Bluescren - Polizeiwarnung - Ultrabook startet nur noch bis Lenovo-Symbol

sugus666 · 08.10.2014, 15:27

guten Tag

ich bin fasst am verzweifeln!

Ich recherchierte heute intensiv mit meinem Notebook. Als ich nach einer kurzen Pause an meinen Arbeitsplatz zurück kam, waren mehrere Pages offen.Ich wollte diese Fenster schließen, als sich eine neue Seite öffnete mit dem Inhalt: WARNUNG!!! POLIZEI!!!! Ihr Browser wurde gesperrt und all ihre Daten verschlüsselt.

Folgendes habe ich im Einsatz

Lenovo YOGA 2 Pro / Windows 8.1 / u.a. AVIRA

Aktuell schreibe ich Ihnen mit einem Uralt-PC (XP)

Herzlichen Dank für Ihre geschätzte Unterstützung
susus666

Nachtrag: Ich habe es mittlerweilegeschaft, das UB via USB zu starten. Aktuell versuche ich meine aktuellen Arbeiten zu sichern. Danach werde ich das UB nochmals booten - who knows wei das Verhalten dann ist ...!!

schrauber · 08.10.2014, 16:17

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

sugus666 · 08.10.2014, 16:39

lieber 'Schrauber'
danke für deine rasche Antwort. Im Anhang die gewünschten Anhänge ... ich hoffe mein Post ist so richtig...

