09-07 19:36 - 2014-09-07 19:36 - 01564672 _____ () C:\Users\wiewi_2\Downloads\util_Eumex800_RNDIS64 Treiber_Vista_Win7_V1.02.msi
2014-09-06 07:26 - 2014-09-06 07:26 - 00243207 _____ () C:\Users\wiewi_2\Downloads\quickfilters-2.7-sm+tb.xpi
2014-09-05 05:33 - 2006-12-14 13:42 - 00069120 ____R (AVM Berlin) C:\WINDOWS\SysWOW64\avmadd32.dll
2014-09-05 05:33 - 2006-05-29 02:00 - 00016384 ____R (AVM Berlin GmbH) C:\WINDOWS\SysWOW64\avmprmon.dll
2014-09-05 03:53 - 2014-09-05 03:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
2014-09-05 03:52 - 2014-09-05 05:33 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-09-05 03:52 - 2014-09-05 05:32 - 00000000 ____D () C:\Program Files (x86)\FRITZ!BoxPrint
2014-09-03 21:53 - 2014-09-03 21:53 - 00000000 ____D () C:\Users\wiewi_2\Documents\OneNote-Notizbücher
2014-09-03 19:39 - 2014-09-03 20:10 - 216528367 _____ () C:\Users\wiewi_2\Downloads\Weih_92.wmv
2014-09-03 19:39 - 2014-09-03 19:40 - 83519842 _____ () C:\Users\wiewi_2\Downloads\bambu.zip
2014-09-03 19:35 - 2014-09-03 19:36 - 00501825 _____ () C:\Users\wiewi_2\Downloads\archive03092014_193533.zip
2014-09-03 19:23 - 2014-09-18 09:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-08-27 22:54 - 2014-08-27 22:54 - 00000000 ____D () C:\Users\wiewi_2\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-27 21:53 - 2014-08-27 21:53 - 00000000 ____D () C:\Users\Administrator\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-27 18:47 - 2014-08-27 18:47 - 00052224 _____ () C:\Users\Administrator\Documents\Verguetung_Strom_Photovoltaik.xls
2014-08-22 18:10 - 2014-08-22 18:10 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-22 18:05 - 2014-09-08 20:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-08-19 18:21 - 2014-08-19 18:21 - 00000000 ____D () C:\Users\wiewi_2\Documents\GUILD WARS

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 19:58 - 2014-09-18 19:57 - 00020775 _____ () C:\Users\wiewi_2\Desktop\FRST.txt
2014-09-18 19:57 - 2014-09-09 21:16 - 00000000 ____D () C:\FRST
2014-09-18 19:56 - 2014-09-18 19:56 - 02105856 _____ (Farbar) C:\Users\wiewi_2\Desktop\FRST64(1).exe
2014-09-18 19:29 - 2014-02-03 20:02 - 00001154 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 19:21 - 2014-02-11 06:24 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-18 19:00 - 2014-09-18 19:00 - 00000000 ___HD () C:\OneDriveTemp
2014-09-18 19:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-18 18:30 - 2013-09-30 06:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-18 18:30 - 2013-09-30 05:56 - 00752912 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-18 18:30 - 2013-09-30 05:56 - 00155886 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-18 18:00 - 2013-11-01 19:20 - 01481060 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-18 17:47 - 2014-09-18 17:47 - 01328064 _____ () C:\Users\wiewi_2\Desktop\Tweaking.com-RepairWMI.exe
2014-09-18 17:43 - 2014-06-21 18:43 - 00000000 ___DO () C:\Users\wiewi_2\OneDrive
2014-09-18 17:42 - 2014-02-03 20:02 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 09:53 - 2013-11-04 20:11 - 00000000 ____D () C:\Users\wiewi_2
2014-09-18 09:44 - 2014-09-11 19:41 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 09:44 - 2013-02-25 10:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-09-18 09:37 - 2014-09-03 19:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-18 09:21 - 2013-11-01 19:26 - 00000000 ____D () C:\Users\Administrator
2014-09-18 09:18 - 2013-02-25 10:09 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-09-18 09:14 - 2013-06-13 00:49 - 00000090 _____ () C:\WINDOWS\SysWOW64\BRAgent.dat
2014-09-18 09:13 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-18 07:23 - 2014-09-10 23:01 - 00002275 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-09-17 21:48 - 2014-02-06 08:03 - 00030208 ___SH () C:\Users\wiewi_2\Desktop\Thumbs.db
2014-09-17 21:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-17 19:30 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-09-17 17:36 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-17 17:21 - 2014-01-04 14:13 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-17 17:20 - 2013-12-28 11:13 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-09-17 17:19 - 2014-09-16 07:06 - 00003336 _____ () C:\WINDOWS\PFRO.log
