Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 14.11.2014, 00:36   #1
mayer
 
Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir - Standard

Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir



Hallo Spezialisten

auch ich hab das aktuelle Problem mit der Fehlermeldung "Das Programm wurde durch eine Gruppenrichtlinie blockiert" beim Öffnen von AntiVir.

Folgen:
Irgendwas hat den AntiVir-Systemmonitor/Echtzeit-Überwachung abgeschaltet
Eine Systemwiederherstellung funktioniert nicht
AntiVir lässt sich nicht deinstallieren, erst bei manuellem Eingriff mit AntiVirRemovatTool. Bei Neuinstallation kommt wieder die Fehlermeldung mit der Gruppenrichtlinie.

Komischerweise findet Malwarebytes nichts.
Ansonsten arbeitet das System "scheinbar" samt Internet.

Kennt Ihr das Problem schon. Bitte um Hilfe, wenn es Hinweis auf einen Befall gibt.
Herzlichen Dank für die Lösung und Lösungsansätze.

Hier das FRST File
Code:
ATTFilter
  
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013 (ATTENTION: ====> FRST version is 355 days old and could be outdated)
Ran by SYSTEM on MININT-GL18TKN on 14-11-2014 00:14:54
Running from J:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377640 2009-05-15] (Acronis)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2774936 2014-05-13] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3681688 2014-05-13] (Crawler.com)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4393112 2009-05-15] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [962640 2009-05-15] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKU\michl\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\michl\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\michl\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKU\michl\...\Run: [rfxsrvtray] - "d:\Radio Streams\Tobit Radio.fx\Client\rfx-tray.exe"
HKU\michl\...\Run: [AdobeBridge] - [x]
HKU\michl\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
Startup: C:\Users\michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Services (Whitelisted) =================

S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
S2 ClickToRunSvc; C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\OFFICECLICKTORUN.EXE [2436280 2014-09-25] (Microsoft Corporation)
S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe [71832 2008-10-02] (SiSoftware)
S2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1146304 2014-05-13] (Crawler.com)
S2 Radio.fx; d:\Radio Streams\Tobit Radio.fx\Server\rfx-server.exe [x]