Gruss
sugus666

schrauber · 09.10.2014, 10:52

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

sugus666 · 09.10.2014, 11:15

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Marcel (administrator) on SUGUS on 08-10-2014 17:30:58
Running from F:\90 Daten Systemordner\Downloads_sys
Loaded Profile: Marcel (Available profiles: Marcel & Administrator)
Platform: Windows 8.1 (X64) OS Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Learnpulse) C:\Users\Marcel\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
(Docking Station) C:\Program Files (x86)\Lenovo\USB3.0 Dock\igpxtskmgn64win8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Nenad Hrg (SoftwareOK.com)) C:\Program Files\Q-Dir\Q-Dir.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13656792 2013-10-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-02] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-28] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-28] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59923440 2014-03-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2014-09-29] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119280 2014-01-06] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [My Swisscom Assistant] => C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe [7503792 2014-02-27] (Swisscom (Schweiz) AG)
HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2322944 2014-04-08] (FileZilla Project)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3121602427-3534730855-1075997385-1001\...\Run: [Screenpresso] => C:\Users\Marcel\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe [10983952 2014-09-22] (Learnpulse)
HKU\S-1-5-21-3121602427-3534730855-1075997385-1001\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe
HKU\S-1-5-21-3121602427-3534730855-1075997385-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [224728 2014-09-29] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [181720 2014-09-29] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\igpxtskmgn.lnk
ShortcutTarget: igpxtskmgn.lnk -> C:\Program Files (x86)\Lenovo\USB3.0 Dock\igpxtskmgn64win8.exe (Docking Station)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.bat ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3331394&octid=EB_ORIGINAL_CTID&ISID=M4E87B030-82D2-448C-B5C0-7AFF3FA99908&SearchSource=55&CUI=&UM=6&UP=SP727B140A-29DF-4E80-8731-49567B089789&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {72A5F580-1FA0-4C34-B0EF-61D4BC34A5E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {72A5F580-1FA0-4C34-B0EF-61D4BC34A5E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {72A5F580-1FA0-4C34-B0EF-61D4BC34A5E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331394&octid=EB_ORIGINAL_CTID&ISID=M4E87B030-82D2-448C-B5C0-7AFF3FA99908&SearchSource=58&CUI=&UM=6&UP=SP727B140A-29DF-4E80-8731-49567B089789&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331394&octid=EB_ORIGINAL_CTID&ISID=M4E87B030-82D2-448C-B5C0-7AFF3FA99908&SearchSource=58&CUI=&UM=6&UP=SP727B140A-29DF-4E80-8731-49567B089789&q={searchTerms}&SSPV=
SearchScopes: HKCU - {72A5F580-1FA0-4C34-B0EF-61D4BC34A5E0} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/00%20A%20Temp/001%20USB%20DOking/launch.ocx
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3331394&octid=EB_ORIGINAL_CTID&ISID=M4E87B030-82D2-448C-B5C0-7AFF3FA99908&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP727B140A-29DF-4E80-8731-49567B089789
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3331394&octid=EB_ORIGINAL_CTID&ISID=M4E87B030-82D2-448C-B5C0-7AFF3FA99908&SearchSource=55&CUI=&UM=6&UP=SP727B140A-29DF-4E80-8731-49567B089789&SSPV=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: Avira Savings Advisor - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\Extensions\ciuvo-extension@avira.de [2014-05-04]
FF Extension: Xmarks - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\Extensions\foxmarks@kei.com [2014-09-17]
FF Extension: Avira SafeSearch - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\Extensions\safesearch@avira.com [2014-09-29]
FF Extension: My Swisscom Assistant - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\Extensions\{6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B} [2014-05-15]
FF Extension: Tab Mix Plus - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-09-06]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-01] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3014616 2014-09-29] (Client Connect LTD)
R2 Crypkey License; C:\windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-02] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-02] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-02] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-02] (Intel Corporation)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [627712 2014-04-08] (FileZilla Project) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-04] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-08-18] (LENOVO INCORPORATED.)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-28] (Lenovo)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2014-01-08] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2014-03-28] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2014-03-28] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2014-09-29] (Copyright 2013 SAMSUNG)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-03-28] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-28] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2014-01-07] ()
S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]
S4 McOobeSv2; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-10-07] ()
R3 dlcdcncm6_x64; C:\Windows\system32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-11] (DisplayLink Corp.)
R3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [203152 2013-10-11] (DisplayLink Corp.)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-02] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-02] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-02] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-19] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 qzozigbn; C:\Windows\System32\Drivers\qzozigbn.sys [423240 2014-05-07] (AVAST Software)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 sidtohjv; C:\Windows\System32\Drivers\sidtohjv.sys [423240 2014-05-04] (AVAST Software)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-29] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1527928 2013-08-23] (Sunplus)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-05-07] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 PCASp60; System32\Drivers\PCASp60.sys [X]
R3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 17:30 - 2014-10-08 17:31 - 00000000 ____D () C:\FRST
2014-10-03 11:30 - 2014-10-03 17:10 - 00000000 ____D () C:\Program Files\Q-Dir
2014-10-03 11:19 - 2014-10-03 11:19 - 00000000 ____D () C:\Users\Marcel\AppData\Local\GHISLER
2014-10-03 11:17 - 2014-10-03 11:17 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\GHISLER
2014-10-03 09:03 - 2014-10-03 09:18 - 00000004 _____ () C:\windows\vx86036.dat
2014-10-03 09:03 - 2014-10-03 09:13 - 00000260 _____ () C:\CKINFO.TXT
2014-10-03 09:03 - 2014-10-03 09:03 - 00000000 ____D () C:\ProgramData\CrypKey
2014-10-03 09:02 - 2014-10-08 16:42 - 00035907 _____ () C:\windows\errord.log
2014-10-03 09:02 - 2014-10-08 16:42 - 00000248 _____ () C:\windows\error.log
2014-10-03 09:02 - 2014-10-03 09:18 - 00003360 _____ () C:\windows\system32\esnecil.ind
2014-10-03 09:02 - 2014-10-03 09:18 - 00000127 _____ () C:\windows\Crypkey.ini
2014-10-03 09:02 - 2014-10-03 09:18 - 00000000 ____D () C:\Program Files\Stellar Phoenix Outlook PST Repair
2014-10-03 09:02 - 2008-05-08 01:29 - 00122880 _____ (CrypKey (Canada) Ltd.) C:\windows\system32\Crypserv.exe
2014-10-03 09:02 - 2008-03-17 19:12 - 00028664 _____ () C:\windows\system32\Ckldrv.sys
2014-10-03 09:02 - 1999-06-18 22:49 - 00165888 _____ (Kenonic Controls) C:\windows\Ckconfig.exe
2014-10-03 09:02 - 1996-05-03 18:21 - 00027648 ____R () C:\windows\Setup_ck.exe
2014-10-03 09:02 - 1996-05-03 16:36 - 00018432 _____ () C:\windows\Setup_ck.dll
2014-10-03 09:02 - 1995-07-04 19:33 - 00011776 _____ () C:\windows\Ckrfresh.exe
2014-10-03 08:57 - 2014-10-03 08:58 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Systweak
2014-10-03 08:57 - 2012-12-10 12:01 - 00019896 _____ (Systweak Inc., (www.systweak.com)) C:\windows\system32\roboot64.exe
2014-10-02 18:42 - 2014-10-02 18:42 - 00003974 _____ () C:\windows\System32\Tasks\4Team updater
2014-10-02 18:41 - 2014-10-03 16:56 - 00000000 ____D () C:\Program Files (x86)\4Team Corporation
2014-10-02 18:41 - 2014-10-02 18:41 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\4Team
2014-10-02 18:41 - 2014-10-02 18:41 - 00000000 ____D () C:\Users\Marcel\AppData\Local\IsolatedStorage
2014-10-02 09:40 - 2014-10-02 09:40 - 00000000 ____D () C:\Neuer Ordner
2014-10-01 09:42 - 2014-10-08 14:57 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\FileZilla
2014-09-26 15:41 - 2014-09-30 08:40 - 00000000 ____D () C:\Users\Marcel\Tracing
2014-09-26 15:40 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2014-09-26 15:40 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2014-09-26 15:40 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2014-09-26 15:40 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2014-09-26 15:40 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2014-09-26 15:40 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2014-09-26 15:40 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2014-09-26 15:40 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2014-09-26 15:39 - 2014-09-26 15:39 - 00002242 _____ () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-09-26 15:39 - 2014-09-26 15:39 - 00002147 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-09-26 15:39 - 2014-09-26 15:39 - 00002147 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-09-26 15:39 - 2014-09-26 15:39 - 00000196 _____ () C:\windows\DirectX.log
2014-09-26 15:39 - 2014-09-26 15:39 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2014-09-26 15:39 - 2014-09-26 15:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-09-26 15:39 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_42.dll
2014-09-26 15:39 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_42.dll
2014-09-26 15:39 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_32.dll
2014-09-26 15:39 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_32.dll
2014-09-26 15:38 - 2014-09-30 08:54 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Windows Live
2014-09-25 13:13 - 2014-10-08 16:50 - 00003718 _____ () C:\windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-09-25 13:13 - 2014-09-25 13:13 - 00003476 _____ () C:\windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-09-25 09:57 - 2014-09-25 09:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 17:16 - 2014-09-24 17:16 - 00000000 ____D () C:\Users\Marcel\AppData\Local\FreemakeVideoDownloader
2014-09-17 19:25 - 2014-09-17 19:25 - 00000000 ____D () C:\ProgramData\374311380
2014-09-17 19:14 - 2014-09-17 19:25 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-09-17 19:14 - 2014-09-17 19:14 - 00000955 _____ () C:\Users\Public\Desktop\FreeFileSync.lnk
2014-09-16 09:11 - 2014-09-16 09:11 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\Program Files\iTunes
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\Program Files\iPod
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-15 08:43 - 2014-07-24 17:28 - 00468288 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-09-15 08:43 - 2014-07-24 17:28 - 00419648 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-09-15 08:43 - 2014-07-24 17:28 - 00412992 ____C (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2014-09-15 08:43 - 2014-07-24 17:28 - 00280384 ____C (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys
2014-09-15 08:43 - 2014-07-24 17:28 - 00143680 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-09-15 08:43 - 2014-07-24 17:25 - 00054752 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-09-15 08:43 - 2014-07-24 17:23 - 01519488 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-09-15 08:43 - 2014-07-24 17:23 - 00125472 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2014-09-15 08:43 - 2014-07-24 17:20 - 21266336 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-09-15 08:43 - 2014-07-24 17:20 - 00645592 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-09-15 08:43 - 2014-07-24 17:20 - 00263400 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlows.exe
2014-09-15 08:43 - 2014-07-24 17:16 - 02574208 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-09-15 08:43 - 2014-07-24 17:16 - 00211216 _____ (Microsoft Corporation) C:\windows\system32\SndVol.exe
2014-09-15 08:43 - 2014-07-24 17:07 - 07424320 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-09-15 08:43 - 2014-07-24 17:07 - 02009920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-09-15 08:43 - 2014-07-24 17:05 - 01660048 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-09-15 08:43 - 2014-07-24 17:05 - 01519560 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-09-15 08:43 - 2014-07-24 17:05 - 01488008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-09-15 08:43 - 2014-07-24 17:05 - 01356840 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-09-15 08:43 - 2014-07-24 17:03 - 02141920 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00882136 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00818624 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00360480 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00233888 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00205512 _____ (Microsoft Corporation) C:\windows\system32\mftranscode.dll
2014-09-15 08:43 - 2014-07-24 16:57 - 02515264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-09-15 08:43 - 2014-07-24 16:57 - 00475968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-09-15 08:43 - 2014-07-24 15:50 - 00098048 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2014-09-15 08:43 - 2014-07-24 15:48 - 02410976 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-09-15 08:43 - 2014-07-24 15:48 - 00180208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SndVol.exe