2014-09-16 20:10 - 2014-09-16 20:10 - 00004608 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-16 20:09 - 2013-11-01 19:30 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-16 20:05 - 2014-09-16 20:05 - 00000000 ___DC () C:\Users\Administrator\AppData\Local\MigWiz
2014-09-16 20:03 - 2014-09-16 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-16 20:03 - 2014-09-16 20:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-16 20:03 - 2014-09-16 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-16 19:13 - 2013-11-04 20:11 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\Packages
2014-09-16 18:41 - 2014-09-16 18:41 - 00924173 _____ () C:\Users\wiewi_2\Downloads\BrMain480.exe
2014-09-16 18:36 - 2014-09-16 18:36 - 00000000 ____D () C:\Users\wiewi_2\Desktop\NetTool
2014-09-16 18:36 - 2014-09-16 18:36 - 00000000 ____D () C:\ProgramData\Brother
2014-09-16 18:35 - 2014-09-16 18:35 - 00002228 _____ () C:\Users\Public\Desktop\BRAdmin Professional 3.lnk
2014-09-16 18:34 - 2014-09-16 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother Administrator Utilities
2014-09-16 18:34 - 2013-06-12 07:50 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-09-16 18:34 - 2013-02-25 09:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-16 18:23 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-16 07:12 - 2013-08-22 16:44 - 00512000 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-16 07:07 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-16 07:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-15 23:52 - 2014-09-10 23:01 - 00000276 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_wiewi_2.job
2014-09-15 23:48 - 2014-09-15 23:48 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-09-15 23:48 - 2014-09-15 23:48 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 02779136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-15 23:48 - 2014-09-15 23:48 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-09-15 23:48 - 2014-09-15 23:48 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-09-15 23:48 - 2014-09-15 23:48 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-15 23:48 - 2014-09-15 23:48 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-15 23:48 - 2014-09-15 23:48 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-15 23:48 - 2013-09-30 06:10 - 02407936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2014-09-15 23:10 - 2014-09-15 23:10 - 02105856 _____ (Farbar) C:\Users\wiewi_2\Downloads\FRST64.exe
2014-09-15 22:42 - 2014-04-27 14:55 - 00000000 ____D () C:\Program Files (x86)\Nokia
2014-09-15 22:40 - 2013-10-04 19:33 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-15 22:39 - 2014-04-27 18:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nokia
2014-09-15 22:39 - 2014-04-27 18:52 - 00000000 ____D () C:\ProgramData\Installations
2014-09-15 22:39 - 2013-11-04 18:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\IObit
2014-09-15 22:36 - 2014-01-23 20:20 - 00165659 _____ () C:\MyXML.xml
2014-09-15 22:35 - 2013-07-31 14:56 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-09-14 14:54 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-14 14:54 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-14 14:53 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-14 14:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-14 14:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-09-14 14:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-09-14 14:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-09-14 14:53 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-14 06:26 - 2013-09-24 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-13 14:59 - 2014-02-18 19:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-13 14:59 - 2013-09-24 19:53 - 00001219 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-13 14:59 - 2013-09-24 19:53 - 00001207 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-11 23:36 - 2014-09-11 19:21 - 00000000 ____D () C:\AdwCleaner
2014-09-11 20:43 - 2014-09-11 20:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-11 20:42 - 2014-09-11 20:41 - 02347384 _____ (ESET) C:\Users\wiewi_2\Desktop\esetsmartinstaller_deu.exe