==================== Drivers (Whitelisted) ====================

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-27] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-27] (Avira Operations GmbH & Co. KG)
S3 LGDDCDevice; C:\Windows\SysWow64\LGI2CDriver.sys [16384 2010-08-04] (LG Soft India)
S3 LGII2CDevice; C:\Windows\SysWow64\LGPII2CDriver.sys [19968 2011-02-11] ()
S2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-02-04] (Windows (R) Win 7 DDK provider)
S0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2012-01-18] (Acronis)
S3 SANDRA; \??\C:\PROGRAM FILES\SISOFTWARE\SISOFTWARE SANDRA LITE 2013.SP4\WNT500X64\Sandra.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-11-14 00:05 - 2014-11-14 00:05 - 00000000 ____D C:\Program Files (x86)\Avira
2014-11-14 00:05 - 2014-05-27 17:12 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2014-11-14 00:05 - 2014-05-27 17:12 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2014-11-14 00:05 - 2014-05-27 17:12 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2014-11-13 23:40 - 2014-11-13 23:40 - 00003128 _____ C:\Windows\System32\Tasks\{E6AF3107-78B1-4731-B15D-A4299307ED7E}
2014-11-13 23:01 - 2014-11-13 23:56 - 00000224 _____ C:\Windows\setupact.log
2014-11-13 23:01 - 2014-11-13 23:01 - 00000000 _____ C:\Windows\setuperr.log
2014-11-13 10:52 - 2014-11-13 10:52 - 00000000 ____D C:\Users\michl\AppData\Local\{BDA706B5-DE6A-4848-B03C-7967B67752E8}
2014-11-12 12:46 - 2014-11-12 12:46 - 00000000 __SHD C:\Users\michl\AppData\Local\EmieBrowserModeList
2014-11-12 07:54 - 2014-11-12 07:54 - 00000000 ____D C:\Users\michl\AppData\Local\{65AF3CD0-8449-4FE0-8B55-C913687DA6DD}
2014-11-12 07:51 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-11-12 07:51 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 07:51 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-12 07:51 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-12 07:51 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-11-12 07:51 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-11-12 07:51 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-12 07:51 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-11-12 07:51 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-11-12 07:51 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-12 07:51 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-12 07:51 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-11-12 07:51 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-12 07:51 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-12 07:51 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-11-12 07:51 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-11-12 07:51 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 07:51 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-12 07:51 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-12 07:51 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-12 07:51 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 07:51 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 07:51 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 07:51 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 07:51 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 07:51 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-12 07:51 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 07:51 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 07:51 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 07:51 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-11-12 07:51 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 07:51 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-12 07:51 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 07:51 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 07:51 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-12 07:51 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 07:51 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 07:51 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-12 07:51 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-11-12 07:51 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-11-12 07:51 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-12 07:51 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 07:51 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 07:51 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 07:51 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-12 07:51 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 07:51 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 07:51 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 07:51 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 07:51 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-12 07:51 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-12 07:51 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 07:51 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-11-12 07:51 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 07:51 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 07:51 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 07:51 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-11-12 07:51 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-11-12 07:51 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-11-12 07:51 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-11-12 07:51 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-11-12 07:51 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-11-12 07:51 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2014-11-12 07:51 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-11-12 07:51 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 07:51 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 07:51 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 07:51 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 07:49 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-11-12 07:49 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 07:49 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-11-12 07:49 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 07:49 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-11-12 07:49 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 07:49 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-11-12 07:49 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-11-12 07:49 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-11-12 07:49 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-11-12 07:49 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-11-12 07:49 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-11-12 07:49 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 07:49 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 07:49 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 07:49 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-11-12 07:49 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-11-12 07:49 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 07:49 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 07:49 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2014-11-12 07:49 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 07:32 - 2014-11-14 00:08 - 00005136 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for michl-PC-michl michl-PC
2014-11-11 13:24 - 2014-11-11 16:45 - 00000000 ____D C:\ProgramData\AuxpoShogu
2014-11-11 12:14 - 2014-11-11 12:14 - 00000000 ____D C:\Users\michl\AppData\Local\{4BF5035D-FF59-4C2A-8DFF-3CC85F759A14}
2014-11-11 00:13 - 2014-11-11 00:14 - 00000000 ____D C:\Users\michl\AppData\Local\{ACED976D-77D2-4482-9866-7514618110B4}
2014-11-10 19:18 - 2014-11-10 19:18 - 00010398 _____ C:\Users\michl\Downloads\test.php
2014-11-10 19:10 - 2014-11-10 19:10 - 00000792 _____ C:\Users\michl\Desktop\Nintendo Wii - Wode Jukebox Wii Optical Drive Emulator Umbau - 95,90€  Konsolenpapst.website
2014-11-10 12:13 - 2014-11-10 12:13 - 00000000 ____D C:\Users\michl\AppData\Local\{1C0D444A-D364-4691-99EE-6075F89D3888}
2014-11-10 02:19 - 2014-11-10 02:19 - 00000839 _____ C:\Users\michl\Desktop\Simon Gruber GmbH & Co. KG in Ottobrunn bei München - Servicebetrieb-Smart, Vertragshändler-Mercedes-Benz, Servicebetrieb-BMW.website
2014-11-09 15:40 - 2014-11-09 15:40 - 00000000 ____D C:\Users\michl\AppData\Local\{09DA55FE-3CE3-4A8F-B9E3-7D4394C0B724}
2014-11-09 12:21 - 2014-11-09 12:21 - 00000000 ____D C:\Windows\pss
2014-11-08 16:35 - 2014-11-08 16:35 - 00000000 ____D C:\Users\michl\AppData\Local\{E6930154-393A-4E67-AE6D-EAD6B6D54AEC}
2014-11-08 02:16 - 2014-11-08 02:17 - 00000000 ____D C:\Users\michl\AppData\Local\{D5D744A7-D761-4EEF-999B-05396D9BF666}
2014-11-07 14:16 - 2014-11-07 14:16 - 00000000 ____D C:\Users\michl\AppData\Local\{E6FAEEE0-5042-4C3A-A12E-B2153750FB66}
2014-11-06 21:58 - 2014-11-06 21:58 - 00000000 ____D C:\Users\michl\AppData\Local\{6805DB99-5809-439B-B3CB-3FCCB8CD812C}
2014-11-06 09:57 - 2014-11-06 09:57 - 00000000 ____D C:\Users\michl\AppData\Local\{0E197931-2D19-44A0-BEA7-D2A9D338F52F}
2014-11-05 18:34 - 2014-11-05 18:34 - 00000000 ____D C:\Users\michl\AppData\Local\{EAB9A8C0-84BF-47F7-9EDB-9D9F37C93CDC}
2014-11-05 17:36 - 2014-11-05 17:35 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2014-11-05 17:30 - 2014-11-14 00:05 - 00002030 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-11-05 15:45 - 2014-11-05 16:05 - 00000000 ____D C:\ProgramData\JuqweTagnu
2014-11-05 14:00 - 2014-11-05 14:00 - 00000000 ____D C:\Users\michl\AppData\Local\{8A7A5046-FBAC-4D06-9AF2-CAF05534CC0B}
2014-11-05 01:39 - 2014-11-05 01:39 - 00000000 ____D C:\Users\michl\AppData\Local\{3437DECA-00B0-4475-AD28-FCF060C98B9E}
2014-11-04 17:54 - 2014-11-04 17:54 - 00036471 _____ C:\Users\michl\Downloads\carolus_regular.zip
2014-11-04 17:53 - 2014-11-04 17:53 - 00019206 _____ C:\Users\michl\Downloads\ashleycapitalisofia_regular.zip
2014-11-04 17:51 - 2014-11-04 17:51 - 00015602 _____ C:\Users\michl\Downloads\cm_regular.zip
2014-11-04 17:50 - 2014-11-04 17:50 - 01988348 _____ C:\Users\michl\Downloads\andron_freefont_lat_regular.zip
2014-11-04 17:38 - 2014-11-04 17:38 - 00346586 _____ C:\Users\michl\Downloads\TeX-Gyre-Termes.zip
2014-11-04 17:38 - 2014-11-04 17:38 - 00225119 _____ C:\Users\michl\Downloads\merriweather.zip
2014-11-04 17:05 - 2014-11-04 17:05 - 00164184 _____ C:\Users\michl\Downloads\overlock.zip
2014-11-04 13:39 - 2014-11-04 13:39 - 00000000 ____D C:\Users\michl\AppData\Local\{9912F32B-8DFF-4472-A33F-DB9D79506BBD}
2014-11-04 01:38 - 2014-11-04 01:38 - 00000000 ____D C:\Users\michl\AppData\Local\{633C71B2-A170-4145-B539-DF23894520CA}
2014-11-03 17:27 - 2014-11-03 17:33 - 00000614 _____ C:\Users\michl\Desktop\Color Explorer • Color Matching.website
2014-11-03 10:10 - 2014-11-03 10:10 - 00000000 ____D C:\Users\michl\AppData\Local\{AA5C6295-4269-4CA2-867A-E29105EB15F3}
2014-11-02 11:56 - 2014-11-02 11:56 - 00000000 ____D C:\Users\michl\AppData\Local\{580AA057-F9C2-4C31-857D-82CE342CDB99}
2014-11-01 19:19 - 2014-11-01 19:19 - 00000000 ____D C:\Users\michl\AppData\Local\{6A3DCAA9-851A-472D-A420-2109D11ED6B8}
2014-10-31 23:05 - 2014-10-31 23:06 - 00000000 ____D C:\Users\michl\AppData\Local\{D2835F1A-BCF4-41B4-8E6F-4889DE00223A}
2014-10-31 11:02 - 2014-10-31 11:02 - 00000000 ____D C:\Users\michl\AppData\Local\{7B2CED3E-2986-4045-B1C7-6C9FE56611AD}
2014-10-30 23:01 - 2014-10-30 23:01 - 00000000 ____D C:\Users\michl\AppData\Local\{815B07E6-F22B-4675-8E57-DA571E6333CB}
2014-10-30 16:51 - 2014-10-30 16:51 - 03079920 _____ C:\Users\michl\Downloads\decoration-elements.zip
2014-10-30 11:01 - 2014-10-30 11:01 - 00000000 ____D C:\Users\michl\AppData\Local\{7D0F9411-C9D4-444C-AF5D-F62BAFA1AE20}
2014-10-29 13:10 - 2014-10-29 13:10 - 00000000 ____D C:\Users\michl\AppData\Local\{988EBDB8-3DAA-40A3-ABF1-C34F26EDD80B}
2014-10-28 23:18 - 2014-10-28 23:19 - 00000000 ____D C:\Users\michl\AppData\Local\{965A0E18-A37B-443E-9547-5B231BB2F02E}
2014-10-28 14:54 - 2014-10-28 14:54 - 00000000 ____D C:\Users\michl\AppData\Roaming\Tobit
2014-10-28 11:18 - 2014-10-28 11:18 - 00000000 ____D C:\Users\michl\AppData\Local\{9CFDC95E-E033-4AAC-8BB0-45D744D4A1BE}
2014-10-28 02:12 - 2014-10-28 02:12 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-10-27 23:17 - 2014-10-27 23:17 - 00000000 ____D C:\Users\michl\AppData\Local\{49C5C7EA-E42F-4A06-B39B-17BBACC48A71}
2014-10-27 16:49 - 2014-10-27 16:49 - 00000000 ____D C:\Windows\ERUNT
2014-10-27 16:46 - 2014-10-27 16:56 - 00000000 ____D C:\AdwCleaner
2014-10-27 16:45 - 2014-10-27 16:45 - 01706144 _____ (Thisisu) C:\Users\michl\Downloads\junkware removal tool.exe
2014-10-27 16:44 - 2014-10-27 16:44 - 01998336 _____ C:\Users\michl\Downloads\AdwCleaner_4.002.exe
2014-10-27 14:50 - 2014-10-27 14:50 - 00000000 ____D C:\FRST
2014-10-26 22:56 - 2014-10-26 22:56 - 04974864 _____ (Piriform Ltd) C:\Users\michl\Downloads\ccsetup419.exe
2014-10-26 22:51 - 2014-10-26 22:51 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-10-26 22:39 - 2014-10-26 22:39 - 00000593 _____ C:\Users\michl\Desktop\PC-Notfallklinik • Virus BOO-Cidox.B.website
2014-10-26 18:36 - 2014-07-10 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\michl\Downloads\TDSSKiller.exe
2014-10-26 18:33 - 2014-10-26 18:34 - 04161313 _____ C:\Users\michl\Downloads\tdsskiller.zip
2014-10-26 01:06 - 2014-10-26 22:52 - 00000000 ___HD C:\Users\michl\AppData\Roaming\1A828502
2014-10-24 23:39 - 2014-10-24 23:39 - 00000419 _____ C:\Users\michl\Desktop\Wie verwende ich das Avira Rescue System.website
2014-10-20 16:44 - 2014-10-20 16:44 - 00000435 _____ C:\Users\michl\Desktop\Paper Cutout Vectors, Photos and PSD files  Free Download.website
2014-10-15 22:49 - 2014-10-15 22:49 - 00319912 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2014-10-15 22:49 - 2014-10-15 22:49 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2014-10-15 22:49 - 2014-10-15 22:49 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2014-10-15 22:49 - 2014-10-15 22:49 - 00111016 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2014-10-15 22:30 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2014-10-15 22:30 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 22:30 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 22:30 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll
2014-10-15 22:30 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 22:30 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll
2014-10-15 22:28 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
2014-10-15 22:28 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 22:28 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-10-15 22:28 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2014-10-15 22:28 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2014-10-15 22:28 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2014-10-15 22:28 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2014-10-15 22:28 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 22:28 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 22:28 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 22:28 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-15 22:28 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2014-10-15 22:28 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\winsta.dll
2014-10-15 22:28 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2014-10-15 22:28 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 22:28 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2014-10-15 22:28 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2014-11-14 00:12 - 2014-02-16 13:46 - 02055842 _____ C:\Windows\WindowsUpdate.log
2014-11-14 00:08 - 2014-11-12 07:32 - 00005136 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for michl-PC-michl michl-PC
2014-11-14 00:05 - 2014-11-14 00:05 - 00000000 ____D C:\Program Files (x86)\Avira
2014-11-14 00:05 - 2014-11-05 17:30 - 00002030 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-11-14 00:04 - 2009-07-14 05:45 - 00028912 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 00:04 - 2009-07-14 05:45 - 00028912 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 00:02 - 2011-04-12 08:43 - 00717444 _____ C:\Windows\System32\perfh007.dat
2014-11-14 00:02 - 2011-04-12 08:43 - 00155004 _____ C:\Windows\System32\perfc007.dat
2014-11-14 00:02 - 2009-07-14 06:13 - 01656676 _____ C:\Windows\System32\PerfStringBackup.INI
2014-11-13 23:57 - 2014-07-23 12:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-11-13 23:56 - 2014-11-13 23:01 - 00000224 _____ C:\Windows\setupact.log
2014-11-13 23:56 - 2014-04-16 00:58 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 23:56 - 2013-02-04 02:04 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-11-13 23:56 - 2012-01-13 23:06 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-11-13 23:56 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-11-13 23:40 - 2014-11-13 23:40 - 00003128 _____ C:\Windows\System32\Tasks\{E6AF3107-78B1-4731-B15D-A4299307ED7E}
2014-11-13 23:40 - 2014-06-22 19:52 - 00000000 ____D C:\ProgramData\Avira
2014-11-13 23:40 - 2014-05-22 22:35 - 00000000 ____D C:\ProgramData\Package Cache
2014-11-13 23:34 - 2012-01-03 02:52 - 00000000 ____D C:\users\michl
2014-11-13 23:33 - 2014-08-30 00:12 - 00000000 ____D C:\Program Files (x86)\Filter Forge Freepack 2 - Photo Effects
2014-11-13 23:33 - 2014-05-22 22:36 - 00000000 ____D C:\ProgramData\Protexis64
2014-11-13 23:33 - 2014-05-06 22:48 - 00000000 ___SD C:\Windows\System32\CompatTel
2014-11-13 23:33 - 2013-02-04 02:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-11-13 23:33 - 2012-01-13 23:18 - 00000000 ____D C:\ProgramData\InstallShield
2014-11-13 23:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-11-13 23:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2014-11-13 23:33 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-11-13 23:01 - 2014-11-13 23:01 - 00000000 _____ C:\Windows\setuperr.log
2014-11-13 22:32 - 2014-04-16 00:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 22:25 - 2013-06-25 07:14 - 00000863 _____ C:\Users\michl\Desktop\Abendzeitung München.website
2014-11-13 22:20 - 2013-03-08 17:28 - 00000000 ____D C:\Users\michl\AppData\Local\CrashDumps
2014-11-13 20:29 - 2014-05-02 12:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-13 20:29 - 2014-05-02 12:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-13 18:25 - 2013-11-04 01:27 - 00000631 _____ C:\Users\michl\Desktop\LOTTO Bayern - Meine Daten.website
2014-11-13 17:29 - 2013-02-04 14:31 - 00000072 _____ C:\Users\Public\LMDebug.log
2014-11-13 11:10 - 2014-05-22 21:54 - 00000000 ____D C:\Program Files (x86)\PDF Editor 4
2014-11-13 10:52 - 2014-11-13 10:52 - 00000000 ____D C:\Users\michl\AppData\Local\{BDA706B5-DE6A-4848-B03C-7967B67752E8}
2014-11-12 12:46 - 2014-11-12 12:46 - 00000000 __SHD C:\Users\michl\AppData\Local\EmieBrowserModeList
2014-11-12 08:32 - 2009-07-14 05:45 - 07968032 _____ C:\Windows\System32\FNTCACHE.DAT
2014-11-12 08:30 - 2013-07-24 00:30 - 00000000 ____D C:\Windows\System32\MRT
2014-11-12 08:28 - 2013-02-05 19:19 - 103374192 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-11-12 07:54 - 2014-11-12 07:54 - 00000000 ____D C:\Users\michl\AppData\Local\{65AF3CD0-8449-4FE0-8B55-C913687DA6DD}
2014-11-12 00:23 - 2013-02-14 01:18 - 00454604 _____ C:\Windows\FontData.fdb
2014-11-11 16:45 - 2014-11-11 13:24 - 00000000 ____D C:\ProgramData\AuxpoShogu
2014-11-11 16:45 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2014-11-11 16:23 - 2014-08-24 17:11 - 00000559 _____ C:\Users\michl\Desktop\freisteller  clipping Magic website
2014-11-11 13:08 - 2013-04-21 16:40 - 00000274 _____ C:\Users\michl\AppData\Roaming\FotoSketcher.ini
2014-11-11 12:14 - 2014-11-11 12:14 - 00000000 ____D C:\Users\michl\AppData\Local\{4BF5035D-FF59-4C2A-8DFF-3CC85F759A14}
2014-11-11 09:44 - 2012-01-16 17:19 - 00094363 _____ C:\Users\michl\Desktop\offene2+++.txt
2014-11-11 01:18 - 2013-11-11 23:52 - 00000514 _____ C:\Users\michl\Desktop\Zattoo -webTV.website
2014-11-11 00:14 - 2014-11-11 00:13 - 00000000 ____D C:\Users\michl\AppData\Local\{ACED976D-77D2-4482-9866-7514618110B4}
2014-11-10 19:18 - 2014-11-10 19:18 - 00010398 _____ C:\Users\michl\Downloads\test.php
2014-11-10 19:10 - 2014-11-10 19:10 - 00000792 _____ C:\Users\michl\Desktop\Nintendo Wii - Wode Jukebox Wii Optical Drive Emulator Umbau - 95,90€  Konsolenpapst.website
2014-11-10 15:05 - 2014-10-04 02:27 - 00000478 _____ C:\Users\michl\Desktop\Download Facebook, Youtube Videos.website
2014-11-10 12:13 - 2014-11-10 12:13 - 00000000 ____D C:\Users\michl\AppData\Local\{1C0D444A-D364-4691-99EE-6075F89D3888}
2014-11-10 02:19 - 2014-11-10 02:19 - 00000839 _____ C:\Users\michl\Desktop\Simon Gruber GmbH & Co. KG in Ottobrunn bei München - Servicebetrieb-Smart, Vertragshändler-Mercedes-Benz, Servicebetrieb-BMW.website
2014-11-09 23:08 - 2009-07-14 03:34 - 00000448 _____ C:\Windows\win.ini
2014-11-09 15:40 - 2014-11-09 15:40 - 00000000 ____D C:\Users\michl\AppData\Local\{09DA55FE-3CE3-4A8F-B9E3-7D4394C0B724}
2014-11-09 12:21 - 2014-11-09 12:21 - 00000000 ____D C:\Windows\pss
2014-11-08 17:38 - 2012-01-18 14:12 - 00000000 ____D C:\Users\michl\AppData\Roaming\FileZilla
2014-11-08 16:35 - 2014-11-08 16:35 - 00000000 ____D C:\Users\michl\AppData\Local\{E6930154-393A-4E67-AE6D-EAD6B6D54AEC}
2014-11-08 02:17 - 2014-11-08 02:16 - 00000000 ____D C:\Users\michl\AppData\Local\{D5D744A7-D761-4EEF-999B-05396D9BF666}
2014-11-07 20:49 - 2014-11-12 07:51 - 00388272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-11-07 20:23 - 2014-11-12 07:51 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-07 14:16 - 2014-11-07 14:16 - 00000000 ____D C:\Users\michl\AppData\Local\{E6FAEEE0-5042-4C3A-A12E-B2153750FB66}
2014-11-06 21:58 - 2014-11-06 21:58 - 00000000 ____D C:\Users\michl\AppData\Local\{6805DB99-5809-439B-B3CB-3FCCB8CD812C}
2014-11-06 09:57 - 2014-11-06 09:57 - 00000000 ____D C:\Users\michl\AppData\Local\{0E197931-2D19-44A0-BEA7-D2A9D338F52F}
2014-11-06 05:04 - 2014-11-12 07:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-06 05:03 - 2014-11-12 07:51 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-06 05:03 - 2014-11-12 07:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 04:47 - 2014-11-12 07:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-11-06 04:46 - 2014-11-12 07:51 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-06 04:46 - 2014-11-12 07:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-11-06 04:44 - 2014-11-12 07:51 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-11-06 04:43 - 2014-11-12 07:51 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-06 04:36 - 2014-11-12 07:51 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-06 04:35 - 2014-11-12 07:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-11-06 04:31 - 2014-11-12 07:51 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-06 04:30 - 2014-11-12 07:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-06 04:30 - 2014-11-12 07:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-11-06 04:29 - 2014-11-12 07:51 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-11-06 04:28 - 2014-11-12 07:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-06 04:23 - 2014-11-12 07:51 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-06 04:20 - 2014-11-12 07:51 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 04:16 - 2014-11-12 07:51 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-06 04:13 - 2014-11-12 07:51 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-06 04:13 - 2014-11-12 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-06 04:12 - 2014-11-12 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-06 04:10 - 2014-11-12 07:51 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-06 04:10 - 2014-11-12 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-06 04:07 - 2014-11-12 07:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 04:05 - 2014-11-12 07:51 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-06 04:04 - 2014-11-12 07:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-06 04:03 - 2014-11-12 07:51 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-06 04:02 - 2014-11-12 07:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-11-06 04:00 - 2014-11-12 07:51 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-06 04:00 - 2014-11-12 07:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-06 03:59 - 2014-11-12 07:51 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-06 03:58 - 2014-11-12 07:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-06 03:57 - 2014-11-12 07:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-06 03:48 - 2014-11-12 07:51 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-06 03:42 - 2014-11-12 07:51 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-06 03:41 - 2014-11-12 07:51 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-06 03:41 - 2014-11-12 07:51 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-11-06 03:39 - 2014-11-12 07:51 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-11-06 03:38 - 2014-11-12 07:51 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-06 03:37 - 2014-11-12 07:51 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-06 03:36 - 2014-11-12 07:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-06 03:34 - 2014-11-12 07:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-06 03:30 - 2014-11-12 07:51 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-06 03:22 - 2014-11-12 07:51 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-06 03:21 - 2014-11-12 07:51 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-06 03:21 - 2014-11-12 07:51 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-06 03:20 - 2014-11-12 07:51 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-06 03:17 - 2014-11-12 07:51 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-06 03:04 - 2014-11-12 07:51 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-06 03:03 - 2014-11-12 07:51 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-06 02:53 - 2014-11-12 07:51 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-11-06 02:52 - 2014-11-12 07:51 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-06 02:48 - 2014-11-12 07:51 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-06 02:47 - 2014-11-12 07:51 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-05 18:56 - 2014-11-12 07:51 - 00304640 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-11-05 18:56 - 2014-11-12 07:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-11-05 18:52 - 2014-11-12 07:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-11-05 18:34 - 2014-11-05 18:34 - 00000000 ____D C:\Users\michl\AppData\Local\{EAB9A8C0-84BF-47F7-9EDB-9D9F37C93CDC}
2014-11-05 18:26 - 2012-01-03 03:14 - 00828784 _____ C:\Users\michl\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-05 17:35 - 2014-11-05 17:36 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2014-11-05 17:28 - 2012-01-16 13:39 - 00000000 ____D C:\Users\michl\Desktop\programme 2
2014-11-05 16:58 - 2012-01-18 15:55 - 00000000 ____D C:\Users\michl\AppData\Roaming\vlc
2014-11-05 16:05 - 2014-11-05 15:45 - 00000000 ____D C:\ProgramData\JuqweTagnu
2014-11-05 14:00 - 2014-11-05 14:00 - 00000000 ____D C:\Users\michl\AppData\Local\{8A7A5046-FBAC-4D06-9AF2-CAF05534CC0B}
2014-11-05 01:39 - 2014-11-05 01:39 - 00000000 ____D C:\Users\michl\AppData\Local\{3437DECA-00B0-4475-AD28-FCF060C98B9E}
2014-11-04 17:54 - 2014-11-04 17:54 - 00036471 _____ C:\Users\michl\Downloads\carolus_regular.zip
2014-11-04 17:53 - 2014-11-04 17:53 - 00019206 _____ C:\Users\michl\Downloads\ashleycapitalisofia_regular.zip
2014-11-04 17:51 - 2014-11-04 17:51 - 00015602 _____ C:\Users\michl\Downloads\cm_regular.zip
2014-11-04 17:50 - 2014-11-04 17:50 - 01988348 _____ C:\Users\michl\Downloads\andron_freefont_lat_regular.zip
2014-11-04 17:38 - 2014-11-04 17:38 - 00346586 _____ C:\Users\michl\Downloads\TeX-Gyre-Termes.zip
2014-11-04 17:38 - 2014-11-04 17:38 - 00225119 _____ C:\Users\michl\Downloads\merriweather.zip
2014-11-04 17:05 - 2014-11-04 17:05 - 00164184 _____ C:\Users\michl\Downloads\overlock.zip
2014-11-04 13:39 - 2014-11-04 13:39 - 00000000 ____D C:\Users\michl\AppData\Local\{9912F32B-8DFF-4472-A33F-DB9D79506BBD}
2014-11-04 01:38 - 2014-11-04 01:38 - 00000000 ____D C:\Users\michl\AppData\Local\{633C71B2-A170-4145-B539-DF23894520CA}
2014-11-04 00:13 - 2014-05-22 22:46 - 00000000 ____D C:\Users\michl\Documents\Meine Paletten
2014-11-03 17:33 - 2014-11-03 17:27 - 00000614 _____ C:\Users\michl\Desktop\Color Explorer • Color Matching.website
2014-11-03 10:10 - 2014-11-03 10:10 - 00000000 ____D C:\Users\michl\AppData\Local\{AA5C6295-4269-4CA2-867A-E29105EB15F3}
2014-11-02 11:56 - 2014-11-02 11:56 - 00000000 ____D C:\Users\michl\AppData\Local\{580AA057-F9C2-4C31-857D-82CE342CDB99}
2014-11-01 19:19 - 2014-11-01 19:19 - 00000000 ____D C:\Users\michl\AppData\Local\{6A3DCAA9-851A-472D-A420-2109D11ED6B8}
2014-10-31 23:06 - 2014-10-31 23:05 - 00000000 ____D C:\Users\michl\AppData\Local\{D2835F1A-BCF4-41B4-8E6F-4889DE00223A}
2014-10-31 11:02 - 2014-10-31 11:02 - 00000000 ____D C:\Users\michl\AppData\Local\{7B2CED3E-2986-4045-B1C7-6C9FE56611AD}
2014-10-30 23:01 - 2014-10-30 23:01 - 00000000 ____D C:\Users\michl\AppData\Local\{815B07E6-F22B-4675-8E57-DA571E6333CB}
2014-10-30 16:51 - 2014-10-30 16:51 - 03079920 _____ C:\Users\michl\Downloads\decoration-elements.zip
2014-10-30 11:01 - 2014-10-30 11:01 - 00000000 ____D C:\Users\michl\AppData\Local\{7D0F9411-C9D4-444C-AF5D-F62BAFA1AE20}
2014-10-29 13:10 - 2014-10-29 13:10 - 00000000 ____D C:\Users\michl\AppData\Local\{988EBDB8-3DAA-40A3-ABF1-C34F26EDD80B}
2014-10-28 23:19 - 2014-10-28 23:18 - 00000000 ____D C:\Users\michl\AppData\Local\{965A0E18-A37B-443E-9547-5B231BB2F02E}
2014-10-28 21:40 - 2013-02-07 14:08 - 00008674 _____ C:\Users\michl\Desktop\bayern fußball2.txt
2014-10-28 14:54 - 2014-10-28 14:54 - 00000000 ____D C:\Users\michl\AppData\Roaming\Tobit
2014-10-28 11:18 - 2014-10-28 11:18 - 00000000 ____D C:\Users\michl\AppData\Local\{9CFDC95E-E033-4AAC-8BB0-45D744D4A1BE}
2014-10-28 02:12 - 2014-10-28 02:12 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-10-27 23:17 - 2014-10-27 23:17 - 00000000 ____D C:\Users\michl\AppData\Local\{49C5C7EA-E42F-4A06-B39B-17BBACC48A71}
2014-10-27 16:56 - 2014-10-27 16:46 - 00000000 ____D C:\AdwCleaner
2014-10-27 16:49 - 2014-10-27 16:49 - 00000000 ____D C:\Windows\ERUNT
2014-10-27 16:45 - 2014-10-27 16:45 - 01706144 _____ (Thisisu) C:\Users\michl\Downloads\junkware removal tool.exe
2014-10-27 16:44 - 2014-10-27 16:44 - 01998336 _____ C:\Users\michl\Downloads\AdwCleaner_4.002.exe
2014-10-27 16:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\security
2014-10-27 16:04 - 2012-01-13 22:59 - 00000000 ____D C:\Users\michl\Documents\Bluetooth Folder
2014-10-27 14:50 - 2014-10-27 14:50 - 00000000 ____D C:\FRST
2014-10-26 22:56 - 2014-10-26 22:56 - 04974864 _____ (Piriform Ltd) C:\Users\michl\Downloads\ccsetup419.exe
2014-10-26 22:56 - 2013-02-04 01:55 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-10-26 22:56 - 2013-02-04 01:55 - 00000000 ____D C:\Program Files\CCleaner
2014-10-26 22:52 - 2014-10-26 01:06 - 00000000 ___HD C:\Users\michl\AppData\Roaming\1A828502
2014-10-26 22:51 - 2014-10-26 22:51 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-10-26 22:39 - 2014-10-26 22:39 - 00000593 _____ C:\Users\michl\Desktop\PC-Notfallklinik • Virus BOO-Cidox.B.website
2014-10-26 18:34 - 2014-10-26 18:33 - 04161313 _____ C:\Users\michl\Downloads\tdsskiller.zip
2014-10-25 02:57 - 2014-11-12 07:49 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-10-25 02:32 - 2014-11-12 07:49 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-24 23:39 - 2014-10-24 23:39 - 00000419 _____ C:\Users\michl\Desktop\Wie verwende ich das Avira Rescue System.website
2014-10-24 23:35 - 2013-05-16 22:37 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-10-24 23:28 - 2014-07-23 12:05 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-24 23:28 - 2013-02-04 02:01 - 00001066 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-24 23:15 - 2013-06-17 06:57 - 00000000 ____D C:\Users\Public\Documents\NetObjects Fusion 12.0
2014-10-24 00:49 - 2013-02-07 14:09 - 00000493 _____ C:\Users\michl\Desktop\Wortschatz.website
2014-10-22 18:01 - 2013-05-22 23:24 - 00000000 ____D C:\Users\michl\Documents\Benutzerdefinierte Office-Vorlagen
2014-10-21 16:59 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-21 16:59 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU(20).TXT
2014-10-20 16:44 - 2014-10-20 16:44 - 00000435 _____ C:\Users\michl\Desktop\Paper Cutout Vectors, Photos and PSD files  Free Download.website
2014-10-19 21:27 - 2014-04-16 00:58 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 21:27 - 2014-04-16 00:58 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 03:05 - 2014-11-12 07:49 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-10-18 02:33 - 2014-11-12 07:49 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-10-15 22:52 - 2013-10-22 01:07 - 00000000 ____D C:\ProgramData\Oracle
2014-10-15 22:51 - 2014-08-26 12:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 22:51 - 2013-07-03 09:18 - 00000000 ____D C:\Program Files (x86)\Java
2014-10-15 22:49 - 2014-10-15 22:49 - 00319912 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2014-10-15 22:49 - 2014-10-15 22:49 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2014-10-15 22:49 - 2014-10-15 22:49 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2014-10-15 22:49 - 2014-10-15 22:49 - 00111016 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2014-10-15 22:49 - 2012-01-18 17:17 - 00000000 ____D C:\Program Files\Java