2014-09-15 08:43 - 2014-07-24 15:46 - 18760328 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-09-15 08:43 - 2014-07-24 15:46 - 00477200 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 02145472 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 00707536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 00674512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 00355800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 00180720 _____ (Microsoft Corporation) C:\windows\SysWOW64\mftranscode.dll
2014-09-15 08:43 - 2014-07-24 13:51 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTT102.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-09-15 08:43 - 2014-07-24 13:47 - 00132608 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-09-15 08:43 - 2014-07-24 13:46 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-09-15 08:43 - 2014-07-24 13:45 - 00076800 ____C (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-09-15 08:43 - 2014-07-24 13:44 - 00674816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-09-15 08:43 - 2014-07-24 13:43 - 00412160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2014-09-15 08:43 - 2014-07-24 13:42 - 01200640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2014-09-15 08:43 - 2014-07-24 13:42 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nwifi.sys
2014-09-15 08:43 - 2014-07-24 13:42 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NdisImPlatform.sys
2014-09-15 08:43 - 2014-07-24 13:41 - 00118272 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthpan.sys
2014-09-15 08:43 - 2014-07-24 13:41 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bridge.sys
2014-09-15 08:43 - 2014-07-24 13:33 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-09-15 08:43 - 2014-07-24 13:33 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-09-15 08:43 - 2014-07-24 13:22 - 00308736 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2014-09-15 08:43 - 2014-07-24 13:06 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\iasnap.dll
2014-09-15 08:43 - 2014-07-24 13:05 - 00287232 _____ (Microsoft Corporation) C:\windows\system32\usbmon.dll
2014-09-15 08:43 - 2014-07-24 13:05 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-09-15 08:43 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-09-15 08:43 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTT102.DLL
2014-09-15 08:43 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-09-15 08:43 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2014-09-15 08:43 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-09-15 08:43 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-09-15 08:43 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-09-15 08:43 - 2014-07-24 12:49 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\WorkFoldersGPExt.dll
2014-09-15 08:43 - 2014-07-24 12:33 - 00026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-09-15 08:43 - 2014-07-24 12:32 - 00207360 _____ (Microsoft Corporation) C:\windows\system32\powercfg.cpl
2014-09-15 08:43 - 2014-07-24 12:20 - 02050560 _____ (Microsoft Corporation) C:\windows\system32\SRH.dll
2014-09-15 08:43 - 2014-07-24 12:18 - 01089024 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-09-15 08:43 - 2014-07-24 12:12 - 00878592 _____ (Microsoft Corporation) C:\windows\system32\ActionCenter.dll
2014-09-15 08:43 - 2014-07-24 12:10 - 01844224 _____ (Microsoft Corporation) C:\windows\system32\Display.dll
2014-09-15 08:43 - 2014-07-24 12:10 - 00834560 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-09-15 08:43 - 2014-07-24 12:10 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-09-15 08:43 - 2014-07-24 12:10 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\iasnap.dll
2014-09-15 08:43 - 2014-07-24 12:09 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-09-15 08:43 - 2014-07-24 12:06 - 00438272 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2014-09-15 08:43 - 2014-07-24 12:05 - 00187392 _____ (Microsoft Corporation) C:\windows\system32\WorkFoldersShell.dll
2014-09-15 08:43 - 2014-07-24 11:53 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\prnntfy.dll
2014-09-15 08:43 - 2014-07-24 11:52 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\comdlg32.dll
2014-09-15 08:43 - 2014-07-24 11:44 - 16874496 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-09-15 08:43 - 2014-07-24 11:42 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\powercfg.cpl
2014-09-15 08:43 - 2014-07-24 11:40 - 00557056 _____ (Microsoft Corporation) C:\windows\system32\PrintDialogs.dll
2014-09-15 08:43 - 2014-07-24 11:39 - 00770048 _____ (Microsoft Corporation) C:\windows\system32\WorkfoldersControl.dll
2014-09-15 08:43 - 2014-07-24 11:33 - 01741824 _____ (Microsoft Corporation) C:\windows\SysWOW64\SRH.dll
2014-09-15 08:43 - 2014-07-24 11:32 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-09-15 08:43 - 2014-07-24 11:27 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-09-15 08:43 - 2014-07-24 11:27 - 00779264 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-09-15 08:43 - 2014-07-24 11:25 - 00832512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ActionCenter.dll
2014-09-15 08:43 - 2014-07-24 11:24 - 01817088 _____ (Microsoft Corporation) C:\windows\SysWOW64\Display.dll
2014-09-15 08:43 - 2014-07-24 11:23 - 00328704 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2014-09-15 08:43 - 2014-07-24 11:21 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\browser.dll
2014-09-15 08:43 - 2014-07-24 11:18 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wlansvcpal.dll
2014-09-15 08:43 - 2014-07-24 11:16 - 12730880 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-09-15 08:43 - 2014-07-24 11:14 - 00443904 _____ (Microsoft Corporation) C:\windows\system32\wlansec.dll
2014-09-15 08:43 - 2014-07-24 11:13 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\prnntfy.dll
2014-09-15 08:43 - 2014-07-24 11:12 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\WiFiDisplay.dll
2014-09-15 08:43 - 2014-07-24 11:11 - 00356864 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-09-15 08:43 - 2014-07-24 11:11 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\wshbth.dll
2014-09-15 08:43 - 2014-07-24 11:10 - 00540672 _____ (Microsoft Corporation) C:\windows\SysWOW64\comdlg32.dll
2014-09-15 08:43 - 2014-07-24 11:09 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\httpprxm.dll
2014-09-15 08:43 - 2014-07-24 11:04 - 00492032 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintDialogs.dll
2014-09-15 08:43 - 2014-07-24 11:04 - 00183808 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2014-09-15 08:43 - 2014-07-24 11:03 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2014-09-15 08:43 - 2014-07-24 11:02 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-09-15 08:43 - 2014-07-24 10:58 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\BluetoothApis.dll
2014-09-15 08:43 - 2014-07-24 10:53 - 01261056 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2014-09-15 08:43 - 2014-07-24 10:53 - 00449536 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2014-09-15 08:43 - 2014-07-24 10:49 - 01361408 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-09-15 08:43 - 2014-07-24 10:49 - 01287680 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll
2014-09-15 08:43 - 2014-07-24 10:49 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\wlanapi.dll
2014-09-15 08:43 - 2014-07-24 10:49 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\adhsvc.dll
2014-09-15 08:43 - 2014-07-24 10:48 - 00659968 _____ (Microsoft Corporation) C:\windows\system32\Windows.Devices.Bluetooth.dll
2014-09-15 08:43 - 2014-07-24 10:47 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-09-15 08:43 - 2014-07-24 10:43 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshbth.dll
2014-09-15 08:43 - 2014-07-24 10:39 - 02397184 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2014-09-15 08:43 - 2014-07-24 10:38 - 00371200 _____ (Microsoft Corporation) C:\windows\system32\wlanmsm.dll
2014-09-15 08:43 - 2014-07-24 10:36 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\BluetoothApis.dll
2014-09-15 08:43 - 2014-07-24 10:32 - 01532416 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll
2014-09-15 08:43 - 2014-07-24 10:30 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanapi.dll
2014-09-15 08:43 - 2014-07-24 10:29 - 00439296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-15 08:43 - 2014-07-24 10:28 - 00595456 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.dll
2014-09-15 08:43 - 2014-07-24 10:27 - 00907776 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2014-09-15 08:43 - 2014-07-24 10:24 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 08:43 - 2014-07-24 10:23 - 01404416 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2014-09-15 08:43 - 2014-07-24 10:22 - 00487936 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv
2014-09-15 08:43 - 2014-07-24 10:21 - 01231872 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.dll
2014-09-15 08:43 - 2014-07-24 10:21 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanmsm.dll
2014-09-15 08:43 - 2014-07-24 10:20 - 00187392 _____ (Microsoft Corporation) C:\windows\system32\puiapi.dll
2014-09-15 08:43 - 2014-07-24 10:19 - 00388608 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-09-15 08:43 - 2014-07-24 10:18 - 01144320 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll
2014-09-15 08:43 - 2014-07-24 10:18 - 00795136 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe
2014-09-15 08:43 - 2014-07-24 10:18 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-09-15 08:43 - 2014-07-24 10:16 - 00505344 _____ (Microsoft Corporation) C:\windows\system32\VAN.dll
2014-09-15 08:43 - 2014-07-24 10:16 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\wpdbusenum.dll
2014-09-15 08:43 - 2014-07-24 10:15 - 00828416 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-09-15 08:43 - 2014-07-24 10:15 - 00721408 _____ (Microsoft Corporation) C:\windows\system32\twinapi.dll
2014-09-15 08:43 - 2014-07-24 10:15 - 00432128 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.dll
2014-09-15 08:43 - 2014-07-24 10:13 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\SndVolSSO.dll
2014-09-15 08:43 - 2014-07-24 10:12 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 08:43 - 2014-07-24 10:10 - 01029632 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-09-15 08:43 - 2014-07-24 10:10 - 00889344 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.dll
2014-09-15 08:43 - 2014-07-24 10:10 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-09-15 08:43 - 2014-07-24 10:10 - 00371712 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv
2014-09-15 08:43 - 2014-07-24 10:08 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2014-09-15 08:43 - 2014-07-24 10:08 - 00162816 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiapi.dll
2014-09-15 08:43 - 2014-07-24 10:07 - 01705472 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-09-15 08:43 - 2014-07-24 10:06 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-09-15 08:43 - 2014-07-24 10:05 - 00448000 _____ (Microsoft Corporation) C:\windows\SysWOW64\VAN.dll
2014-09-15 08:43 - 2014-07-24 10:04 - 00667136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-09-15 08:43 - 2014-07-24 10:02 - 03465216 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-09-15 08:43 - 2014-07-24 10:01 - 05833216 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Search.dll
2014-09-15 08:43 - 2014-07-24 10:01 - 01992192 _____ (Microsoft Corporation) C:\windows\system32\XpsPrint.dll
2014-09-15 08:43 - 2014-07-24 10:01 - 01126912 _____ (Microsoft Corporation) C:\windows\system32\SearchFolder.dll
2014-09-15 08:43 - 2014-07-24 10:00 - 02100736 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlowUI.dll
2014-09-15 08:43 - 2014-07-24 09:58 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll
2014-09-15 08:43 - 2014-07-24 09:58 - 00288768 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2014-09-15 08:43 - 2014-07-24 09:54 - 01290752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsPrint.dll
2014-09-15 08:43 - 2014-07-24 09:50 - 01182208 _____ (Microsoft Corporation) C:\windows\system32\printui.dll
2014-09-15 08:43 - 2014-07-24 09:50 - 00923136 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-09-15 08:43 - 2014-07-24 09:49 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\DafPrintProvider.dll
2014-09-15 08:43 - 2014-07-24 09:47 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2014-09-15 08:43 - 2014-07-24 09:46 - 08652800 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Search.dll
2014-09-15 08:43 - 2014-07-24 09:44 - 01057792 _____ (Microsoft Corporation) C:\windows\SysWOW64\printui.dll
2014-09-15 08:43 - 2014-07-24 09:43 - 02696704 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2014-09-15 08:43 - 2014-07-24 09:43 - 00756224 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-09-15 08:43 - 2014-07-24 09:43 - 00200192 _____ (Microsoft Corporation) C:\windows\SysWOW64\DafPrintProvider.dll
2014-09-15 08:43 - 2014-07-24 09:41 - 00459264 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2014-09-15 08:43 - 2014-07-24 09:39 - 02642944 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-09-15 08:43 - 2014-07-24 09:38 - 06649344 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-09-15 08:43 - 2014-07-24 09:38 - 05777408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-09-15 08:43 - 2014-07-24 09:33 - 03360768 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-09-15 08:43 - 2014-07-24 09:30 - 02318336 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-09-15 08:43 - 2014-07-24 09:28 - 01600000 _____ (Microsoft Corporation) C:\windows\system32\workfolderssvc.dll
2014-09-15 08:43 - 2014-07-24 06:11 - 00513544 _____ () C:\windows\SysWOW64\locale.nls
2014-09-15 08:43 - 2014-07-24 06:11 - 00513544 _____ () C:\windows\system32\locale.nls
2014-09-15 08:43 - 2014-07-12 07:55 - 00268288 _____ (Microsoft Corporation) C:\windows\system32\wisp.dll
2014-09-15 08:43 - 2014-07-12 07:23 - 00436224 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2014-09-15 08:43 - 2014-07-12 06:58 - 00210944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wisp.dll
2014-09-15 08:43 - 2014-07-12 06:33 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2014-09-15 08:43 - 2014-07-12 06:13 - 01417216 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-15 08:43 - 2014-07-10 01:19 - 00387391 _____ () C:\windows\system32\ApnDatabase.xml
2014-09-15 08:43 - 2014-07-04 14:59 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ks.sys