2014-09-11 19:41 - 2014-09-11 19:41 - 00001172 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-11 19:41 - 2014-09-11 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-11 19:41 - 2014-09-11 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 19:41 - 2014-09-11 19:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-11 19:40 - 2014-09-11 19:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\wiewi_2\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-11 19:25 - 2014-07-13 00:05 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-11 19:19 - 2014-09-11 19:19 - 01370483 _____ () C:\Users\wiewi_2\Desktop\adwcleaner_3.309.exe
2014-09-11 06:03 - 2014-09-11 06:03 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-11 06:03 - 2014-09-11 06:03 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-11 06:03 - 2014-09-11 06:03 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-11 06:02 - 2014-09-11 06:02 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-11 06:02 - 2014-09-11 06:02 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-11 06:02 - 2014-09-11 06:02 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-11 06:02 - 2014-09-11 06:02 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-11 06:02 - 2014-09-11 06:02 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-11 06:02 - 2013-07-15 07:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 05:56 - 2013-05-08 17:24 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-10 23:04 - 2014-05-22 21:33 - 00000000 ____D () C:\Users\wiewi_2\Downloads\html
2014-09-10 23:04 - 2013-11-07 20:15 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\IObit
2014-09-10 23:04 - 2013-10-04 19:33 - 00000000 ____D () C:\ProgramData\IObit
2014-09-10 23:01 - 2014-09-10 23:01 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\Apple Computer
2014-09-10 23:01 - 2014-01-04 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-09-10 20:06 - 2014-09-10 20:06 - 00048681 _____ () C:\Users\wiewi_2\Desktop\TDSS100914.zip
2014-09-10 20:05 - 2014-09-10 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-10 20:05 - 2014-09-10 20:05 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-09-10 19:50 - 2014-09-10 19:50 - 01110476 _____ () C:\Users\wiewi_2\Desktop\7z920.exe
2014-09-10 19:16 - 2014-09-10 19:16 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\wiewi_2\Desktop\tdsskiller.exe
2014-09-10 18:57 - 2014-09-10 18:57 - 02105856 _____ (Farbar) C:\Users\wiewi_2\Desktop\FRST64.exe
2014-09-10 05:03 - 2014-09-10 05:03 - 00001203 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 05:03 - 2013-12-25 17:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 05:03 - 2013-06-12 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-10 05:03 - 2013-06-12 08:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-09 21:34 - 2014-09-09 21:14 - 00000476 _____ () C:\Users\wiewi_2\Downloads\defogger_disable.log
2014-09-09 21:20 - 2014-09-09 21:19 - 00050675 _____ () C:\Users\wiewi_2\Downloads\Addition.txt
2014-09-09 21:20 - 2014-09-09 21:17 - 00062083 _____ () C:\Users\wiewi_2\Downloads\FRST.txt
2014-09-09 21:14 - 2014-09-09 21:14 - 00000000 _____ () C:\Users\wiewi_2\defogger_reenable
2014-09-09 21:08 - 2014-09-09 21:08 - 00380416 _____ () C:\Users\wiewi_2\Desktop\Gmer-19357.exe
2014-09-09 21:06 - 2014-09-09 21:06 - 00050477 _____ () C:\Users\wiewi_2\Desktop\Defogger.exe
2014-09-09 21:03 - 2014-09-09 21:03 - 00000000 ____D () C:\Users\wiewi_2\Desktop\trojaner-board
2014-09-08 21:28 - 2014-09-08 21:28 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\PCDr
2014-09-08 21:26 - 2014-08-16 08:03 - 00000000 ____D () C:\Users\wiewi_2\AppData\Local\Deployment
2014-09-08 20:59 - 2014-01-23 02:47 - 00000136 _____ () C:\WINDOWS\ODBC.INI
2014-09-08 20:48 - 2014-08-22 18:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-09-07 23:18 - 2014-09-07 23:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Guild Wars 2
2014-09-07 23:18 - 2013-08-29 19:52 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-09-07 19:38 - 2014-09-07 19:38 - 01769472 _____ () C:\Users\wiewi_2\Downloads\tapi_eumex800_v_1.30_98SE-Win7.exe
2014-09-07 19:37 - 2014-09-07 19:37 - 03055616 _____ () C:\Users\wiewi_2\Downloads\capi_eumex800_v_1.10_2000_xp_vista_Win7.exe
2014-09-07 19:37 - 2014-09-07 19:37 - 01597776 _____ () C:\Users\wiewi_2\Downloads\fw_Eumex800_1.21_RC01.exe