Files to move or delete:
====================
C:\Users\michl\AppData\Roaming\Camdata.ini
C:\Users\michl\AppData\Roaming\CamLayout.ini
C:\Users\michl\AppData\Roaming\CamShapes.ini
C:\ProgramData\eqqol.pad
C:\ProgramData\rjoof.pad


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-10-15 22:28] - [2014-07-17 03:07] - 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

2
Restore point made on: 2014-11-12 08:28:22
Restore point made on: 2014-11-13 23:14:26

==================== Memory info =========================== 

Percentage of memory in use: 7%
Total physical RAM: 16360.76 MB
Available physical RAM: 15160.45 MB
Total Pagefile: 16358.96 MB
Available Pagefile: 15160.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:10.73 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Volume) (Fixed) (Total:69.14 GB) (Free:0.62 GB) NTFS
Drive f: (Geschäft) (Fixed) (Total:298.83 GB) (Free:24.92 GB) NTFS
Drive g: (sicherung) (Fixed) (Total:97.66 GB) (Free:16.15 GB) NTFS
Drive j: () (Removable) (Total:7.46 GB) (Free:7.46 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Bilder) (Fixed) (Total:465.88 GB) (Free:14.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: B0400252)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=299 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=69 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 25836908)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2014-11-10 13:17

==================== End Of Log ============================
         

Alt 14.11.2014, 06:56   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir - Standard

Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir



Hi,

FRST bitte vom Desktop aus scannen lassen im normalen Modus, Haken bei Addition nicht vergessen und beide Logs psoten.
__________________

__________________

Alt 14.11.2014, 17:17   #3
mayer
 
Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir - Standard

Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir



Hallo

FRST64 vom Desktop aus über die Eingabeaufforderung läuft nicht. Das Tool startet und bricht dann schnell ab mit der Fehlermeldung: "Line 10220: Variable udes without being declared".

Habe gerade Malwarebytes, JRT und AdwCleaner laufen lassen. Keine bzw. nur kleine Funde.
Problem besteht weiter.
AntiVir lässt sich aufgrund einer Gruppenrichtlinie nicht starten.

Grüße
mayer

Grüß Euch

die von mir beschriebene Fehlermeldung beim Starten von FRST64 wird von der neuesten Version von FRST ausgelöst. Jetzt habe ich die alte Version von 2013 genommen und die funktioniert.

Hier die FRST.txt und Addition.txt wie gewünscht:

FRST.txt


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013 (ATTENTION: ====> FRST version is 355 days old and could be outdated)
Ran by michl (administrator) on MICHL-PC on 14-11-2014 14:41:02
Running from I:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() D:\radio streams\Tobit Radio.fx\Server\rfx-server.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Tobit.Software) D:\radio streams\Tobit Radio.fx\Client\rfx-tray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(LG Electronics) C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe
(TODO: <Company name>) C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\SmartHookTestApp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377640 2009-05-15] (Acronis)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2774936 2014-05-13] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3681688 2014-05-13] (Crawler.com)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKCU\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKCU\...\Run: [rfxsrvtray] - D:\radio streams\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
MountPoints2: E - E:\setup.exe /AUTORUN
MountPoints2: {73b8dbca-35ab-11e1-b6f0-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4393112 2009-05-15] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [962640 2009-05-15] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Startup: C:\Users\michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB9D8949E4DD2CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\abs@avira.com
FF Extension: Snap.Do  - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{444cfd05-5764-4bc4-8e89-417723e7621f}
FF Extension: DownloadHelper - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Flash and Video Download - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: printpdf - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\printpdf@pavlov.net.xpi
FF Extension: dta - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

Chrome: 
=======
CHR RestoreOnStartup: "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=6ccabd6900000000000000268336eea6"
CHR DefaultSearchURL: (Search the web (Softonic)) - hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=6ccabd6900000000000000268336eea6
CHR DefaultSuggestURL: (Search the web (Softonic)) -         "suggest_url": ""

==================== Services (Whitelisted) =================

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
R2 ClickToRunSvc; C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\OFFICECLICKTORUN.EXE [2436280 2014-09-25] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Radio.fx; d:\Radio Streams\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe [71832 2008-10-02] (SiSoftware)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1146304 2014-05-13] (Crawler.com)