2014-09-15 08:43 - 2014-07-04 12:29 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\AppxSip.dll
2014-09-15 08:43 - 2014-07-04 12:20 - 01656832 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2014-09-15 08:43 - 2014-07-04 12:06 - 00095232 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxSip.dll
2014-09-15 08:43 - 2014-07-04 12:00 - 01351168 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2014-09-15 08:43 - 2014-07-04 11:30 - 00544768 _____ (Microsoft Corporation) C:\windows\system32\AppxPackaging.dll
2014-09-15 08:43 - 2014-07-04 11:27 - 00474112 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxPackaging.dll
2014-09-15 08:43 - 2014-06-27 08:22 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-09-15 08:43 - 2014-06-26 02:32 - 01029632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll
2014-09-15 08:43 - 2014-06-26 02:29 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\dab.dll
2014-09-15 08:43 - 2014-06-20 01:37 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-09-15 08:43 - 2014-06-19 04:13 - 00310080 ____C (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-09-15 08:43 - 2014-06-14 08:03 - 02389504 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-15 08:43 - 2014-06-14 07:46 - 02071552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-15 08:43 - 2014-06-07 14:46 - 00216368 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2014-09-15 08:43 - 2014-06-07 12:20 - 00189016 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2014-09-15 08:43 - 2014-06-05 16:00 - 01118040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2014-09-15 08:43 - 2014-06-05 12:18 - 01018368 _____ (Microsoft Corporation) C:\windows\system32\aclui.dll
2014-09-15 08:43 - 2014-06-05 11:42 - 00889856 _____ (Microsoft Corporation) C:\windows\SysWOW64\aclui.dll
2014-09-15 08:43 - 2014-05-31 07:00 - 01463808 _____ (Microsoft Corporation) C:\windows\system32\wsecedit.dll
2014-09-15 08:43 - 2014-05-31 06:18 - 01319936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsecedit.dll
2014-09-15 08:43 - 2014-05-29 08:23 - 00427008 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2014-09-15 08:43 - 2014-05-29 07:25 - 00313856 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2014-09-15 08:43 - 2014-05-29 07:20 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-09-15 08:43 - 2014-05-29 06:36 - 00344576 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-09-15 08:43 - 2014-05-26 09:26 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\AppxSysprep.dll
2014-09-15 08:43 - 2014-05-10 12:12 - 00387896 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2014-09-15 08:43 - 2014-05-10 10:46 - 00335680 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2014-09-15 08:43 - 2014-05-06 06:41 - 00486744 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2014-09-15 08:43 - 2014-05-06 02:55 - 00391000 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2014-09-15 08:43 - 2014-03-25 04:27 - 00160600 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll
2014-09-15 08:43 - 2014-03-25 04:27 - 00123920 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll
2014-09-15 08:43 - 2014-03-25 03:20 - 00128568 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll
2014-09-15 08:43 - 2014-03-25 03:20 - 00127544 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll
2014-09-15 08:37 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\windows\explorer.exe
2014-09-15 08:37 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2014-09-15 08:37 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-09-15 08:37 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-09-15 08:37 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-09-15 08:37 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-09-15 08:37 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\windows\system32\uDWM.dll
2014-09-15 08:37 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-09-15 08:37 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-09-15 08:37 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys
2014-09-15 08:37 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\windows\system32\WSDMon.dll
2014-09-15 08:37 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\windows\system32\tcpmon.dll
2014-09-10 16:49 - 2014-09-05 04:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-09-10 16:49 - 2014-09-05 04:31 - 00527360 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-10 16:49 - 2014-09-05 02:48 - 00738816 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 15:53 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-10 15:53 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-10 15:53 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-10 15:53 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-10 15:53 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-10 15:53 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-10 15:53 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-10 15:53 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-10 15:53 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-10 15:53 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:53 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-10 15:53 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-10 15:53 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-10 15:53 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-10 15:53 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-10 15:53 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-10 15:53 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-10 15:53 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-10 15:53 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-10 15:53 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-10 15:53 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-10 15:53 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 15:53 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-10 15:53 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-10 15:53 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-10 15:53 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-10 15:53 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-10 15:53 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-10 15:53 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-10 15:53 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-10 15:53 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-10 15:53 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-10 15:53 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-10 15:53 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-10 15:53 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-10 15:17 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-09-10 15:17 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2014-09-10 15:17 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 17:24 - 2014-04-22 15:13 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3121602427-3534730855-1075997385-1001
2014-10-08 17:00 - 2014-03-28 08:34 - 01685567 _____ () C:\windows\WindowsUpdate.log
2014-10-08 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\system32\sru
2014-10-08 16:56 - 2014-04-29 09:31 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 16:50 - 2014-03-28 09:27 - 00898466 _____ () C:\windows\system32\perfh00C.dat
2014-10-08 16:50 - 2014-03-28 09:27 - 00220728 _____ () C:\windows\system32\perfc00C.dat
2014-10-08 16:50 - 2014-03-28 09:24 - 00943060 _____ () C:\windows\system32\perfh007.dat
2014-10-08 16:50 - 2014-03-28 09:24 - 00222122 _____ () C:\windows\system32\perfc007.dat
2014-10-08 16:50 - 2013-10-07 20:27 - 00005682 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-08 16:45 - 2014-04-22 15:14 - 00000000 ___DO () C:\Users\Marcel\SkyDrive
2014-10-08 16:43 - 2013-08-22 16:46 - 00033998 _____ () C:\windows\setupact.log
2014-10-08 16:42 - 2014-04-22 15:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-08 16:42 - 2013-10-07 20:23 - 00137906 _____ () C:\windows\PFRO.log
2014-10-08 16:42 - 2013-08-22 16:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-08 16:42 - 2013-08-22 16:44 - 00499656 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-08 14:30 - 2014-04-22 15:38 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{F5291F67-CB16-4602-A1AA-B673A0FBD3F7}
2014-10-08 13:26 - 2014-04-22 19:56 - 00000432 _____ () C:\windows\BRWMARK.INI
2014-10-08 10:18 - 2014-04-30 12:43 - 00000000 ____D () C:\Users\Marcel\AppData\Local\CrashDumps
2014-10-07 09:59 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\AppReadiness
2014-10-05 17:00 - 2014-03-28 08:55 - 00008704 _____ () C:\windows\system32\VfService.trf
2014-10-05 15:12 - 2014-04-29 10:05 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\vlc
2014-10-05 13:23 - 2014-06-19 14:39 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\SmartDraw
2014-10-05 10:09 - 2014-08-08 08:06 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-05 10:09 - 2014-05-04 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-05 10:09 - 2014-05-04 19:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-05 10:09 - 2014-03-28 08:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-03 19:44 - 2014-04-22 16:42 - 00022393 _____ () C:\windows\Q-Dir.ini
2014-10-03 16:56 - 2014-04-20 09:09 - 00000000 ____D () C:\MADProg
2014-10-03 16:56 - 2014-04-20 09:08 - 00000000 ____D () C:\MADDaten
2014-10-03 11:32 - 2014-04-22 16:42 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Q-Dir
2014-10-02 18:40 - 2014-03-28 08:55 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-10-01 19:56 - 2014-09-06 07:49 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-10-01 13:57 - 2014-05-05 08:09 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-10-01 13:57 - 2014-05-04 19:20 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-10-01 13:57 - 2014-05-04 19:20 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-10-01 09:43 - 2014-04-22 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-10-01 09:43 - 2014-04-22 16:35 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-10-01 07:58 - 2014-08-30 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-09-30 08:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-26 15:41 - 2014-04-22 15:08 - 00000000 ____D () C:\Users\Marcel
2014-09-26 13:19 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\rescache
2014-09-26 10:26 - 2013-08-22 17:20 - 00000000 ____D () C:\windows\CbsTemp
2014-09-25 17:44 - 2014-04-22 17:41 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Nitro PDF
2014-09-25 13:13 - 2014-03-28 08:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-22 09:07 - 2014-04-22 16:37 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 19:14 - 2014-09-06 07:48 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\RHEng
2014-09-17 19:14 - 2014-04-29 14:34 - 00000967 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2014-09-17 19:14 - 2014-04-29 14:34 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2014-09-15 14:47 - 2013-08-22 15:25 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-09-15 14:46 - 2013-08-22 21:12 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\windows\ToastData
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\WinStore
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\SysWOW64\setup
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\SysWOW64\InputMethod
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\system32\setup
2014-09-15 14:46 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\system32\oobe
2014-09-10 19:49 - 2014-07-09 18:28 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-10 19:48 - 2014-04-28 20:40 - 00000000 ____D () C:\windows\system32\MRT
2014-09-10 19:48 - 2014-04-22 17:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 19:47 - 2014-04-28 20:40 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-10 15:53 - 2014-06-11 16:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-10 15:53 - 2014-06-11 16:52 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-10 15:53 - 2014-06-11 16:44 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-10 15:53 - 2014-06-11 16:44 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-10 15:53 - 2014-06-11 16:44 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-10 15:53 - 2014-04-28 20:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-10 15:53 - 2014-04-28 20:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-10 08:00 - 2014-07-08 18:39 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 08:00 - 2014-04-29 09:31 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Marcel\AppData\Local\Temp\avgnt.exe
C:\Users\Marcel\AppData\Local\Temp\dlLogic.exe
C:\Users\Marcel\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.10.exe
C:\Users\Marcel\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.3.exe
C:\Users\Marcel\AppData\Local\Temp\FreemakeVideoDownloader_3.7.0.1.exe
C:\Users\Marcel\AppData\Local\Temp\GCVerifier.dll
C:\Users\Marcel\AppData\Local\Temp\i4jdel0.exe
C:\Users\Marcel\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_Screenpresso.exe
C:\Users\Marcel\AppData\Local\Temp\K-Lite_Codec_Pack_Basic.exe
C:\Users\Marcel\AppData\Local\Temp\ms.exe
C:\Users\Marcel\AppData\Local\Temp\msvcr71.dll
C:\Users\Marcel\AppData\Local\Temp\MySwisscomAssistant_Setup.exe
C:\Users\Marcel\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\Marcel\AppData\Local\Temp\nsb3E39.exe
C:\Users\Marcel\AppData\Local\Temp\nsd3407.exe
C:\Users\Marcel\AppData\Local\Temp\nsf231B.exe
C:\Users\Marcel\AppData\Local\Temp\nsf37F0.exe
C:\Users\Marcel\AppData\Local\Temp\nsm25AD.exe
C:\Users\Marcel\AppData\Local\Temp\nsoE6A.exe
C:\Users\Marcel\AppData\Local\Temp\nsq89F0.exe
C:\Users\Marcel\AppData\Local\Temp\nss4109.exe
C:\Users\Marcel\AppData\Local\Temp\nsu1149.exe
C:\Users\Marcel\AppData\Local\Temp\optprosetup.exe
C:\Users\Marcel\AppData\Local\Temp\Q-Dir_uninstall.exe
C:\Users\Marcel\AppData\Local\Temp\Quarantine.exe
C:\Users\Marcel\AppData\Local\Temp\safepstbackup_1_00.exe
C:\Users\Marcel\AppData\Local\Temp\SamsungAPInstaller_1412143055024.exe
C:\Users\Marcel\AppData\Local\Temp\ScreenpressoUpd.exe
C:\Users\Marcel\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\Marcel\AppData\Local\Temp\spstub.exe
C:\Users\Marcel\AppData\Local\Temp\verifier.exe
C:\Users\Marcel\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-05 13:15