2014-09-07 19:36 - 2014-09-07 19:36 - 01564672 _____ () C:\Users\wiewi_2\Downloads\util_Eumex800_RNDIS64 Treiber_Vista_Win7_V1.02.msi
2014-09-06 07:26 - 2014-09-06 07:26 - 00243207 _____ () C:\Users\wiewi_2\Downloads\quickfilters-2.7-sm+tb.xpi
2014-09-05 05:33 - 2014-09-05 03:52 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-09-05 05:32 - 2014-09-05 03:52 - 00000000 ____D () C:\Program Files (x86)\FRITZ!BoxPrint
2014-09-05 04:36 - 2014-09-11 05:00 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-05 04:31 - 2014-09-11 05:00 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-05 03:53 - 2014-09-05 03:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
2014-09-05 02:48 - 2014-09-11 05:00 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-03 21:53 - 2014-09-03 21:53 - 00000000 ____D () C:\Users\wiewi_2\Documents\OneNote-Notizbücher
2014-09-03 20:10 - 2014-09-03 19:39 - 216528367 _____ () C:\Users\wiewi_2\Downloads\Weih_92.wmv
2014-09-03 19:40 - 2014-09-03 19:39 - 83519842 _____ () C:\Users\wiewi_2\Downloads\bambu.zip
2014-09-03 19:36 - 2014-09-03 19:35 - 00501825 _____ () C:\Users\wiewi_2\Downloads\archive03092014_193533.zip
2014-09-02 22:06 - 2014-09-11 19:29 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 22:06 - 2014-09-11 19:29 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-31 17:54 - 2013-12-15 13:34 - 00000000 ____D () C:\Users\wiewi_2\AppData\Roaming\vlc
2014-08-27 22:54 - 2014-08-27 22:54 - 00000000 ____D () C:\Users\wiewi_2\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-27 21:53 - 2014-08-27 21:53 - 00000000 ____D () C:\Users\Administrator\Documents\Benutzerdefinierte Office-Vorlagen
2014-08-27 18:47 - 2014-08-27 18:47 - 00052224 _____ () C:\Users\Administrator\Documents\Verguetung_Strom_Photovoltaik.xls
2014-08-27 18:47 - 2013-06-16 14:14 - 00000000 ____D () C:\Users\Administrator\Documents\USB_Sticks
2014-08-27 05:06 - 2014-08-17 19:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-26 21:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-08-26 21:29 - 2014-07-17 02:58 - 00000288 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Administrator.job
2014-08-26 20:52 - 2013-02-25 10:10 - 00000000 ____D () C:\Temp
2014-08-24 10:43 - 2014-01-12 16:06 - 00091648 ___SH () C:\Users\wiewi_2\Downloads\Thumbs.db
2014-08-23 09:48 - 2014-09-14 06:51 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-08-23 09:13 - 2014-09-14 06:51 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-08-23 08:10 - 2014-09-14 06:51 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-08-23 07:32 - 2014-09-14 06:51 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-08-23 06:44 - 2014-09-14 06:51 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-23 06:34 - 2014-09-14 06:51 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-08-23 06:33 - 2014-09-14 06:51 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-08-23 06:31 - 2014-09-14 06:51 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-23 06:20 - 2014-09-14 06:51 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-08-22 18:10 - 2014-08-22 18:10 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-19 18:21 - 2014-08-19 18:21 - 00000000 ____D () C:\Users\wiewi_2\Documents\GUILD WARS

Some content of TEMP:
====================
C:\Users\wiewi_2\AppData\Local\Temp\avgnt.exe
C:\Users\wiewi_2\AppData\Local\Temp\install_flashplayer13x32au_gtba_chra_dy_aaa_aih.exe
C:\Users\wiewi_2\AppData\Local\Temp\install_flashplayer13x32_ltr5x64d_awc_aih.exe
C:\Users\wiewi_2\AppData\Local\Temp\Mediencenter_3.9.1055.64.exe
C:\Users\wiewi_2\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\wiewi_2\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

--- --- ---

11.09.2014, 22:17	#8
Bootsektor Ruhe in Frieden † 2019	Win 8.1 / System sehr langsam, Trojaner Agent.csji.3 noch aktiv ?, oder andere Alles klar Bis morgen. __________________ Grüße stolzes Mitglied von UNITE Du hast Lob oder Verbesserungsvorschläge? Du findest unsere Arbeit gut und möchtest uns finanziell unterstützen? -> Spende

Win 8.1 / System sehr langsam, Trojaner Agent.csji.3 noch aktiv ?, oder andere

Log-Analyse und Auswertung: Win 8.1 / System sehr langsam, Trojaner Agent.csji.3 noch aktiv ?, oder andere