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare)
S3 LGDDCDevice; C:\Windows\SysWow64\LGI2CDriver.sys [16384 2010-08-04] (LG Soft India)
S3 LGII2CDevice; C:\Windows\SysWow64\LGPII2CDriver.sys [19968 2011-02-11] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-02-04] (Windows (R) Win 7 DDK provider)
R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2012-01-18] (Acronis)
S3 SANDRA; \??\C:\PROGRAM FILES\SISOFTWARE\SISOFTWARE SANDRA LITE 2013.SP4\WNT500X64\Sandra.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-11-14 14:28 - 2014-11-14 14:28 - 00000342 _____ C:\Windows\PFRO.log
2014-11-14 14:28 - 2014-11-14 14:28 - 00000056 _____ C:\Windows\setupact.log
2014-11-14 14:28 - 2014-11-14 14:28 - 00000000 ___RD C:\Users\michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-14 14:28 - 2014-11-14 14:28 - 00000000 _____ C:\Windows\setuperr.log
2014-11-14 11:14 - 2014-11-14 11:14 - 00000000 ____D C:\Users\michl\AppData\Local\{E14DEA36-CEE0-49ED-875E-91DB9E342F36}
2014-11-14 09:55 - 2014-11-14 09:55 - 00003489 _____ C:\Users\michl\Desktop\JRT.txt
2014-11-13 23:40 - 2014-11-13 23:40 - 00003128 _____ C:\Windows\System32\Tasks\{E6AF3107-78B1-4731-B15D-A4299307ED7E}
2014-11-12 12:46 - 2014-11-12 12:46 - 00000000 __SHD C:\Users\michl\AppData\Local\EmieBrowserModeList
2014-11-12 07:51 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 07:51 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 07:51 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 07:51 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 07:51 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 07:51 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 07:51 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 07:51 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 07:51 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 07:51 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 07:51 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 07:51 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 07:51 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 07:51 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 07:51 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 07:51 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 07:51 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 07:51 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 07:51 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 07:51 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 07:51 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 07:51 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 07:51 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 07:51 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 07:51 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 07:51 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 07:51 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 07:51 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 07:51 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 07:51 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 07:51 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 07:51 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 07:51 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 07:51 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 07:51 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 07:51 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 07:51 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 07:51 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 07:51 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 07:51 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 07:51 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 07:51 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 07:51 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 07:51 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 07:51 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 07:51 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 07:51 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 07:51 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 07:51 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 07:51 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 07:51 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 07:51 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 07:51 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 07:51 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 07:51 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 07:51 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 07:51 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 07:51 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 07:51 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 07:51 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 07:51 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 07:51 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 07:51 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 07:51 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 07:51 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 07:51 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 07:51 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 07:51 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 07:49 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 07:49 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 07:49 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 07:49 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 07:49 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 07:49 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 07:49 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 07:49 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 07:49 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 07:49 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 07:49 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 07:49 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 07:49 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 07:49 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 07:49 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 07:49 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 07:49 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 07:49 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 07:49 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 07:49 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 07:49 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 07:32 - 2014-11-14 14:30 - 00005136 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for michl-PC-michl michl-PC
2014-11-11 13:24 - 2014-11-11 16:45 - 00000000 ____D C:\ProgramData\AuxpoShogu
2014-11-10 19:18 - 2014-11-10 19:18 - 00010398 _____ C:\Users\michl\Downloads\test.php
2014-11-10 19:10 - 2014-11-10 19:10 - 00000792 _____ C:\Users\michl\Desktop\Nintendo Wii - Wode Jukebox Wii Optical Drive Emulator Umbau - 95,90€  Konsolenpapst.website
2014-11-10 02:19 - 2014-11-10 02:19 - 00000839 _____ C:\Users\michl\Desktop\Simon Gruber GmbH & Co. KG in Ottobrunn bei München - Servicebetrieb-Smart, Vertragshändler-Mercedes-Benz, Servicebetrieb-BMW.website
2014-11-09 12:21 - 2014-11-09 12:21 - 00000000 ____D C:\Windows\pss
2014-11-05 15:45 - 2014-11-05 16:05 - 00000000 ____D C:\ProgramData\JuqweTagnu
2014-11-04 17:54 - 2014-11-04 17:54 - 00036471 _____ C:\Users\michl\Downloads\carolus_regular.zip
2014-11-04 17:53 - 2014-11-04 17:53 - 00019206 _____ C:\Users\michl\Downloads\ashleycapitalisofia_regular.zip
2014-11-04 17:51 - 2014-11-04 17:51 - 00015602 _____ C:\Users\michl\Downloads\cm_regular.zip
2014-11-04 17:50 - 2014-11-04 17:50 - 01988348 _____ C:\Users\michl\Downloads\andron_freefont_lat_regular.zip
2014-11-04 17:38 - 2014-11-04 17:38 - 00346586 _____ C:\Users\michl\Downloads\TeX-Gyre-Termes.zip
2014-11-04 17:38 - 2014-11-04 17:38 - 00225119 _____ C:\Users\michl\Downloads\merriweather.zip
2014-11-04 17:05 - 2014-11-04 17:05 - 00164184 _____ C:\Users\michl\Downloads\overlock.zip
2014-11-03 17:27 - 2014-11-03 17:33 - 00000614 _____ C:\Users\michl\Desktop\Color Explorer • Color Matching.website
2014-10-30 16:51 - 2014-10-30 16:51 - 03079920 _____ C:\Users\michl\Downloads\decoration-elements.zip
2014-10-28 02:12 - 2014-10-28 02:12 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-10-27 16:49 - 2014-10-27 16:49 - 00000000 ____D C:\Windows\ERUNT
2014-10-27 16:46 - 2014-11-14 09:51 - 00000000 ____D C:\AdwCleaner
2014-10-27 16:45 - 2014-10-27 16:45 - 01706144 _____ (Thisisu) C:\Users\michl\Downloads\junkware removal tool.exe
2014-10-27 16:44 - 2014-10-27 16:44 - 01998336 _____ C:\Users\michl\Downloads\AdwCleaner_4.002.exe
2014-10-27 14:50 - 2014-11-14 14:38 - 00000000 ____D C:\FRST
2014-10-26 22:56 - 2014-10-26 22:56 - 04974864 _____ (Piriform Ltd) C:\Users\michl\Downloads\ccsetup419.exe
2014-10-26 22:51 - 2014-10-26 22:51 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-10-26 22:39 - 2014-10-26 22:39 - 00000593 _____ C:\Users\michl\Desktop\PC-Notfallklinik • Virus BOO-Cidox.B.website
2014-10-26 18:36 - 2014-07-10 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\michl\Downloads\TDSSKiller.exe
2014-10-26 18:33 - 2014-10-26 18:34 - 04161313 _____ C:\Users\michl\Downloads\tdsskiller.zip
2014-10-26 01:06 - 2014-10-26 22:52 - 00000000 ___HD C:\Users\michl\AppData\Roaming\1A828502
2014-10-24 23:39 - 2014-10-24 23:39 - 00000419 _____ C:\Users\michl\Desktop\Wie verwende ich das Avira Rescue System.website
2014-10-20 16:44 - 2014-10-20 16:44 - 00000435 _____ C:\Users\michl\Desktop\Paper Cutout Vectors, Photos and PSD files  Free Download.website
2014-10-15 22:49 - 2014-10-15 22:49 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-15 22:49 - 2014-10-15 22:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-15 22:49 - 2014-10-15 22:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-15 22:49 - 2014-10-15 22:49 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-15 22:30 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 22:30 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 22:30 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 22:30 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 22:30 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 22:30 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 22:28 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 22:28 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 22:28 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 22:28 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 22:28 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 22:28 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-15 22:28 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 22:28 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 22:28 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 22:28 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 22:28 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-15 22:28 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 22:28 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 22:28 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 22:28 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 22:28 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 22:28 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2014-11-14 14:38 - 2014-10-27 14:50 - 00000000 ____D C:\FRST
2014-11-14 14:35 - 2009-07-14 05:45 - 00028912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 14:35 - 2009-07-14 05:45 - 00028912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 14:34 - 2011-04-12 08:43 - 00717444 _____ C:\Windows\system32\perfh007.dat
2014-11-14 14:34 - 2011-04-12 08:43 - 00155004 _____ C:\Windows\system32\perfc007.dat
2014-11-14 14:34 - 2009-07-14 06:13 - 01656676 _____ C:\Windows\system32\PerfStringBackup.INI
2014-11-14 14:32 - 2014-04-16 00:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 14:31 - 2014-02-16 13:46 - 01050998 _____ C:\Windows\WindowsUpdate.log
2014-11-14 14:30 - 2014-11-12 07:32 - 00005136 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for michl-PC-michl michl-PC
2014-11-14 14:28 - 2014-11-14 14:28 - 00000342 _____ C:\Windows\PFRO.log
2014-11-14 14:28 - 2014-11-14 14:28 - 00000056 _____ C:\Windows\setupact.log
2014-11-14 14:28 - 2014-11-14 14:28 - 00000000 ___RD C:\Users\michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-14 14:28 - 2014-11-14 14:28 - 00000000 _____ C:\Windows\setuperr.log
2014-11-14 14:28 - 2014-04-16 00:58 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 14:28 - 2013-02-04 02:04 - 00000000 ____D C:\ProgramData\Spyware Terminator
2014-11-14 14:28 - 2012-01-13 23:06 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-11-14 14:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-11-14 14:21 - 2014-07-23 12:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-14 11:14 - 2014-11-14 11:14 - 00000000 ____D C:\Users\michl\AppData\Local\{E14DEA36-CEE0-49ED-875E-91DB9E342F36}
2014-11-14 09:55 - 2014-11-14 09:55 - 00003489 _____ C:\Users\michl\Desktop\JRT.txt
2014-11-14 09:51 - 2014-10-27 16:46 - 00000000 ____D C:\AdwCleaner
2014-11-13 23:40 - 2014-11-13 23:40 - 00003128 _____ C:\Windows\System32\Tasks\{E6AF3107-78B1-4731-B15D-A4299307ED7E}
2014-11-13 23:40 - 2014-05-22 22:35 - 00000000 ____D C:\ProgramData\Package Cache
2014-11-13 23:34 - 2012-01-03 02:52 - 00000000 ____D C:\Users\michl
2014-11-13 23:33 - 2014-08-30 00:12 - 00000000 ____D C:\Program Files (x86)\Filter Forge Freepack 2 - Photo Effects
2014-11-13 23:33 - 2014-05-22 22:36 - 00000000 ____D C:\ProgramData\Protexis64
2014-11-13 23:33 - 2014-05-06 22:48 - 00000000 ___SD C:\Windows\system32\CompatTel
2014-11-13 23:33 - 2013-02-04 02:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-11-13 23:33 - 2012-01-13 23:18 - 00000000 ____D C:\ProgramData\InstallShield
2014-11-13 23:33 - 2012-01-03 02:52 - 00000000 ___RD C:\Users\michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-11-13 23:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-11-13 23:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2014-11-13 23:33 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-11-13 22:25 - 2013-06-25 07:14 - 00000863 _____ C:\Users\michl\Desktop\Abendzeitung München.website
2014-11-13 22:20 - 2013-03-08 17:28 - 00000000 ____D C:\Users\michl\AppData\Local\CrashDumps
2014-11-13 20:29 - 2014-05-02 12:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-13 20:29 - 2014-05-02 12:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-13 18:25 - 2013-11-04 01:27 - 00000631 _____ C:\Users\michl\Desktop\LOTTO Bayern - Meine Daten.website
2014-11-13 17:29 - 2013-02-04 14:31 - 00000072 _____ C:\Users\Public\LMDebug.log
2014-11-13 11:10 - 2014-05-22 21:54 - 00000000 ____D C:\Program Files (x86)\PDF Editor 4
2014-11-12 12:46 - 2014-11-12 12:46 - 00000000 __SHD C:\Users\michl\AppData\Local\EmieBrowserModeList
2014-11-12 08:32 - 2009-07-14 05:45 - 07968032 _____ C:\Windows\system32\FNTCACHE.DAT
2014-11-12 08:30 - 2013-07-24 00:30 - 00000000 ____D C:\Windows\system32\MRT
2014-11-12 08:28 - 2013-02-05 19:19 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 00:23 - 2013-02-14 01:18 - 00454604 _____ C:\Windows\FontData.fdb
2014-11-11 16:45 - 2014-11-11 13:24 - 00000000 ____D C:\ProgramData\AuxpoShogu
2014-11-11 16:45 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2014-11-11 16:23 - 2014-08-24 17:11 - 00000559 _____ C:\Users\michl\Desktop\freisteller  clipping Magic .website
2014-11-11 13:08 - 2013-04-21 16:40 - 00000274 _____ C:\Users\michl\AppData\Roaming\FotoSketcher.ini
2014-11-11 09:44 - 2012-01-16 17:19 - 00094363 _____ C:\Users\michl\Desktop\offene2+++.txt
2014-11-11 01:18 - 2013-11-11 23:52 - 00000514 _____ C:\Users\michl\Desktop\Zattoo -webTV.website
2014-11-10 19:18 - 2014-11-10 19:18 - 00010398 _____ C:\Users\michl\Downloads\test.php
2014-11-10 19:10 - 2014-11-10 19:10 - 00000792 _____ C:\Users\michl\Desktop\Nintendo Wii - Wode Jukebox Wii Optical Drive Emulator Umbau - 95,90€  Konsolenpapst.website
2014-11-10 15:05 - 2014-10-04 02:27 - 00000478 _____ C:\Users\michl\Desktop\Download Facebook, Youtube Videos.website
2014-11-10 02:19 - 2014-11-10 02:19 - 00000839 _____ C:\Users\michl\Desktop\Simon Gruber GmbH & Co. KG in Ottobrunn bei München - Servicebetrieb-Smart, Vertragshändler-Mercedes-Benz, Servicebetrieb-BMW.website
2014-11-09 23:08 - 2009-07-14 03:34 - 00000448 _____ C:\Windows\win.ini
2014-11-09 12:21 - 2014-11-09 12:21 - 00000000 ____D C:\Windows\pss
2014-11-08 17:38 - 2012-01-18 14:12 - 00000000 ____D C:\Users\michl\AppData\Roaming\FileZilla
2014-11-07 20:49 - 2014-11-12 07:51 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-07 20:23 - 2014-11-12 07:51 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-06 05:04 - 2014-11-12 07:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-06 05:03 - 2014-11-12 07:51 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-06 05:03 - 2014-11-12 07:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-06 04:47 - 2014-11-12 07:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-06 04:46 - 2014-11-12 07:51 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-06 04:46 - 2014-11-12 07:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-06 04:44 - 2014-11-12 07:51 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-06 04:43 - 2014-11-12 07:51 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-06 04:36 - 2014-11-12 07:51 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-06 04:35 - 2014-11-12 07:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-06 04:31 - 2014-11-12 07:51 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-06 04:30 - 2014-11-12 07:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-06 04:30 - 2014-11-12 07:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-06 04:29 - 2014-11-12 07:51 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-06 04:28 - 2014-11-12 07:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-06 04:23 - 2014-11-12 07:51 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-06 04:20 - 2014-11-12 07:51 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-06 04:16 - 2014-11-12 07:51 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-06 04:13 - 2014-11-12 07:51 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-06 04:13 - 2014-11-12 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-06 04:12 - 2014-11-12 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-06 04:10 - 2014-11-12 07:51 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-06 04:10 - 2014-11-12 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-06 04:07 - 2014-11-12 07:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-06 04:05 - 2014-11-12 07:51 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-06 04:04 - 2014-11-12 07:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-06 04:03 - 2014-11-12 07:51 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-06 04:02 - 2014-11-12 07:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-06 04:00 - 2014-11-12 07:51 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-06 04:00 - 2014-11-12 07:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-06 03:59 - 2014-11-12 07:51 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-06 03:58 - 2014-11-12 07:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-06 03:57 - 2014-11-12 07:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-06 03:48 - 2014-11-12 07:51 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-06 03:42 - 2014-11-12 07:51 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-06 03:41 - 2014-11-12 07:51 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-06 03:41 - 2014-11-12 07:51 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-06 03:39 - 2014-11-12 07:51 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-06 03:38 - 2014-11-12 07:51 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-06 03:37 - 2014-11-12 07:51 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-06 03:36 - 2014-11-12 07:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-06 03:34 - 2014-11-12 07:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-06 03:30 - 2014-11-12 07:51 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-06 03:22 - 2014-11-12 07:51 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-06 03:21 - 2014-11-12 07:51 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-06 03:21 - 2014-11-12 07:51 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-06 03:20 - 2014-11-12 07:51 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-06 03:17 - 2014-11-12 07:51 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-06 03:04 - 2014-11-12 07:51 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-06 03:03 - 2014-11-12 07:51 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-06 02:53 - 2014-11-12 07:51 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-06 02:52 - 2014-11-12 07:51 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-06 02:48 - 2014-11-12 07:51 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-06 02:47 - 2014-11-12 07:51 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-05 18:56 - 2014-11-12 07:51 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-05 18:56 - 2014-11-12 07:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-05 18:52 - 2014-11-12 07:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-05 18:26 - 2012-01-03 03:14 - 00828784 _____ C:\Users\michl\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-05 17:28 - 2012-01-16 13:39 - 00000000 ____D C:\Users\michl\Desktop\programme 2
2014-11-05 16:58 - 2012-01-18 15:55 - 00000000 ____D C:\Users\michl\AppData\Roaming\vlc
2014-11-05 16:05 - 2014-11-05 15:45 - 00000000 ____D C:\ProgramData\JuqweTagnu
2014-11-04 17:54 - 2014-11-04 17:54 - 00036471 _____ C:\Users\michl\Downloads\carolus_regular.zip
2014-11-04 17:53 - 2014-11-04 17:53 - 00019206 _____ C:\Users\michl\Downloads\ashleycapitalisofia_regular.zip
2014-11-04 17:51 - 2014-11-04 17:51 - 00015602 _____ C:\Users\michl\Downloads\cm_regular.zip
2014-11-04 17:50 - 2014-11-04 17:50 - 01988348 _____ C:\Users\michl\Downloads\andron_freefont_lat_regular.zip
2014-11-04 17:38 - 2014-11-04 17:38 - 00346586 _____ C:\Users\michl\Downloads\TeX-Gyre-Termes.zip
2014-11-04 17:38 - 2014-11-04 17:38 - 00225119 _____ C:\Users\michl\Downloads\merriweather.zip
2014-11-04 17:05 - 2014-11-04 17:05 - 00164184 _____ C:\Users\michl\Downloads\overlock.zip
2014-11-04 00:13 - 2014-05-22 22:46 - 00000000 ____D C:\Users\michl\Documents\Meine Paletten
2014-11-03 17:33 - 2014-11-03 17:27 - 00000614 _____ C:\Users\michl\Desktop\Color Explorer • Color Matching.website
2014-10-30 16:51 - 2014-10-30 16:51 - 03079920 _____ C:\Users\michl\Downloads\decoration-elements.zip
2014-10-28 21:40 - 2013-02-07 14:08 - 00008674 _____ C:\Users\michl\Desktop\bayern fußball2.txt
2014-10-28 02:12 - 2014-10-28 02:12 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-10-27 16:49 - 2014-10-27 16:49 - 00000000 ____D C:\Windows\ERUNT
2014-10-27 16:45 - 2014-10-27 16:45 - 01706144 _____ (Thisisu) C:\Users\michl\Downloads\junkware removal tool.exe
2014-10-27 16:44 - 2014-10-27 16:44 - 01998336 _____ C:\Users\michl\Downloads\AdwCleaner_4.002.exe
2014-10-27 16:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\security
2014-10-27 16:04 - 2012-01-13 22:59 - 00000000 ____D C:\Users\michl\Documents\Bluetooth Folder
2014-10-26 22:56 - 2014-10-26 22:56 - 04974864 _____ (Piriform Ltd) C:\Users\michl\Downloads\ccsetup419.exe
2014-10-26 22:56 - 2013-02-04 01:55 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-10-26 22:56 - 2013-02-04 01:55 - 00000000 ____D C:\Program Files\CCleaner
2014-10-26 22:52 - 2014-10-26 01:06 - 00000000 ___HD C:\Users\michl\AppData\Roaming\1A828502
2014-10-26 22:51 - 2014-10-26 22:51 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-10-26 22:39 - 2014-10-26 22:39 - 00000593 _____ C:\Users\michl\Desktop\PC-Notfallklinik • Virus BOO-Cidox.B.website
2014-10-26 18:34 - 2014-10-26 18:33 - 04161313 _____ C:\Users\michl\Downloads\tdsskiller.zip
2014-10-25 02:57 - 2014-11-12 07:49 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-25 02:32 - 2014-11-12 07:49 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-24 23:39 - 2014-10-24 23:39 - 00000419 _____ C:\Users\michl\Desktop\Wie verwende ich das Avira Rescue System.website
2014-10-24 23:35 - 2013-05-16 22:37 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-10-24 23:28 - 2014-07-23 12:05 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-24 23:28 - 2013-02-04 02:01 - 00001066 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-24 23:15 - 2013-06-17 06:57 - 00000000 ____D C:\Users\Public\Documents\NetObjects Fusion 12.0
2014-10-24 00:49 - 2013-02-07 14:09 - 00000493 _____ C:\Users\michl\Desktop\Wortschatz.website
2014-10-22 18:01 - 2013-05-22 23:24 - 00000000 ____D C:\Users\michl\Documents\Benutzerdefinierte Office-Vorlagen
2014-10-21 16:59 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-21 16:59 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU(20).TXT
2014-10-20 16:44 - 2014-10-20 16:44 - 00000435 _____ C:\Users\michl\Desktop\Paper Cutout Vectors, Photos and PSD files  Free Download.website
2014-10-19 21:27 - 2014-04-16 00:58 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 21:27 - 2014-04-16 00:58 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 03:05 - 2014-11-12 07:49 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-10-18 02:33 - 2014-11-12 07:49 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-10-15 22:52 - 2013-10-22 01:07 - 00000000 ____D C:\ProgramData\Oracle
2014-10-15 22:51 - 2014-08-26 12:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 22:51 - 2013-07-03 09:18 - 00000000 ____D C:\Program Files (x86)\Java
2014-10-15 22:49 - 2014-10-15 22:49 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-15 22:49 - 2014-10-15 22:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-15 22:49 - 2014-10-15 22:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-15 22:49 - 2014-10-15 22:49 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-15 22:49 - 2012-01-18 17:17 - 00000000 ____D C:\Program Files\Java