==================== End Of Log ============================

--- --- ---

--- --- ---

sugus666 · 09.10.2014, 11:17

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Marcel at 2014-10-08 17:31:28
Running from F:\90 Daten Systemordner\Downloads_sys
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Album 2.0 Starter Edition (HKLM-x32\...\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}) (Version: 2.00.100 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Wireless Router Device Discovery Utility (HKLM-x32\...\{09CDCA35-23FF-4ED6-AFDA-BBD55235CE4B}) (Version: 1.4.6.5 - ASUS)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Avira Savings Advisor (HKLM-x32\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-9440CN (HKLM-x32\...\{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.30.00 - Lenovo Group Limited) Hidden
DisplayLink Core Software (HKLM\...\{BB07E020-7224-4EC3-864E-2AA0BF42A7DD}) (Version: 7.4.51572.0 - DisplayLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.51 - Lenovo)
Energy Manager (x32 Version: 1.0.1.51 - Lenovo) Hidden
eTax.zug 2013 jP 1.0.0 (HKLM-x32\...\9994-2633-2807-7220) (Version: 1.0.0 - Information Factory AG)
Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.44 - FileZilla Project)
FreeFileSync 6.9 (HKLM-x32\...\FreeFileSync) (Version: 6.9 - Zenju)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
ICP Basis 7.00 (HKLM-x32\...\ICP Basis 7.00) (Version:  - )
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel(R) Experience Center Driver (Version: 1.9.0.8 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.05.3000.0599 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1c7272f2-45cf-469f-b7e9-17c6b212549c}) (Version: 16.5.3 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.29.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.5.35 - SunplusIT)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{0D740B00-2307-44AC-B91B-F3E67444ECA6}) (Version: 2.0.1.0107 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.1.0107 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.0 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.12271 - Lenovo)
Lenovo USB Graphics (HKLM\...\{7257526E-B74A-488E-BA2E-56327482B06B}) (Version: 7.4.51587.0 - Lenovo)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.3 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.3 - Lenovo) Hidden
MailStore Home 8.2.0.9316 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.0.9316 - MailStore Software GmbH)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2003 (HKLM-x32\...\{90510407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Project Standard 2002 (HKLM-x32\...\{903A0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2915.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Swisscom Assistant (HKLM-x32\...\My Swisscom Assistant) (Version: 1.1.0.71 - Swisscom (Schweiz) AG)
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:  - )
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.1 - Notepad++ Team)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Private Tax 2013 1.4.0 (HKLM-x32\...\0579-4231-5684-8562) (Version: 1.4.0 - Information Factory AG)
Q-Dir (HKLM\...\Q-Dir) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7058 - Realtek Semiconductor Corp.)
ReminderInstaller (HKLM-x32\...\InstallShield_{48B99BC9-CEB0-485E-96B1-4609BC86D2DE}) (Version: 1.00.0000 - Absolute Software.)
ReminderInstaller (x32 Version: 1.00.0000 - Absolute Software.) Hidden
Samsung Link 2.0.0.1409291832 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1409291832 - Copyright 2013 SAMSUNG)
Screenpresso (HKCU\...\Screenpresso) (Version: 1.5.2.0 - Learnpulse)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.17.25.52 - Client Connect LTD) <==== ATTENTION
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Snapform Viewer 1.7.36 (HKLM\...\2841-5017-1617-4151) (Version: 1.7.36 - Ringler Informatik AG)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.7 - Synaptics Incorporated)
ThinkPad USB 3.0 Dock (HKLM-x32\...\{69109A9C-1D00-4A84-9ABF-AAE9CADD20DD}) (Version: 1.07.15 - Lenovo)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft en-us Dictionary (Version: 16.1.924.1 - Microsoft Corporation) Hidden
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WHS ProStation (HKCU\...\InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}) (Version: 2.38.56.10.2 - WH SELFINVEST)
WHS ProStation (x32 Version: 2.38.56.10.2 - WH SELFINVEST) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.014.0106 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3121602427-3534730855-1075997385-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1FA5F244-9468-D082-1262-D4EE85889A47} No File
CustomCLSID: HKU\S-1-5-21-3121602427-3534730855-1075997385-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3121602427-3534730855-1075997385-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3121602427-3534730855-1075997385-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5FB02946-9468-D082-10B9-C1AE85889A47} No File
CustomCLSID: HKU\S-1-5-21-3121602427-3534730855-1075997385-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3121602427-3534730855-1075997385-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

02-10-2014 16:41:05 Installed 4Team Safe PST Backup Free Edition.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04232B5E-E0AC-4061-BED7-2DB835B4BAE2} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {114B555B-6E44-421B-90EC-509925C4578F} - System32\Tasks\4Team updater => C:\Program Files (x86)\4Team Corporation\4Team-Updater\4Team-Updater.exe
Task: {11CF1733-D8D7-4871-9BB3-A8BBE91DE674} - System32\Tasks\MsgUpdateCheck (ed5bac9b-5ca0-4f99-aa46-a881a08ff6f3) => C:\SmartDraw CI\MarkedUp\tray\TrayNotifierNET35.exe [2014-04-30] (MarkedUp Inc)
Task: {19676596-235C-492C-9BBD-B736CE6B4742} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2DAB1B69-C85F-42A2-A48E-422D2098AD27} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-09-10] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {47DAC2D1-53B1-4FA7-BBF0-C85625213A6A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A43190F-D283-4BB8-BEF5-86B2DB9FC4F4} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {5177C064-CC6E-4D71-BE7A-B42FA270C361} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6AB1569F-4369-4546-88C8-735FD098A9AD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {74EAEBD2-C829-4716-8089-1355EFA5D9EB} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {79A937C3-5C94-4168-8180-CE1A5CFF2A6F} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-08-18] ()
Task: {7BA762F4-A324-42D5-8657-FF70FD0439B1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {945A01A3-31C7-48BE-ADA2-064B92034779} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AB1B2D4F-AD1B-4388-807F-BA561CDE4FD9} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-03-28] (Lenovo)
Task: {C71A6436-7370-460F-864E-09FE1370A395} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {C955C6CF-08F3-4793-8686-B26787C41B65} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {CD89B46E-816E-4B02-A703-1EF419CC48DE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F97DB1F3-B11D-48E1-B038-8906E0AA1B7E} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {FFA9A996-FEC2-420E-8B15-7FB5F295BCF6} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-29] (Synaptics Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-08-02 02:31 - 2013-08-02 02:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-02 02:31 - 2013-08-02 02:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-02 02:31 - 2013-08-02 02:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-03-28 08:55 - 2012-04-24 12:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-08-30 09:15 - 2014-09-29 18:32 - 00025088 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2014-08-30 09:15 - 2014-09-29 18:32 - 02633728 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2014-08-30 09:15 - 2014-09-29 18:32 - 02540544 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-12-21 11:25 - 2013-12-21 11:25 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll
2013-12-21 11:26 - 2013-12-21 11:26 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll
2013-12-21 11:27 - 2013-12-21 11:27 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll
2013-10-22 09:52 - 2013-10-22 09:52 - 00030720 _____ () C:\windows\SYSTEM32\MediaDB64.dll
2013-10-22 09:52 - 2013-10-22 09:52 - 00908800 _____ () C:\windows\SYSTEM32\ContentDirectoryPresenter64.dll
2013-12-21 11:27 - 2013-12-21 11:27 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\DMS_Manager.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00049152 _____ () C:\windows\SYSTEM32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00016896 _____ () C:\windows\SYSTEM32\boost_system-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00058880 _____ () C:\windows\SYSTEM32\boost_thread-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00299520 _____ () C:\windows\SYSTEM32\boost_serialization-vc90-mt-1_47.dll
2014-08-30 09:16 - 2014-08-30 09:16 - 00669696 _____ () C:\Windows\Temp\sqlite-3.7.151-amd64-sqlitejdbc.dll
2014-08-30 09:15 - 2014-09-29 18:32 - 00049664 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
2014-08-30 09:15 - 2014-09-29 18:32 - 00500224 _____ () C:\Program Files\Samsung\Samsung Link\utils\MetaExtractorDLL.dll
2014-04-22 20:23 - 2005-04-22 13:36 - 00143360 ____N () C:\windows\system32\BrSNMP64.dll
2014-03-28 08:55 - 2014-03-28 08:55 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-03-28 08:55 - 2014-03-28 08:55 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-03-28 08:55 - 2014-03-28 08:55 - 00062224 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-03-28 08:53 - 2014-01-07 00:14 - 00019440 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
2014-03-28 08:55 - 2014-03-28 08:55 - 00161792 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-28 08:39 - 2013-08-08 22:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-03-28 08:55 - 2014-03-28 08:55 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-09-25 09:57 - 2014-09-25 09:57 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Marcel\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "AutoStartTransition"
HKLM\...\StartupApproved\Run32: => "Yoga Picks"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "FileZilla Server Interface"
HKLM\...\StartupApproved\Run32: => "My Swisscom Assistant"
HKCU\...\StartupApproved\Run: => "AshSnap"

========================= Accounts: ==========================

Administrator (S-1-5-21-3121602427-3534730855-1075997385-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3121602427-3534730855-1075997385-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3121602427-3534730855-1075997385-1003 - Limited - Enabled)
Marcel (S-1-5-21-3121602427-3534730855-1075997385-1001 - Administrator - Enabled) => C:\Users\Marcel

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2014 04:50:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/08/2014 04:50:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/08/2014 04:50:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/08/2014 04:50:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/08/2014 03:09:22 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - CProcess::GetProcessFullName   Unable to get the image full name for the process( ID=44564), GLE=31.

Error: (10/08/2014 03:09:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215f6c5
Name des fehlerhaften Moduls: VfCredProv.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x519ca83b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000031a8
ID des fehlerhaften Prozesses: 0x606c
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3
Vollständiger Name des fehlerhaften Pakets: LogonUI.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LogonUI.exe5

Error: (10/08/2014 03:06:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 98984

Error: (10/08/2014 03:06:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 98984

Error: (10/08/2014 03:06:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/08/2014 00:31:52 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "WINRE_DRV" wurde aufgrund eines Fehlers nicht optimiert: The parameter is incorrect. (0x80070057)


System errors:
=============
Error: (10/08/2014 04:42:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎08.‎10.‎2014 um 15:49:06 unerwartet heruntergefahren.

Error: (10/08/2014 02:58:39 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Für den Miniport "Lenovo USB Ethernet, {EDFB1538-F0E0-4E62-A777-AE89F68F8592}" ist das Ereignis "73" aufgetreten.

Error: (10/08/2014 00:25:33 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR20 gefunden.

Error: (10/08/2014 08:26:10 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR19 gefunden.

Error: (10/07/2014 08:36:37 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR19 gefunden.

Error: (10/07/2014 08:36:36 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR19 gefunden.

Error: (10/07/2014 08:36:36 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR19 gefunden.

Error: (10/07/2014 08:36:36 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR19 gefunden.

Error: (10/07/2014 08:36:36 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR19 gefunden.

Error: (10/07/2014 04:51:53 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Für den Miniport "Lenovo USB Ethernet, {EDFB1538-F0E0-4E62-A777-AE89F68F8592}" ist das Ereignis "73" aufgetreten.


Microsoft Office Sessions:
=========================
Error: (09/12/2014 11:09:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3782 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (06/27/2014 11:30:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1123 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (05/21/2014 10:22:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-05-07 11:05:12.534
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-07 11:05:12.425
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-07 10:48:58.512
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-07 10:48:58.387
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-06 14:05:56.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-06 14:05:56.857
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-05 14:52:47.959
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-05 14:52:47.834
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-05-04 18:15:35.488
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-04 18:15:35.363
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 42%
Total physical RAM: 8104.27 MB
Available physical RAM: 4668.95 MB
Total Pagefile: 9384.27 MB
Available Pagefile: 5394.92 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:217.68 GB) (Free:145.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.92 GB) NTFS
Drive e: (MAESE_SAFE) (Fixed) (Total:465.75 GB) (Free:31.06 GB) NTFS
Drive f: (Daten) (Fixed) (Total:216.58 GB) (Free:189.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: D9341526)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 8D399BC0)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 09.10.2014, 20:00

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Avira Savings Advisor

Search Protect
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

sugus666 · 09.10.2014, 23:40

hallo Schrauber
nochmals herzlichen Dank für deinen tollen Job

- es lief alles rund und das System scheint nun wieder Ok ... soweit ich es beurteilen kann!