Files to move or delete:
====================
C:\Users\michl\AppData\Roaming\Camdata.ini
C:\Users\michl\AppData\Roaming\CamLayout.ini
C:\Users\michl\AppData\Roaming\CamShapes.ini
C:\ProgramData\eqqol.pad
C:\ProgramData\rjoof.pad


Some content of TEMP:
====================
C:\Users\michl\AppData\Local\Temp\Quarantine.exe
C:\Users\michl\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-10-15 22:28] - [2014-07-17 03:07] - 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-11-10 13:17

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

[/CODE]


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2013
Ran by michl at 2014-11-14 14:41:31
Running from I:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

4Free Video Converter 2 (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acronis*True*Image*Home (x32 Version: 12.0.9769.15)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.63)
Adobe Flash Player 15 ActiveX (x32 Version: 15.0.0.223)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe InDesign CS6 (x32 Version: 8.0)
Adobe Reader 64-bit fixes
Adobe Reader XI (11.0.09) - Deutsch (x32 Version: 11.0.09)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD AVIVO64 Codecs (Version: 11.6.0.10728)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Apowersoft Free Screen Recorder V1.1.5 (x32 Version: 1.1.5)
ArcSoft Portrait+ 3 (x32 Version: 3.0.0.369)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.10.0.0)
Auto FX Free (Version: 1.00.0000)
Bluetooth Win7 Suite (64) (Version: 7.2.0.40)
calibre 64bit (Version: 0.9.24)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCleaner (Version: 4.19)
CDBurnerXP (x32 Version: 4.5.3.4746)
CGS17_Setup_x64 (Version: 17.2)
ClipGrab 3.2.0.10 (x32)
Corel Graphics - Windows Shell Extension (Version: 17.2.0.688)
Corel Graphics - Windows Shell Extension (Version: 17.2.688)
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.2.688)
CorelDRAW Graphics Suite X4 - Capture (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - Content (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - Draw (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - Extra Content (x32 Version: 14.1)
CorelDRAW Graphics Suite X4 - Filters (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - FontNav (x32 Version: 14.2)
CorelDRAW Graphics SUite X4 - ICA (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - IPM (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - Lang DE (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - PP (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 - VBA (x32 Version: 14.2)
CorelDRAW Graphics Suite X4 (x32 Version: 14.2)
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.2)
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.2)
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.2)
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.2)
CorelDRAW Graphics Suite X7 - DE (x64) (Version: 17.2)
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.2)
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.2)
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.2)
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0)
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.2)
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.2)
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0)
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0)
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.2)
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.2)
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.2)
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.2)
CorelDRAW Graphics Suite X7 (64-Bit) (Version: 17.2.0.688)
CorelDRAW(R) Graphics Suite X4 - Extra Content (x32)
CorelDRAW(R) Graphics Suite X4 (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
Dual Package (x32 Version: 2.8)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
Filter Forge Freepack 1 - Metals 2.013 (x32)
Filter Forge Freepack 2 - Photo Effects 2.013 (x32)
Filter Forge Freepack 3 - Frames 2.013 (x32)
Filter Forge Freepack 4 - Distortions 2.013 (x32)
Filter Forge Freepack 5 - Hearts 2.013 (x32)
Filter Forge Freepack 6 - Patterns 2.013 (x32)
FotoSketcher 2.42 (x32)
Free Video Dub version 2.0.21.827 (x32 Version: 2.0.21.827)
Free Video Editor version 1.4.4.904 (x32 Version: 1.4.4.904)
Freemake Video Converter Version 4.1.4 (x32 Version: 4.1.4)
FreeOCR v4.2 (x32)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64)
GML Matting 0.3 (x32 Version: 0.3)
Google Update Helper (x32 Version: 1.3.25.5)
GPL Ghostscript (Version: 9.07)
GPL Ghostscript (x32 Version: 9.07)
HDR Darkroom 6 Windows Version v1.0.0 (x32 Version: Windows Version v1.0.0)
HP Officejet 4620 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Officejet 4620 series Hilfe (x32 Version: 6.0.0)
HP Update (x32 Version: 5.003.003.001)
HydraVision (x32 Version: 4.2.210.0)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (x32 Version: 11.1.048)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026)
Internet Explorer (Enable DEP)
Java 7 Update 67 (x32 Version: 7.0.670)
Java 7 Update 71 (64-bit) (Version: 7.0.710)
Java 8 Update 25 (x32 Version: 8.0.250)
Java Auto Updater (x32 Version: 2.8.25.18)
JDownloader 2 (x32 Version: 2)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
K-Lite Codec Pack 9.7.0 (Standard) (x32 Version: 9.7.0)
LibreOffice 4.2.4.2 (x32 Version: 4.2.4.2)
Malwarebytes Anti-Malware Version 2.0.3.1025 (x32 Version: 2.0.3.1025)
marvell 91xx driver (x32 Version: 1.0.0.1051)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Professional Plus 2013 - de-de (Version: 15.0.4659.1001)
Microsoft Silverlight (Version: 5.1.30514.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00)
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0)
Microsoft Visual Basic for Applications 7.1 (x64) German (Version: 7.1.0.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2012 (x32 Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 Finalizer (x32 Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support  - Module linguistique Français (Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - DEU-Sprachpaket (Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Language Pack ITA (Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Paquete de idioma ESN (Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 한국어 언어 팩 (Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 日本語 Language Pack (Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support (Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x64 主控支援 - 繁體中文語言套件 (Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x64 托管支持 - 简体中文语言包 (Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - DEU-Sprachpaket (x32 Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Language Pack ITA (x32 Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Module linguistique Français (x32 Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Paquete de idioma ESN (x32 Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 한국어 언어 팩 (x32 Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 日本語 Language Pack (x32 Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support (x32 Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x86 主控支援 - 繁體中文語言套件 (x32 Version: 11.0.51108)
Microsoft Visual Studio Tools for Applications 2012 x86 托管支持 - 简体中文语言包 (x32 Version: 11.0.51108)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Moffsoft FreeCalc (x32 Version: 1.1)
Mozilla Firefox 12.0 (x86 de) (x32 Version: 12.0)
Mozilla Maintenance Service (x32 Version: 12.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NetObjects Fusion 11.0 (x32 Version: 11 German)
NetObjects Fusion 12.0 (x32 Version: 12 German)
NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5041)
NetObjects Fusion 7 (x32)
NexusFont 2.5 (ver 2.5.7.1562) (x32)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108)
PC Inspector smart recovery (x32 Version: 4.50)
PDF Editor 4 (x32)
PDF Settings CS6 (x32 Version: 11.0)
PDF Split And Merge Basic (Version: 2.2.2)
PDF24 Creator 5.6.0 (x32)
Perfect Effects 4.0.1 (x32 Version: 4.0.1)
Photomatix Pro version 4.2.6 (Version: 4.2.6)
Radio.fx (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.37.1229.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6235)
Rossmann Fotowelt Software 4.13 (x32 Version: 4.13)
SiSoftware Sandra Lite 2013.SP6 (Version: 19.66.2013.10)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Spyware Terminator 2012 (x32 Version: 3.0.0.82)
StreamTransport version: 1.0.2.2171 (x32)
swMSM (x32 Version: 12.0.0.1)
TreeSize Free V2.5 (x32 Version: 2.5)
Ulead GIF Animator 5 Test (x32)
Visual Basic for Applications (R) Core - English (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core - German (x32 Version: 6.4.99.69)
Visual Basic for Applications (R) Core (x32 Version: 6.4.99.69)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Webocton - Scriptly 0.8.95.6 (x32 Version: 0.8.95.6)
Winamp (x32 Version: 5.623 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinMorph™ 3.01 (x32)
XAMPP (x32 Version: 1.8.2-3)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108)

==================== Restore Points  =========================

12-11-2014 07:28:16 Windows Update
13-11-2014 22:14:21 Wiederherstellungsvorgang

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {010D9376-B8BB-4C81-A3DD-B305BD909091} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {145E6EF3-5AF5-4F53-BC26-B2248E50B69F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {1ED4D5BB-2DE8-4734-A29A-7D05B143BE4E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {52173030-3E6D-4671-A024-37E9CB707A13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)
Task: {5E9522E0-31C4-42D4-B1F6-DE43455C8642} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {61502016-3CA5-4A14-9530-1395856C83D6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe [2014-09-25] (Microsoft Corporation)
Task: {9249DFC4-E957-468E-85A7-3519398650D3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for michl-PC-michl michl-PC => C:\Program Files\Microsoft Office 15\root\office15\msosync.exe [2014-09-16] (Microsoft Corporation)
Task: {970D6B3F-C05F-416D-A83E-523222E93C62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)
Task: {D1D41673-0BFF-4BB6-8EE7-6A40AC4DF365} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-01-13 23:18 - 2011-05-20 12:26 - 00062976 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\MouseHook.dll
2012-01-13 23:18 - 2011-04-01 23:17 - 00003584 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\GerRes.dll
2013-08-26 10:44 - 2013-06-03 12:06 - 09907712 _____ () D:\radio streams\Tobit Radio.fx\Client\TOBITCLT.dll
2013-08-26 10:44 - 2013-05-16 13:28 - 00242688 _____ () D:\radio streams\Tobit Radio.fx\Client\rfx-client$.ger
2012-01-13 23:18 - 2011-03-23 13:35 - 00059904 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\Proxy32dll.dll
2014-06-18 22:36 - 2014-09-23 11:04 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-10-16 09:14 - 2014-10-16 09:14 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2012-01-13 22:54 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:054B9966
AlternateDataStreams: C:\Users\michl\Desktop\Preisgekrönte Webdesign-Software für unter 50 €.eml:OECustomProperty
AlternateDataStreams: C:\Users\michl\Documents\Herzkugel mit Ihrem Foto geschenkt zum Valentinstag.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48306945.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\60065519.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48306945.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\60065519.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2014 02:30:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 02:22:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/14/2014 02:21:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/14/2014 02:20:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/14/2014 02:20:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/14/2014 02:20:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/14/2014 02:20:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/14/2014 02:20:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/14/2014 02:20:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/14/2014 02:20:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/14/2014 02:20:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/14/2014 02:20:39 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (11/14/2014 02:30:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 02:22:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 16360.76 MB
Available physical RAM: 13888.82 MB
Total Pagefile: 32719.7 MB
Available Pagefile: 29808.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:10.35 GB) NTFS
Drive d: (Bilder) (Fixed) (Total:465.88 GB) (Free:13.91 GB) NTFS
Drive f: (Geschäft) (Fixed) (Total:298.83 GB) (Free:24.92 GB) NTFS
Drive g: (sicherung) (Fixed) (Total:97.66 GB) (Free:16.15 GB) NTFS
Drive h: (Volume) (Fixed) (Total:69.14 GB) (Free:0.62 GB) NTFS
Drive i: () (Removable) (Total:7.46 GB) (Free:7.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 25836908)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: B0400252)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=299 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=69 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================
         

Die Microsoft Visual Studio Tools unter Programme sind mir schon aufgefallen wegen der russischen Buchstaben. Das ist nicht von mir. Das hab ich aus den Programmen gelöscht.

Grüße
mayer

@schrauber
Soll ich noch irgendein File erstellen für Eure Diagnose ?
Herzlichen Dank fürs Kümmern.
__________________

Alt 15.11.2014, 12:15   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir - Standard

Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
C:\Users\michl\AppData\Roaming\Camdata.ini
C:\Users\michl\AppData\Roaming\CamLayout.ini
C:\Users\michl\AppData\Roaming\CamShapes.ini
C:\ProgramData\eqqol.pad
C:\ProgramData\rjoof.pad
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.




Jetzt wieder FRST vom Desktop scannen, aber bitte ne neue Version.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.11.2014, 02:48   #5
mayer
 
Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir - Standard

"Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir



Hallo

herzlichen Dank für die Hilfe und Codebereinigung.
Auch die aktuelle FRST64-Version lief jetzt auf der Desktopebene.

Hier die gewünschten Files:

Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-11-2013
Ran by SYSTEM at 2014-11-16 02:31:53 Run:3
Running from J:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
C:\Users\michl\AppData\Roaming\Camdata.ini
C:\Users\michl\AppData\Roaming\CamLayout.ini
C:\Users\michl\AppData\Roaming\CamShapes.ini
C:\ProgramData\eqqol.pad
C:\ProgramData\rjoof.pad
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
C:\Users\michl\AppData\Roaming\Camdata.ini => Moved successfully.
C:\Users\michl\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\michl\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\ProgramData\eqqol.pad => Moved successfully.
C:\ProgramData\rjoof.pad => Moved successfully.

==== End of Fixlog ====
         
und die aktuelle FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by michl (administrator) on MICHL-PC on 16-11-2014 02:37:23
Running from I:\
Loaded Profile: michl (Available profiles: michl)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() D:\radio streams\Tobit Radio.fx\Server\rfx-server.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360sd.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Tobit.Software) D:\radio streams\Tobit Radio.fx\Client\rfx-tray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(LG Electronics) C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rp.exe
() C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe
(TODO: <Company name>) C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\SmartHookTestApp.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360sdupd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377640 2009-05-15] (Acronis)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2774936 2014-05-13] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3681688 2014-05-13] (Crawler.com)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [360sd] => C:\PROGRAM FILES\360\360 INTERNET SECURITY\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4393112 2009-05-15] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [962640 2009-05-15] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [rfxsrvtray] => d:\Radio Streams\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\MountPoints2: E - E:\setup.exe /AUTORUN
HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\MountPoints2: {73b8dbca-35ab-11e1-b6f0-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dual Package.lnk
ShortcutTarget: Dual Package.lnk -> C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe (LG Electronics)
Startup: C:\Users\michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB9D8949E4DD2CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll (Qihu 360 Software Co., Ltd.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2836387523-2242442364-2255310912-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\abs@avira.com [2014-11-05]
FF Extension: Snap.Do  - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{444cfd05-5764-4bc4-8e89-417723e7621f} [2013-07-11]
FF Extension: DownloadHelper - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-06-12]
FF Extension: Flash and Video Download - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-08-05]
FF Extension: printpdf - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\printpdf@pavlov.net.xpi [2014-03-10]
FF Extension: DownThemAll! - C:\Users\michl\AppData\Roaming\Mozilla\Firefox\Profiles\ub22013p.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-09-01]