AVIRA habe ich deinstalliert - nun die 'Gretchen-Frage', was empfiehlst du mir als Alternative?

- Variante kostenpflichtig?
- Variante free?

Gruss
sugus666

Nachfolgend noch die 4 Files:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Marcel (administrator) on SUGUS on 10-10-2014 00:32:03
Running from F:\90 Daten Systemordner\Downloads_sys
Loaded Profile: Marcel (Available profiles: Marcel & Administrator)
Platform: Windows 8.1 (X64) OS Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Learnpulse) C:\Users\Marcel\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
(Docking Station) C:\Program Files (x86)\Lenovo\USB3.0 Dock\igpxtskmgn64win8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Nenad Hrg (SoftwareOK.com)) C:\Program Files\Q-Dir\Q-Dir.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13656792 2013-10-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-02] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-28] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-28] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59923440 2014-03-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2014-09-29] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119280 2014-01-06] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [My Swisscom Assistant] => C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe [7503792 2014-02-27] (Swisscom (Schweiz) AG)
HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2322944 2014-04-08] (FileZilla Project)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3121602427-3534730855-1075997385-1001\...\Run: [Screenpresso] => C:\Users\Marcel\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe [10983952 2014-09-22] (Learnpulse)
HKU\S-1-5-21-3121602427-3534730855-1075997385-1001\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe
HKU\S-1-5-21-3121602427-3534730855-1075997385-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\igpxtskmgn.lnk
ShortcutTarget: igpxtskmgn.lnk -> C:\Program Files (x86)\Lenovo\USB3.0 Dock\igpxtskmgn64win8.exe (Docking Station)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.bat ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {72A5F580-1FA0-4C34-B0EF-61D4BC34A5E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - {72A5F580-1FA0-4C34-B0EF-61D4BC34A5E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - {72A5F580-1FA0-4C34-B0EF-61D4BC34A5E0} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/00%20A%20Temp/001%20USB%20DOking/launch.ocx
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: Xmarks - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\Extensions\foxmarks@kei.com [2014-09-17]
FF Extension: My Swisscom Assistant - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\Extensions\{6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B} [2014-05-15]
FF Extension: Tab Mix Plus - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-09-06]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 Crypkey License; C:\windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-02] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-02] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-02] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-02] (Intel Corporation)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [627712 2014-04-08] (FileZilla Project) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-04] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-08-18] (LENOVO INCORPORATED.)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-28] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2014-01-08] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2014-03-28] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2014-03-28] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2014-09-29] (Copyright 2013 SAMSUNG)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-03-28] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-28] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2014-01-07] ()
S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]
S4 McOobeSv2; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-10-07] ()
R3 dlcdcncm6_x64; C:\Windows\system32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-11] (DisplayLink Corp.)
R3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [203152 2013-10-11] (DisplayLink Corp.)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-02] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-02] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-02] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-19] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 qzozigbn; C:\Windows\System32\Drivers\qzozigbn.sys [423240 2014-05-07] (AVAST Software)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 sidtohjv; C:\Windows\System32\Drivers\sidtohjv.sys [423240 2014-05-04] (AVAST Software)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-29] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1527928 2013-08-23] (Sunplus)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-05-07] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 PCASp60; System32\Drivers\PCASp60.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 00:16 - 2014-10-10 00:16 - 00001716 _____ () C:\Users\Marcel\Desktop\JRT.txt
2014-10-10 00:14 - 2014-10-10 00:14 - 00000000 ____D () C:\windows\ERUNT
2014-10-09 23:27 - 2014-10-10 00:12 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 23:26 - 2014-10-09 23:26 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-09 23:26 - 2014-10-09 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-09 23:26 - 2014-10-09 23:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-09 23:26 - 2014-10-09 23:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-09 23:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-09 23:26 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-09 23:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-09 23:20 - 2014-10-09 23:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-08 17:30 - 2014-10-10 00:32 - 00000000 ____D () C:\FRST
2014-10-03 11:30 - 2014-10-03 17:10 - 00000000 ____D () C:\Program Files\Q-Dir
2014-10-03 11:19 - 2014-10-03 11:19 - 00000000 ____D () C:\Users\Marcel\AppData\Local\GHISLER
2014-10-03 11:17 - 2014-10-03 11:17 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\GHISLER
2014-10-03 09:03 - 2014-10-03 09:18 - 00000004 _____ () C:\windows\vx86036.dat
2014-10-03 09:03 - 2014-10-03 09:13 - 00000260 _____ () C:\CKINFO.TXT
2014-10-03 09:03 - 2014-10-03 09:03 - 00000000 ____D () C:\ProgramData\CrypKey
2014-10-03 09:02 - 2014-10-10 00:12 - 00035991 _____ () C:\windows\errord.log
2014-10-03 09:02 - 2014-10-10 00:12 - 00000620 _____ () C:\windows\error.log
2014-10-03 09:02 - 2014-10-03 09:18 - 00003360 _____ () C:\windows\system32\esnecil.ind
2014-10-03 09:02 - 2014-10-03 09:18 - 00000127 _____ () C:\windows\Crypkey.ini
2014-10-03 09:02 - 2014-10-03 09:18 - 00000000 ____D () C:\Program Files\Stellar Phoenix Outlook PST Repair
2014-10-03 09:02 - 2008-05-08 01:29 - 00122880 _____ (CrypKey (Canada) Ltd.) C:\windows\system32\Crypserv.exe
2014-10-03 09:02 - 2008-03-17 19:12 - 00028664 _____ () C:\windows\system32\Ckldrv.sys
2014-10-03 09:02 - 1999-06-18 22:49 - 00165888 _____ (Kenonic Controls) C:\windows\Ckconfig.exe
2014-10-03 09:02 - 1996-05-03 18:21 - 00027648 ____R () C:\windows\Setup_ck.exe
2014-10-03 09:02 - 1996-05-03 16:36 - 00018432 _____ () C:\windows\Setup_ck.dll
2014-10-03 09:02 - 1995-07-04 19:33 - 00011776 _____ () C:\windows\Ckrfresh.exe
2014-10-02 18:42 - 2014-10-02 18:42 - 00003974 _____ () C:\windows\System32\Tasks\4Team updater
2014-10-02 18:41 - 2014-10-03 16:56 - 00000000 ____D () C:\Program Files (x86)\4Team Corporation
2014-10-02 18:41 - 2014-10-02 18:41 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\4Team
2014-10-02 18:41 - 2014-10-02 18:41 - 00000000 ____D () C:\Users\Marcel\AppData\Local\IsolatedStorage
2014-10-02 09:40 - 2014-10-02 09:40 - 00000000 ____D () C:\Neuer Ordner
2014-10-01 09:42 - 2014-10-09 12:03 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\FileZilla
2014-09-26 15:41 - 2014-09-30 08:40 - 00000000 ____D () C:\Users\Marcel\Tracing
2014-09-26 15:40 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2014-09-26 15:40 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2014-09-26 15:40 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2014-09-26 15:40 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2014-09-26 15:40 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2014-09-26 15:40 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2014-09-26 15:40 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2014-09-26 15:40 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2014-09-26 15:39 - 2014-09-26 15:39 - 00002242 _____ () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-09-26 15:39 - 2014-09-26 15:39 - 00002147 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-09-26 15:39 - 2014-09-26 15:39 - 00002147 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-09-26 15:39 - 2014-09-26 15:39 - 00000196 _____ () C:\windows\DirectX.log
2014-09-26 15:39 - 2014-09-26 15:39 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2014-09-26 15:39 - 2014-09-26 15:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-09-26 15:39 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_42.dll
2014-09-26 15:39 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_42.dll
2014-09-26 15:39 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_32.dll
2014-09-26 15:39 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_32.dll
2014-09-26 15:38 - 2014-09-30 08:54 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Windows Live
2014-09-25 13:13 - 2014-10-08 16:50 - 00003718 _____ () C:\windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-09-25 13:13 - 2014-09-25 13:13 - 00003476 _____ () C:\windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-09-25 09:57 - 2014-09-25 09:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 17:16 - 2014-09-24 17:16 - 00000000 ____D () C:\Users\Marcel\AppData\Local\FreemakeVideoDownloader
2014-09-17 19:14 - 2014-09-17 19:14 - 00000955 _____ () C:\Users\Public\Desktop\FreeFileSync.lnk
2014-09-16 09:11 - 2014-09-16 09:11 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\Program Files\iTunes
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\Program Files\iPod
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-15 08:43 - 2014-07-24 17:28 - 00468288 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-09-15 08:43 - 2014-07-24 17:28 - 00419648 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-09-15 08:43 - 2014-07-24 17:28 - 00412992 ____C (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2014-09-15 08:43 - 2014-07-24 17:28 - 00280384 ____C (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys
2014-09-15 08:43 - 2014-07-24 17:28 - 00143680 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-09-15 08:43 - 2014-07-24 17:25 - 00054752 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-09-15 08:43 - 2014-07-24 17:23 - 01519488 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-09-15 08:43 - 2014-07-24 17:23 - 00125472 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2014-09-15 08:43 - 2014-07-24 17:20 - 21266336 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-09-15 08:43 - 2014-07-24 17:20 - 00645592 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-09-15 08:43 - 2014-07-24 17:20 - 00263400 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlows.exe
2014-09-15 08:43 - 2014-07-24 17:16 - 02574208 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-09-15 08:43 - 2014-07-24 17:16 - 00211216 _____ (Microsoft Corporation) C:\windows\system32\SndVol.exe