Chrome: 
=======
CHR Profile: C:\Users\michl\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 360rp; C:\PROGRAM FILES\360\360 INTERNET SECURITY\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\OFFICECLICKTORUN.EXE [2436280 2014-09-25] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Radio.fx; d:\Radio Streams\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\RpcAgentSrv.exe [71832 2008-10-02] (SiSoftware) [File not signed]
S3 scan; C:\PROGRAM FILES\360\360 INTERNET SECURITY\scan.dll [420424 2014-04-25] (S.C. BitDefender S.R.L)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1146304 2014-05-13] (Crawler.com)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-04-18] (Qihu 360 Software Co., Ltd.)
S3 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2010-08-04] (LG Soft India) [File not signed]
S3 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [19968 2011-02-11] () [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-02-04] (Windows (R) Win 7 DDK provider)
R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [1462304 2012-01-18] (Acronis)
S3 SANDRA; \??\C:\PROGRAM FILES\SISOFTWARE\SISOFTWARE SANDRA LITE 2013.SP4\WNT500X64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 02:33 - 2014-11-16 02:33 - 00000000 ___RD () C:\Users\michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-15 23:59 - 2014-11-15 23:59 - 00000362 _____ () C:\Users\michl\Desktop\Anti-Botnet-Beratungszentrum.website
2014-11-15 21:54 - 2014-11-15 21:54 - 00002029 _____ () C:\Users\michl\Desktop\Entfernen des Avira EU-Cleaners.lnk
2014-11-15 21:54 - 2014-11-15 21:54 - 00001973 _____ () C:\Users\michl\Desktop\Avira EU-Cleaner.lnk
2014-11-15 21:04 - 2014-11-15 21:05 - 00000000 ____D () C:\Users\michl\AppData\Local\{F2D778D8-DFFC-4C78-891A-5F3AEF8F17A8}
2014-11-14 23:46 - 2014-11-14 23:46 - 00000000 ____D () C:\Users\michl\AppData\Roaming\Tobit
2014-11-14 23:15 - 2014-11-14 23:15 - 00000000 ____D () C:\Users\michl\AppData\Local\{CC86A7AE-EA86-4FA8-8229-F5D907DC068F}
2014-11-14 17:39 - 2014-05-14 10:40 - 00022992 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\efimon.sys
2014-11-14 17:38 - 2014-11-16 02:36 - 00000000 ____D () C:\Users\michl\AppData\Roaming\360safe
2014-11-14 17:38 - 2014-11-14 17:41 - 00000000 ____D () C:\ProgramData\360SD
2014-11-14 17:38 - 2014-11-14 17:38 - 00000974 _____ () C:\Users\Public\Desktop\360 Internet Security.lnk
2014-11-14 17:38 - 2014-11-14 17:38 - 00000000 _RSHD () C:\360SANDBOX
2014-11-14 17:38 - 2014-11-14 17:38 - 00000000 ____D () C:\Users\michl\AppData\Roaming\360SD
2014-11-14 17:38 - 2014-11-14 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Internet Security
2014-11-14 17:38 - 2014-11-14 17:38 - 00000000 ____D () C:\Program Files\360
2014-11-14 17:38 - 2014-05-07 10:44 - 00304208 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\360FsFlt.sys
2014-11-14 17:38 - 2014-04-29 07:20 - 00305744 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\360Box64.sys
2014-11-14 17:38 - 2014-04-29 04:50 - 00041552 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\360Camera64.sys
2014-11-14 17:38 - 2014-04-23 09:32 - 00067664 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\360AvFlt.sys
2014-11-14 17:38 - 2014-04-21 07:38 - 00097872 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\360AntiHacker64.sys
2014-11-14 17:38 - 2014-04-18 07:42 - 00180816 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2014-11-14 17:34 - 2014-11-16 02:36 - 00038896 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 17:32 - 2014-11-16 02:33 - 00011942 _____ () C:\Windows\PFRO.log
2014-11-14 17:32 - 2014-11-16 02:33 - 00000224 _____ () C:\Windows\setupact.log
2014-11-14 17:32 - 2014-11-14 17:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-14 17:26 - 2014-11-16 02:29 - 00000523 _____ () C:\Users\michl\Desktop\Log-Analyse und Auswertung - Trojaner-Board.website
2014-11-14 15:30 - 2014-11-14 15:33 - 151804352 _____ () C:\Users\michl\Downloads\avira_free_antivirus_de_14.0.7.342 2014.exe
2014-11-14 11:14 - 2014-11-14 11:14 - 00000000 ____D () C:\Users\michl\AppData\Local\{E14DEA36-CEE0-49ED-875E-91DB9E342F36}
2014-11-13 23:40 - 2014-11-13 23:40 - 00003128 _____ () C:\Windows\System32\Tasks\{E6AF3107-78B1-4731-B15D-A4299307ED7E}
2014-11-12 12:46 - 2014-11-12 12:46 - 00000000 __SHD () C:\Users\michl\AppData\Local\EmieBrowserModeList
2014-11-12 07:51 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 07:51 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 07:51 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 07:51 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 07:51 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 07:51 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 07:51 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 07:51 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 07:51 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 07:51 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 07:51 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 07:51 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 07:51 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 07:51 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 07:51 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 07:51 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 07:51 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 07:51 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 07:51 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 07:51 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 07:51 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 07:51 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 07:51 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 07:51 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 07:51 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 07:51 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 07:51 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 07:51 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 07:51 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 07:51 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 07:51 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 07:51 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 07:51 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 07:51 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 07:51 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 07:51 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 07:51 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 07:51 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 07:51 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 07:51 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 07:51 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 07:51 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 07:51 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 07:51 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 07:51 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 07:51 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 07:51 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 07:51 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 07:51 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 07:51 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 07:51 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 07:51 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 07:51 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 07:51 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 07:51 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 07:51 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 07:51 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 07:51 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 07:51 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 07:51 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 07:51 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 07:51 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 07:51 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 07:51 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 07:51 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 07:51 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 07:51 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 07:51 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 07:49 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 07:49 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 07:49 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 07:49 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 07:49 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 07:49 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 07:49 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 07:49 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 07:49 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 07:49 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 07:49 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 07:49 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 07:49 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 07:49 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 07:49 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 07:49 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 07:49 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 07:49 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 07:49 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 07:49 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 07:49 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 07:49 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 07:49 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 07:32 - 2014-11-16 02:34 - 00005136 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for michl-PC-michl michl-PC
2014-11-10 19:18 - 2014-11-10 19:18 - 00010398 _____ () C:\Users\michl\Downloads\test.php
2014-11-10 19:10 - 2014-11-10 19:10 - 00000792 _____ () C:\Users\michl\Desktop\Nintendo Wii - Wode Jukebox Wii Optical Drive Emulator Umbau - 95,90€  Konsolenpapst.website
2014-11-10 02:19 - 2014-11-10 02:19 - 00000839 _____ () C:\Users\michl\Desktop\Simon Gruber GmbH & Co. KG in Ottobrunn bei München - Servicebetrieb-Smart, Vertragshändler-Mercedes-Benz, Servicebetrieb-BMW.website
2014-11-09 12:21 - 2014-11-09 12:21 - 00000000 ____D () C:\Windows\pss
2014-11-04 17:54 - 2014-11-04 17:54 - 00036471 _____ () C:\Users\michl\Downloads\carolus_regular.zip
2014-11-04 17:53 - 2014-11-04 17:53 - 00019206 _____ () C:\Users\michl\Downloads\ashleycapitalisofia_regular.zip
2014-11-04 17:51 - 2014-11-04 17:51 - 00015602 _____ () C:\Users\michl\Downloads\cm_regular.zip
2014-11-04 17:50 - 2014-11-04 17:50 - 01988348 _____ () C:\Users\michl\Downloads\andron_freefont_lat_regular.zip
2014-11-04 17:38 - 2014-11-04 17:38 - 00346586 _____ () C:\Users\michl\Downloads\TeX-Gyre-Termes.zip
2014-11-04 17:38 - 2014-11-04 17:38 - 00225119 _____ () C:\Users\michl\Downloads\merriweather.zip
2014-11-04 17:05 - 2014-11-04 17:05 - 00164184 _____ () C:\Users\michl\Downloads\overlock.zip
2014-11-03 17:27 - 2014-11-03 17:33 - 00000614 _____ () C:\Users\michl\Desktop\Color Explorer • Color Matching.website
2014-10-30 16:51 - 2014-10-30 16:51 - 03079920 _____ () C:\Users\michl\Downloads\decoration-elements.zip
2014-10-28 02:12 - 2014-10-28 02:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-27 16:49 - 2014-10-27 16:49 - 00000000 ____D () C:\Windows\ERUNT
2014-10-27 16:46 - 2014-11-14 09:51 - 00000000 ____D () C:\AdwCleaner
2014-10-27 16:45 - 2014-10-27 16:45 - 01706144 _____ (Thisisu) C:\Users\michl\Downloads\junkware removal tool.exe
2014-10-27 16:44 - 2014-10-27 16:44 - 01998336 _____ () C:\Users\michl\Downloads\AdwCleaner_4.002.exe
2014-10-27 14:50 - 2014-11-16 02:37 - 00000000 ____D () C:\FRST
2014-10-26 22:56 - 2014-10-26 22:56 - 04974864 _____ (Piriform Ltd) C:\Users\michl\Downloads\ccsetup419.exe
2014-10-26 22:51 - 2014-10-26 22:51 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-26 22:39 - 2014-10-26 22:39 - 00000593 _____ () C:\Users\michl\Desktop\PC-Notfallklinik • Virus BOO-Cidox.B.website
2014-10-26 18:36 - 2014-07-10 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\michl\Downloads\TDSSKiller.exe
2014-10-26 18:33 - 2014-10-26 18:34 - 04161313 _____ () C:\Users\michl\Downloads\tdsskiller.zip
2014-10-26 01:06 - 2014-10-26 22:52 - 00000000 ___HD () C:\Users\michl\AppData\Roaming\1A828502
2014-10-24 23:39 - 2014-10-24 23:39 - 00000419 _____ () C:\Users\michl\Desktop\Wie verwende ich das Avira Rescue System.website
2014-10-20 16:44 - 2014-10-20 16:44 - 00000435 _____ () C:\Users\michl\Desktop\Paper Cutout Vectors, Photos and PSD files  Free Download.website

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 02:33 - 2014-04-16 00:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-16 02:33 - 2013-02-04 02:04 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-11-16 02:33 - 2012-01-13 23:06 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-11-16 02:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-16 02:29 - 2011-04-12 08:43 - 00717444 _____ () C:\Windows\system32\perfh007.dat
2014-11-16 02:29 - 2011-04-12 08:43 - 00155004 _____ () C:\Windows\system32\perfc007.dat
2014-11-16 02:29 - 2009-07-14 06:13 - 01656676 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 01:32 - 2014-04-16 00:58 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-16 00:32 - 2013-11-11 23:52 - 00000514 _____ () C:\Users\michl\Desktop\Zattoo -webTV.website
2014-11-15 21:51 - 2013-06-25 07:14 - 00000863 _____ () C:\Users\michl\Desktop\Abendzeitung München.website
2014-11-15 21:03 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-15 21:03 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-15 00:16 - 2013-04-21 16:40 - 00000318 _____ () C:\Users\michl\AppData\Roaming\FotoSketcher.ini
2014-11-14 23:46 - 2009-07-14 03:34 - 00000448 _____ () C:\Windows\win.ini
2014-11-14 23:39 - 2012-01-16 13:39 - 00000000 ____D () C:\Users\michl\Desktop\programme 2
2014-11-14 14:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-14 14:21 - 2014-07-23 12:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-13 23:34 - 2012-01-03 02:52 - 00000000 ____D () C:\Users\michl
2014-11-13 23:33 - 2014-08-30 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filter Forge Freepack 2 - Photo Effects
2014-11-13 23:33 - 2014-08-30 00:12 - 00000000 ____D () C:\Program Files (x86)\Filter Forge Freepack 2 - Photo Effects
2014-11-13 23:33 - 2014-05-22 22:36 - 00000000 ____D () C:\ProgramData\Protexis64
2014-11-13 23:33 - 2014-05-06 22:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 23:33 - 2013-02-04 02:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-13 23:33 - 2012-01-13 23:18 - 00000000 ____D () C:\ProgramData\InstallShield
2014-11-13 23:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 23:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-13 22:20 - 2013-03-08 17:28 - 00000000 ____D () C:\Users\michl\AppData\Local\CrashDumps
2014-11-13 20:29 - 2014-05-02 12:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-13 20:29 - 2014-05-02 12:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-13 18:25 - 2013-11-04 01:27 - 00000631 _____ () C:\Users\michl\Desktop\LOTTO Bayern - Meine Daten.website
2014-11-13 17:29 - 2013-02-04 14:31 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-11-13 11:10 - 2014-05-22 21:54 - 00000000 ____D () C:\Program Files (x86)\PDF Editor 4
2014-11-12 08:32 - 2009-07-14 05:45 - 07968032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 08:30 - 2013-07-24 00:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 08:28 - 2013-02-05 19:19 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 00:23 - 2013-02-14 01:18 - 00454604 _____ () C:\Windows\FontData.fdb
2014-11-11 16:45 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2014-11-11 16:23 - 2014-08-24 17:11 - 00000559 _____ () C:\Users\michl\Desktop\freisteller  clipping Magic .website
2014-11-11 09:44 - 2012-01-16 17:19 - 00094363 _____ () C:\Users\michl\Desktop\offene2+++.txt
2014-11-10 15:05 - 2014-10-04 02:27 - 00000478 _____ () C:\Users\michl\Desktop\Download Facebook, Youtube Videos.website
2014-11-08 17:38 - 2012-01-18 14:12 - 00000000 ____D () C:\Users\michl\AppData\Roaming\FileZilla
2014-11-05 18:26 - 2012-01-03 03:14 - 00828784 _____ () C:\Users\michl\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-05 16:58 - 2012-01-18 15:55 - 00000000 ____D () C:\Users\michl\AppData\Roaming\vlc
2014-11-04 00:13 - 2014-05-22 22:46 - 00000000 ____D () C:\Users\michl\Documents\Meine Paletten
2014-10-28 21:40 - 2013-02-07 14:08 - 00008674 _____ () C:\Users\michl\Desktop\bayern fußball2.txt
2014-10-27 16:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2014-10-27 16:04 - 2012-01-13 22:59 - 00000000 ____D () C:\Users\michl\Documents\Bluetooth Folder
2014-10-26 22:56 - 2013-02-04 01:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-26 22:56 - 2013-02-04 01:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-24 23:35 - 2013-05-16 22:37 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-24 23:28 - 2014-07-23 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-24 23:28 - 2014-07-23 12:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-24 23:28 - 2013-02-04 02:01 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-24 23:15 - 2013-06-17 06:57 - 00000000 ____D () C:\Users\Public\Documents\NetObjects Fusion 12.0
2014-10-24 00:49 - 2013-02-07 14:09 - 00000493 _____ () C:\Users\michl\Desktop\Wortschatz.website
2014-10-22 18:01 - 2013-05-22 23:24 - 00000000 ____D () C:\Users\michl\Documents\Benutzerdefinierte Office-Vorlagen
2014-10-21 16:59 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-21 16:59 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU(20).TXT
2014-10-19 21:27 - 2014-04-16 00:58 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 21:27 - 2014-04-16 00:58 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\michl\AppData\Local\Temp\Quarantine.exe
C:\Users\michl\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 01:01

==================== End Of Log ============================
         
--- --- ---

[/CODE]


FRAGE:
Wie lässt sich so ein Eindringen, dass "jemand" unbemerkt von Avira Antivirus auf den PC gelangt und diese Sperrungen bzw. Aufstellen von Gruppenrichtlinien ausführt, verhindern? Durch die Proversion und dem Echtzeitschutz von Malwarebytes ?


Schönen Sonntag
Danke


Alt 16.11.2014, 19:35   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir - Standard

Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir



Ich bin kein Fan von Avira, und kein AV kann dich schützen wenn Du beim Surfen und installieren nicht aufpasst.

FRST öffnen, Haken setzen bei Addition, poste bitte nur die Addition.txt.
__________________
--> Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir

Alt 17.11.2014, 15:28   #7
mayer
 
Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir - Standard

Programm durch Gruppenrichtlinie blockiert



Hallo

aktuelle Suchläufe von Virenprogramm und Malwarebytes etc. ergaben keine Funde.

Wie gewünscht, nachfolgend die Addition.txt

Code:
ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2014 03
Ran by michl at 2014-11-17 15:16:45
Running from I:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Internet Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Internet Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Internet Security (HKLM-x32\...\360 Internet Security) (Version: 4.9.0.4902 - Qihu 360 Software Co., Ltd.)
4Free Video Converter 2 (HKLM-x32\...\{7061301A-0D44-432F-859D-AF705DA2C81F}_is1) (Version:  - 4Free Studio)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis*True*Image*Home (HKLM-x32\...\{D1E0E859-F46D-4708-A41D-ED90C0C1822A}) (Version: 12.0.9769.15 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader 64-bit fixes (HKLM\...\{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1) (Version:  - Leo Davidson / Pretentious Name)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{1701BD02-09B9-B25B-8290-C7D6A33C5A75}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apowersoft Free Screen Recorder V1.1.5 (HKLM-x32\...\{4EFA42DB-E4EC-4537-9DF3-5158D08A9785}_is1) (Version: 1.1.5 - Apowersoft)
ArcSoft Portrait+ 3 (HKLM-x32\...\{C42CE1B5-A119-4AF3-B0EB-4E739192B584}) (Version: 3.0.0.369 - ArcSoft)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
Auto FX Free (HKLM\...\{2F46CB46-5E2B-414D-882C-F8F51FF30C01}) (Version: 1.00.0000 - Auto FX Software)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
calibre 64bit (HKLM\...\{4B1D5077-539A-44BA-BDB8-A2A46B5EE038}) (Version: 0.9.24 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4746 - CDBurnerXP)
CGS17_Setup_x64 (Version: 17.2 - Corel Corporation) Hidden
ClipGrab 3.2.0.10 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Corel Graphics - Windows Shell Extension (HKLM\...\_{78FFFA60-B301-4897-8054-D5D0CD5A6AE0}) (Version: 17.2.0.688 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.2.688 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.2.688 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Capture (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Extra Content (x32 Version: 14.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - DE (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.2 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.2.0.688 - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Extra Content (HKLM-x32\...\_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 (HKLM-x32\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dual Package (HKLM-x32\...\{37365259-9D37-4FBE-9204-08B4034623B6}) (Version: 2.8 - LG Soft India Pvt Ltd)
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Filter Forge Freepack 1 - Metals 2.013 (HKLM-x32\...\Filter Forge Freepack 1 - Metals_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 2 - Photo Effects 2.013 (HKLM-x32\...\Filter Forge Freepack 2 - Photo Effects_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 3 - Frames 2.013 (HKLM-x32\...\Filter Forge Freepack 3 - Frames_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 4 - Distortions 2.013 (HKLM-x32\...\Filter Forge Freepack 4 - Distortions_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 5 - Hearts 2.013 (HKLM-x32\...\Filter Forge Freepack 5 - Hearts_is1) (Version:  - Filter Forge, Inc.)
Filter Forge Freepack 6 - Patterns 2.013 (HKLM-x32\...\Filter Forge Freepack 6 - Patterns_is1) (Version:  - Filter Forge, Inc.)
FotoSketcher 2.42 (HKLM-x32\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version:  - David THOIRON)
Free Video Dub version 2.0.21.827 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.827 - DVDVideoSoft Ltd.)
Free Video Editor version 1.4.4.904 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.4.904 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
FreeOCR v4.2 (HKLM-x32\...\freeocr_is1) (Version:  - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
GML Matting 0.3 (HKLM-x32\...\GML Matting_is1) (Version: 0.3 - GML Computer Vision Group)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HDR Darkroom 6 Windows Version v1.0.0 (HKLM-x32\...\HDR Darkroom 6) (Version: Windows Version v1.0.0 - HengTu, Inc.)
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Hilfe (HKLM-x32\...\{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}) (Version: 6.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\0630-0716-3135-7887) (Version: 2 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.7.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.7.0 - )
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1051 - Marvell)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Moffsoft FreeCalc (HKLM-x32\...\MoffFreeCalc_is1) (Version: 1.1 - Moffsoft)
Mozilla Firefox 12.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetObjects Fusion 11.0 (HKLM-x32\...\{A4D8369D-F5C6-403F-933C-53CA34062C2A}) (Version: 11 German - )
NetObjects Fusion 12.0 (HKLM-x32\...\{3A6E58D0-765B-4820-A01F-D7055B8CA9DA}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5041 - NetObjects) Hidden
NetObjects Fusion 7 (HKLM-x32\...\NetObjects Fusion 7) (Version:  - )
NexusFont 2.5 (ver 2.5.7.1562) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version:  - xiles)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
PC Inspector smart recovery (HKLM-x32\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PDF Editor 4 (HKLM-x32\...\PDF Editor 4) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDF24 Creator 5.6.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Perfect Effects 4.0.1 (HKLM-x32\...\{385E6A4D-A440-43E2-9BAF-A012FB5FC2E2}) (Version: 4.0.1 - onOne Software)
Photomatix Pro version 4.2.6 (HKLM\...\PhotomatixPro42x64_is1) (Version: 4.2.6 - HDRsoft Ltd)
Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version:  - Tobit.Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
SiSoftware Sandra Lite 2013.SP6 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.66.2013.10 - SiSoftware)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler, LLC)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TreeSize Free V2.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.5 - JAM Software)
Ulead GIF Animator 5 Test (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - )
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2836387523-2242442364-2255310912-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinMorph™ 3.01 (HKLM-x32\...\WinMorph_is1) (Version:  - Satish Kumar)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.2-3 - BitNami)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-11-2014 22:58:57 Avira EU-Cleaner - 15.11.2014 23:58
16-11-2014 02:00:12 punkt16112014
17-11-2014 09:12:21 Wiederherstellungsvorgang

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {145E6EF3-5AF5-4F53-BC26-B2248E50B69F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {1ED4D5BB-2DE8-4734-A29A-7D05B143BE4E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {52173030-3E6D-4671-A024-37E9CB707A13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)
Task: {5E9522E0-31C4-42D4-B1F6-DE43455C8642} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {61502016-3CA5-4A14-9530-1395856C83D6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {9249DFC4-E957-468E-85A7-3519398650D3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for michl-PC-michl michl-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)
Task: {970D6B3F-C05F-416D-A83E-523222E93C62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)
Task: {D1D41673-0BFF-4BB6-8EE7-6A40AC4DF365} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-22 09:09 - 2011-06-22 09:09 - 00034304 _____ () C:\Windows\System32\ssp5ml6.dll
2014-03-12 09:15 - 2014-05-20 08:19 - 00105640 _____ () C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\ApiClient.dll
2013-07-05 14:53 - 2013-06-03 12:06 - 03999512 _____ () D:\RADIO STREAMS\TOBIT RADIO.FX\SERVER\RFX-SERVER.EXE
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-01-13 23:18 - 2011-05-20 12:26 - 00062976 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\MouseHook.dll
2012-01-13 23:18 - 2011-04-01 23:17 - 00003584 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\GerRes.dll
2012-01-13 23:18 - 2011-04-20 17:10 - 00024576 _____ () C:\PROGRAM FILES (X86)\LG SOFT INDIA PVT LTD\DUAL PACKAGE\BIN\TESTDDCCI.EXE
2013-07-05 14:53 - 2013-06-03 12:06 - 03999512 _____ () d:\Radio Streams\Tobit Radio.fx\Server\rfx-server.exe
2013-08-26 10:44 - 2013-06-03 12:06 - 09907712 _____ () D:\radio streams\Tobit Radio.fx\Client\TOBITCLT.dll
2013-08-26 10:44 - 2013-05-16 13:28 - 00242688 _____ () D:\radio streams\Tobit Radio.fx\Client\rfx-client$.ger
2012-01-13 23:18 - 2011-04-20 17:10 - 00024576 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe
2012-01-13 23:18 - 2011-03-23 13:35 - 00059904 _____ () C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\Proxy32dll.dll
2014-10-16 09:14 - 2014-10-16 09:14 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2012-01-13 22:54 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:054B9966
AlternateDataStreams: C:\Users\michl\Desktop\Preisgekrönte Webdesign-Software für unter 50 €.eml:OECustomProperty
AlternateDataStreams: C:\Users\michl\Documents\Herzkugel mit Ihrem Foto geschenkt zum Valentinstag.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48306945.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\60065519.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48306945.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\60065519.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^michl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sdbinst.lnk => C:\Windows\pss\sdbinst.lnk.Startup
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2836387523-2242442364-2255310912-500 - Administrator - Disabled)
Gast (S-1-5-21-2836387523-2242442364-2255310912-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2836387523-2242442364-2255310912-1002 - Limited - Enabled)
michl (S-1-5-21-2836387523-2242442364-2255310912-1000 - Administrator - Enabled) => C:\Users\michl

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2014 02:08:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 11:30:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 10:16:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 10:11:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 730

Startzeit: 01d002398e6eb067

Endzeit: 54

Anwendungspfad: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

Berichts-ID:

Error: (11/17/2014 08:36:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: virtualStudio.exe, Version: 1.0.0.43, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: virtualStudio.exe, Version: 1.0.0.43, Zeitstempel: 0x2a425e19
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001f40
ID des fehlerhaften Prozesses: 0x1678
Startzeit der fehlerhaften Anwendung: 0xvirtualStudio.exe0
Pfad der fehlerhaften Anwendung: virtualStudio.exe1
Pfad des fehlerhaften Moduls: virtualStudio.exe2
Berichtskennung: virtualStudio.exe3

Error: (11/17/2014 08:33:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: virtualStudio.exe, Version: 1.0.0.43, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: virtualStudio.exe, Version: 1.0.0.43, Zeitstempel: 0x2a425e19
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001f40
ID des fehlerhaften Prozesses: 0x1314
Startzeit der fehlerhaften Anwendung: 0xvirtualStudio.exe0
Pfad der fehlerhaften Anwendung: virtualStudio.exe1
Pfad des fehlerhaften Moduls: virtualStudio.exe2
Berichtskennung: virtualStudio.exe3

Error: (11/17/2014 07:35:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 10:08:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:07:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 02:35:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/17/2014 00:19:14 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (11/17/2014 08:41:51 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (11/17/2014 08:41:51 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (11/15/2014 10:20:25 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (11/15/2014 10:20:25 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (11/14/2014 05:32:54 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (11/14/2014 05:32:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/14/2014 05:32:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (11/14/2014 05:28:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (11/14/2014 05:27:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (11/17/2014 02:08:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 11:30:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 10:16:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 10:11:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1742073001d002398e6eb06754C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

Error: (11/17/2014 08:36:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: virtualStudio.exe1.0.0.432a425e19virtualStudio.exe1.0.0.432a425e19c000000500001f40167801d00239344317e7C:\Program Files (x86)\virtualStudio\virtualStudio.exeC:\Program Files (x86)\virtualStudio\virtualStudio.exe7bbefac6-6e2c-11e4-a84d-5404a66ab516

Error: (11/17/2014 08:33:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: virtualStudio.exe1.0.0.432a425e19virtualStudio.exe1.0.0.432a425e19c000000500001f40131401d00238585d7012C:\Program Files (x86)\virtualStudio\virtualStudio.exeC:\Program Files (x86)\virtualStudio\virtualStudio.exef9daf4a2-6e2b-11e4-a84d-5404a66ab516

Error: (11/17/2014 07:35:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 10:08:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:07:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 02:35:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 18%
Total physical RAM: 16360.76 MB
Available physical RAM: 13301.16 MB
Total Pagefile: 32719.7 MB
Available Pagefile: 29154.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:10.6 GB) NTFS
Drive d: (Bilder) (Fixed) (Total:465.88 GB) (Free:15.19 GB) NTFS
Drive f: (Geschäft) (Fixed) (Total:298.83 GB) (Free:24.39 GB) NTFS
Drive g: (sicherung) (Fixed) (Total:97.66 GB) (Free:18.19 GB) NTFS
Drive h: (Volume) (Fixed) (Total:69.14 GB) (Free:0.62 GB) NTFS
Drive i: () (Removable) (Total:7.46 GB) (Free:7.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 25836908)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B0400252)
Partition 1: (Active) - (Size=465.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=69.1 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 40E1947A)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)

==================== End Of Log ============================
         

Herzlichen Dank für die Hilfestellung.
Aktuell scheint alles wieder reibungslos zu laufen.
Betrachte ich dieses Board und andere Meldungen und Hilfegesuche im Netz, scheint es aktuell verstärkt Probleme mit Trojanern zu geben. Und es sind Probleme, die man als Laie nicht einfach entsperren oder über ein Tool löschen kann.
Täuscht der Eindruck?

Herzlichen Dank für Eure Hilfen und Euer Engagement mit dem Trojaner Board.

Grüße
mayer

Alt 18.11.2014, 09:41   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir - Standard

Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir



Verstärkt würde ich nicht sagen.

normal, wie immer. Man darf halt nur nicht glauben dass ein AV Programm alles regelt


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir
antivir, arbeitet, avg, avira, blockiert, ccsetup, desktop, explorer, fehlermeldung, gruppenrichtlinie blockiert, home, junkware, kaspersky, malwarebytes, microsoft, officejet, opera, problem, programm, programme, realtek, registry, secur, server, services.exe, software, spyware, svchost.exe, virus




Ähnliche Themen: Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir


  1. AntiVir kann nicht geöffnet werden. (Dieses Programm wurde durch eine Gruppenrichtlinie blockiert..
    Plagegeister aller Art und deren Bekämpfung - 14.06.2015 (22)
  2. GData 2015 INTERNET SECURITY Fehlermeldung: "Dieses Programm wir durch eine Gruppenrichtlinie blockiert [..]"
    Log-Analyse und Auswertung - 12.12.2014 (7)
  3. Avira Pro - "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator."
    Plagegeister aller Art und deren Bekämpfung - 15.11.2014 (22)
  4. G DATA INTERNET SECURITY "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert."
    Log-Analyse und Auswertung - 11.11.2014 (7)
  5. Win 7: Avast Antivir Fehler "dieses Programm wurde durch eine Gruppenrichtlinie blockiert [...]"
    Log-Analyse und Auswertung - 08.10.2014 (8)
  6. Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 25.09.2014 (7)
  7. Avira Antivir dieses programm wurde durch eine gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 06.09.2014 (1)
  8. AVG - Programm wurde durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 05.09.2014 (7)
  9. AntiVir: Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 26.08.2014 (11)
  10. dieses programm wurde durch eine gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 05.08.2014 (12)
  11. "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert." (AVAST)
    Plagegeister aller Art und deren Bekämpfung - 21.07.2014 (12)
  12. Dieses Programm wurde durch eine Gruppenrichtlinie blockiert... Avast und Antivir lassen sich nicht mehr starten!
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (17)
  13. Fehlermeldung AntiVir: Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 04.06.2014 (10)
  14. Windows 7 x64 Kaspersky Nach Trojaner: "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert.[...]"
    Log-Analyse und Auswertung - 30.05.2014 (9)
  15. Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Antiviren-, Firewall- und andere Schutzprogramme - 29.05.2014 (32)
  16. Windows 7 Home: Problem beim Starten des Virenscanners "dieses programm wurde durch die Gruppenrichtlinie blockiert "
    Log-Analyse und Auswertung - 05.05.2014 (9)
  17. Virus / Trojaner blockiert Avira "...wurde durch eine Gruppenrichtlinie blockiert"
    Log-Analyse und Auswertung - 20.03.2014 (7)

Zum Thema Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir - Hallo Spezialisten auch ich hab das aktuelle Problem mit der Fehlermeldung "Das Programm wurde durch eine Gruppenrichtlinie blockiert" beim Öffnen von AntiVir. Folgen: Irgendwas hat den AntiVir-Systemmonitor/Echtzeit-Überwachung abgeschaltet Eine Systemwiederherstellung - Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir...
Archiv
Du betrachtest: Ich hab´s auch: "Das Programm wurde durch eine Gruppenrichtlinie blockiert" AntiVir auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.