2014-09-15 08:43 - 2014-07-24 17:07 - 07424320 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-09-15 08:43 - 2014-07-24 17:07 - 02009920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-09-15 08:43 - 2014-07-24 17:05 - 01660048 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-09-15 08:43 - 2014-07-24 17:05 - 01519560 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-09-15 08:43 - 2014-07-24 17:05 - 01488008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-09-15 08:43 - 2014-07-24 17:05 - 01356840 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-09-15 08:43 - 2014-07-24 17:03 - 02141920 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00882136 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00818624 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00360480 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00233888 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00205512 _____ (Microsoft Corporation) C:\windows\system32\mftranscode.dll
2014-09-15 08:43 - 2014-07-24 16:57 - 02515264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-09-15 08:43 - 2014-07-24 16:57 - 00475968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-09-15 08:43 - 2014-07-24 15:50 - 00098048 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2014-09-15 08:43 - 2014-07-24 15:48 - 02410976 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-09-15 08:43 - 2014-07-24 15:48 - 00180208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SndVol.exe
2014-09-15 08:43 - 2014-07-24 15:46 - 18760328 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-09-15 08:43 - 2014-07-24 15:46 - 00477200 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 02145472 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 00707536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 00674512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 00355800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 00180720 _____ (Microsoft Corporation) C:\windows\SysWOW64\mftranscode.dll
2014-09-15 08:43 - 2014-07-24 13:51 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTT102.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-09-15 08:43 - 2014-07-24 13:47 - 00132608 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-09-15 08:43 - 2014-07-24 13:46 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-09-15 08:43 - 2014-07-24 13:45 - 00076800 ____C (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-09-15 08:43 - 2014-07-24 13:44 - 00674816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-09-15 08:43 - 2014-07-24 13:43 - 00412160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2014-09-15 08:43 - 2014-07-24 13:42 - 01200640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2014-09-15 08:43 - 2014-07-24 13:42 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nwifi.sys
2014-09-15 08:43 - 2014-07-24 13:42 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NdisImPlatform.sys
2014-09-15 08:43 - 2014-07-24 13:41 - 00118272 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthpan.sys
2014-09-15 08:43 - 2014-07-24 13:41 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bridge.sys
2014-09-15 08:43 - 2014-07-24 13:33 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-09-15 08:43 - 2014-07-24 13:33 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-09-15 08:43 - 2014-07-24 13:22 - 00308736 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2014-09-15 08:43 - 2014-07-24 13:06 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\iasnap.dll
2014-09-15 08:43 - 2014-07-24 13:05 - 00287232 _____ (Microsoft Corporation) C:\windows\system32\usbmon.dll
2014-09-15 08:43 - 2014-07-24 13:05 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-09-15 08:43 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-09-15 08:43 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTT102.DLL
2014-09-15 08:43 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-09-15 08:43 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2014-09-15 08:43 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-09-15 08:43 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-09-15 08:43 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-09-15 08:43 - 2014-07-24 12:49 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\WorkFoldersGPExt.dll
2014-09-15 08:43 - 2014-07-24 12:33 - 00026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-09-15 08:43 - 2014-07-24 12:32 - 00207360 _____ (Microsoft Corporation) C:\windows\system32\powercfg.cpl
2014-09-15 08:43 - 2014-07-24 12:20 - 02050560 _____ (Microsoft Corporation) C:\windows\system32\SRH.dll
2014-09-15 08:43 - 2014-07-24 12:18 - 01089024 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-09-15 08:43 - 2014-07-24 12:12 - 00878592 _____ (Microsoft Corporation) C:\windows\system32\ActionCenter.dll
2014-09-15 08:43 - 2014-07-24 12:10 - 01844224 _____ (Microsoft Corporation) C:\windows\system32\Display.dll
2014-09-15 08:43 - 2014-07-24 12:10 - 00834560 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-09-15 08:43 - 2014-07-24 12:10 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-09-15 08:43 - 2014-07-24 12:10 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\iasnap.dll
2014-09-15 08:43 - 2014-07-24 12:09 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-09-15 08:43 - 2014-07-24 12:06 - 00438272 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2014-09-15 08:43 - 2014-07-24 12:05 - 00187392 _____ (Microsoft Corporation) C:\windows\system32\WorkFoldersShell.dll
2014-09-15 08:43 - 2014-07-24 11:53 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\prnntfy.dll
2014-09-15 08:43 - 2014-07-24 11:52 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\comdlg32.dll
2014-09-15 08:43 - 2014-07-24 11:44 - 16874496 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-09-15 08:43 - 2014-07-24 11:42 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\powercfg.cpl
2014-09-15 08:43 - 2014-07-24 11:40 - 00557056 _____ (Microsoft Corporation) C:\windows\system32\PrintDialogs.dll
2014-09-15 08:43 - 2014-07-24 11:39 - 00770048 _____ (Microsoft Corporation) C:\windows\system32\WorkfoldersControl.dll
2014-09-15 08:43 - 2014-07-24 11:33 - 01741824 _____ (Microsoft Corporation) C:\windows\SysWOW64\SRH.dll
2014-09-15 08:43 - 2014-07-24 11:32 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-09-15 08:43 - 2014-07-24 11:27 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-09-15 08:43 - 2014-07-24 11:27 - 00779264 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-09-15 08:43 - 2014-07-24 11:25 - 00832512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ActionCenter.dll
2014-09-15 08:43 - 2014-07-24 11:24 - 01817088 _____ (Microsoft Corporation) C:\windows\SysWOW64\Display.dll
2014-09-15 08:43 - 2014-07-24 11:23 - 00328704 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2014-09-15 08:43 - 2014-07-24 11:21 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\browser.dll
2014-09-15 08:43 - 2014-07-24 11:18 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wlansvcpal.dll
2014-09-15 08:43 - 2014-07-24 11:16 - 12730880 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-09-15 08:43 - 2014-07-24 11:14 - 00443904 _____ (Microsoft Corporation) C:\windows\system32\wlansec.dll
2014-09-15 08:43 - 2014-07-24 11:13 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\prnntfy.dll
2014-09-15 08:43 - 2014-07-24 11:12 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\WiFiDisplay.dll
2014-09-15 08:43 - 2014-07-24 11:11 - 00356864 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-09-15 08:43 - 2014-07-24 11:11 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\wshbth.dll
2014-09-15 08:43 - 2014-07-24 11:10 - 00540672 _____ (Microsoft Corporation) C:\windows\SysWOW64\comdlg32.dll
2014-09-15 08:43 - 2014-07-24 11:09 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\httpprxm.dll
2014-09-15 08:43 - 2014-07-24 11:04 - 00492032 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintDialogs.dll
2014-09-15 08:43 - 2014-07-24 11:04 - 00183808 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2014-09-15 08:43 - 2014-07-24 11:03 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2014-09-15 08:43 - 2014-07-24 11:02 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-09-15 08:43 - 2014-07-24 10:58 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\BluetoothApis.dll
2014-09-15 08:43 - 2014-07-24 10:53 - 01261056 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2014-09-15 08:43 - 2014-07-24 10:53 - 00449536 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2014-09-15 08:43 - 2014-07-24 10:49 - 01361408 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-09-15 08:43 - 2014-07-24 10:49 - 01287680 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll
2014-09-15 08:43 - 2014-07-24 10:49 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\wlanapi.dll
2014-09-15 08:43 - 2014-07-24 10:49 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\adhsvc.dll
2014-09-15 08:43 - 2014-07-24 10:48 - 00659968 _____ (Microsoft Corporation) C:\windows\system32\Windows.Devices.Bluetooth.dll
2014-09-15 08:43 - 2014-07-24 10:47 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-09-15 08:43 - 2014-07-24 10:43 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshbth.dll
2014-09-15 08:43 - 2014-07-24 10:39 - 02397184 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2014-09-15 08:43 - 2014-07-24 10:38 - 00371200 _____ (Microsoft Corporation) C:\windows\system32\wlanmsm.dll
2014-09-15 08:43 - 2014-07-24 10:36 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\BluetoothApis.dll
2014-09-15 08:43 - 2014-07-24 10:32 - 01532416 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll
2014-09-15 08:43 - 2014-07-24 10:30 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanapi.dll
2014-09-15 08:43 - 2014-07-24 10:29 - 00439296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-15 08:43 - 2014-07-24 10:28 - 00595456 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.dll
2014-09-15 08:43 - 2014-07-24 10:27 - 00907776 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2014-09-15 08:43 - 2014-07-24 10:24 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 08:43 - 2014-07-24 10:23 - 01404416 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2014-09-15 08:43 - 2014-07-24 10:22 - 00487936 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv
2014-09-15 08:43 - 2014-07-24 10:21 - 01231872 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.dll
2014-09-15 08:43 - 2014-07-24 10:21 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanmsm.dll
2014-09-15 08:43 - 2014-07-24 10:20 - 00187392 _____ (Microsoft Corporation) C:\windows\system32\puiapi.dll
2014-09-15 08:43 - 2014-07-24 10:19 - 00388608 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-09-15 08:43 - 2014-07-24 10:18 - 01144320 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll
2014-09-15 08:43 - 2014-07-24 10:18 - 00795136 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe
2014-09-15 08:43 - 2014-07-24 10:18 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-09-15 08:43 - 2014-07-24 10:16 - 00505344 _____ (Microsoft Corporation) C:\windows\system32\VAN.dll
2014-09-15 08:43 - 2014-07-24 10:16 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\wpdbusenum.dll
2014-09-15 08:43 - 2014-07-24 10:15 - 00828416 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-09-15 08:43 - 2014-07-24 10:15 - 00721408 _____ (Microsoft Corporation) C:\windows\system32\twinapi.dll
2014-09-15 08:43 - 2014-07-24 10:15 - 00432128 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.dll
2014-09-15 08:43 - 2014-07-24 10:13 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\SndVolSSO.dll
2014-09-15 08:43 - 2014-07-24 10:12 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 08:43 - 2014-07-24 10:10 - 01029632 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-09-15 08:43 - 2014-07-24 10:10 - 00889344 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.dll
2014-09-15 08:43 - 2014-07-24 10:10 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-09-15 08:43 - 2014-07-24 10:10 - 00371712 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv
2014-09-15 08:43 - 2014-07-24 10:08 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2014-09-15 08:43 - 2014-07-24 10:08 - 00162816 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiapi.dll
2014-09-15 08:43 - 2014-07-24 10:07 - 01705472 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-09-15 08:43 - 2014-07-24 10:06 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-09-15 08:43 - 2014-07-24 10:05 - 00448000 _____ (Microsoft Corporation) C:\windows\SysWOW64\VAN.dll
2014-09-15 08:43 - 2014-07-24 10:04 - 00667136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-09-15 08:43 - 2014-07-24 10:02 - 03465216 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-09-15 08:43 - 2014-07-24 10:01 - 05833216 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Search.dll
2014-09-15 08:43 - 2014-07-24 10:01 - 01992192 _____ (Microsoft Corporation) C:\windows\system32\XpsPrint.dll
2014-09-15 08:43 - 2014-07-24 10:01 - 01126912 _____ (Microsoft Corporation) C:\windows\system32\SearchFolder.dll
2014-09-15 08:43 - 2014-07-24 10:00 - 02100736 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlowUI.dll
2014-09-15 08:43 - 2014-07-24 09:58 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll
2014-09-15 08:43 - 2014-07-24 09:58 - 00288768 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2014-09-15 08:43 - 2014-07-24 09:54 - 01290752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsPrint.dll
2014-09-15 08:43 - 2014-07-24 09:50 - 01182208 _____ (Microsoft Corporation) C:\windows\system32\printui.dll
2014-09-15 08:43 - 2014-07-24 09:50 - 00923136 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-09-15 08:43 - 2014-07-24 09:49 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\DafPrintProvider.dll
2014-09-15 08:43 - 2014-07-24 09:47 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2014-09-15 08:43 - 2014-07-24 09:46 - 08652800 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Search.dll
2014-09-15 08:43 - 2014-07-24 09:44 - 01057792 _____ (Microsoft Corporation) C:\windows\SysWOW64\printui.dll
2014-09-15 08:43 - 2014-07-24 09:43 - 02696704 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2014-09-15 08:43 - 2014-07-24 09:43 - 00756224 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-09-15 08:43 - 2014-07-24 09:43 - 00200192 _____ (Microsoft Corporation) C:\windows\SysWOW64\DafPrintProvider.dll
2014-09-15 08:43 - 2014-07-24 09:41 - 00459264 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2014-09-15 08:43 - 2014-07-24 09:39 - 02642944 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-09-15 08:43 - 2014-07-24 09:38 - 06649344 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-09-15 08:43 - 2014-07-24 09:38 - 05777408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-09-15 08:43 - 2014-07-24 09:33 - 03360768 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-09-15 08:43 - 2014-07-24 09:30 - 02318336 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-09-15 08:43 - 2014-07-24 09:28 - 01600000 _____ (Microsoft Corporation) C:\windows\system32\workfolderssvc.dll
2014-09-15 08:43 - 2014-07-24 06:11 - 00513544 _____ () C:\windows\SysWOW64\locale.nls
2014-09-15 08:43 - 2014-07-24 06:11 - 00513544 _____ () C:\windows\system32\locale.nls
2014-09-15 08:43 - 2014-07-12 07:55 - 00268288 _____ (Microsoft Corporation) C:\windows\system32\wisp.dll
2014-09-15 08:43 - 2014-07-12 07:23 - 00436224 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2014-09-15 08:43 - 2014-07-12 06:58 - 00210944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wisp.dll
2014-09-15 08:43 - 2014-07-12 06:33 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2014-09-15 08:43 - 2014-07-12 06:13 - 01417216 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-15 08:43 - 2014-07-10 01:19 - 00387391 _____ () C:\windows\system32\ApnDatabase.xml
2014-09-15 08:43 - 2014-07-04 14:59 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ks.sys
2014-09-15 08:43 - 2014-07-04 12:29 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\AppxSip.dll
2014-09-15 08:43 - 2014-07-04 12:20 - 01656832 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2014-09-15 08:43 - 2014-07-04 12:06 - 00095232 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxSip.dll
2014-09-15 08:43 - 2014-07-04 12:00 - 01351168 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2014-09-15 08:43 - 2014-07-04 11:30 - 00544768 _____ (Microsoft Corporation) C:\windows\system32\AppxPackaging.dll
2014-09-15 08:43 - 2014-07-04 11:27 - 00474112 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxPackaging.dll
2014-09-15 08:43 - 2014-06-27 08:22 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-09-15 08:43 - 2014-06-26 02:32 - 01029632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll
2014-09-15 08:43 - 2014-06-26 02:29 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\dab.dll
2014-09-15 08:43 - 2014-06-20 01:37 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-09-15 08:43 - 2014-06-19 04:13 - 00310080 ____C (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-09-15 08:43 - 2014-06-14 08:03 - 02389504 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-15 08:43 - 2014-06-14 07:46 - 02071552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-15 08:43 - 2014-06-07 14:46 - 00216368 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2014-09-15 08:43 - 2014-06-07 12:20 - 00189016 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2014-09-15 08:43 - 2014-06-05 16:00 - 01118040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2014-09-15 08:43 - 2014-06-05 12:18 - 01018368 _____ (Microsoft Corporation) C:\windows\system32\aclui.dll
2014-09-15 08:43 - 2014-06-05 11:42 - 00889856 _____ (Microsoft Corporation) C:\windows\SysWOW64\aclui.dll
2014-09-15 08:43 - 2014-05-31 07:00 - 01463808 _____ (Microsoft Corporation) C:\windows\system32\wsecedit.dll
2014-09-15 08:43 - 2014-05-31 06:18 - 01319936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsecedit.dll
2014-09-15 08:43 - 2014-05-29 08:23 - 00427008 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2014-09-15 08:43 - 2014-05-29 07:25 - 00313856 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2014-09-15 08:43 - 2014-05-29 07:20 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-09-15 08:43 - 2014-05-29 06:36 - 00344576 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-09-15 08:43 - 2014-05-26 09:26 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\AppxSysprep.dll
2014-09-15 08:43 - 2014-05-10 12:12 - 00387896 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2014-09-15 08:43 - 2014-05-10 10:46 - 00335680 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2014-09-15 08:43 - 2014-05-06 06:41 - 00486744 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2014-09-15 08:43 - 2014-05-06 02:55 - 00391000 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2014-09-15 08:43 - 2014-03-25 04:27 - 00160600 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll
2014-09-15 08:43 - 2014-03-25 04:27 - 00123920 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll
2014-09-15 08:43 - 2014-03-25 03:20 - 00128568 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll
2014-09-15 08:43 - 2014-03-25 03:20 - 00127544 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll
2014-09-15 08:37 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\windows\explorer.exe
2014-09-15 08:37 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2014-09-15 08:37 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-09-15 08:37 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-09-15 08:37 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-09-15 08:37 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-09-15 08:37 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\windows\system32\uDWM.dll
2014-09-15 08:37 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-09-15 08:37 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-09-15 08:37 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys
2014-09-15 08:37 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\windows\system32\WSDMon.dll
2014-09-15 08:37 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\windows\system32\tcpmon.dll
2014-09-10 16:49 - 2014-09-05 04:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-09-10 16:49 - 2014-09-05 04:31 - 00527360 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-10 16:49 - 2014-09-05 02:48 - 00738816 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 15:53 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-10 15:53 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-10 15:53 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-10 15:53 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-10 15:53 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-10 15:53 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-10 15:53 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-10 15:53 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-10 15:53 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-10 15:53 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:53 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-10 15:53 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-10 15:53 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-10 15:53 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-10 15:53 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-10 15:53 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-10 15:53 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-10 15:53 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-10 15:53 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-10 15:53 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-10 15:53 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-10 15:53 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 15:53 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-10 15:53 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-10 15:53 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-10 15:53 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-10 15:53 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-10 15:53 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-10 15:53 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-10 15:53 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-10 15:53 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-10 15:53 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-10 15:53 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-10 15:53 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-10 15:53 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-10 15:17 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-09-10 15:17 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2014-09-10 15:17 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 00:31 - 2014-04-22 16:42 - 00022390 _____ () C:\windows\Q-Dir.ini
2014-10-10 00:31 - 2014-03-28 08:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-10 00:22 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\system32\sru
2014-10-10 00:20 - 2014-04-22 15:13 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3121602427-3534730855-1075997385-1001
2014-10-10 00:17 - 2014-03-28 09:27 - 00932212 _____ () C:\windows\system32\perfh00C.dat
2014-10-10 00:17 - 2014-03-28 09:27 - 00241950 _____ () C:\windows\system32\perfc00C.dat
2014-10-10 00:17 - 2014-03-28 09:24 - 01004934 _____ () C:\windows\system32\perfh007.dat
2014-10-10 00:17 - 2014-03-28 09:24 - 00243912 _____ () C:\windows\system32\perfc007.dat
2014-10-10 00:17 - 2013-10-07 20:27 - 00005870 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-10 00:16 - 2014-03-28 08:43 - 00005872 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-10-10 00:14 - 2014-04-30 12:43 - 00000000 ____D () C:\Users\Marcel\AppData\Local\CrashDumps
2014-10-10 00:13 - 2014-04-22 15:14 - 00000000 ___DO () C:\Users\Marcel\SkyDrive
2014-10-10 00:12 - 2014-05-04 19:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-10 00:12 - 2013-10-07 20:23 - 00150040 _____ () C:\windows\PFRO.log
2014-10-10 00:12 - 2013-08-22 16:46 - 00034421 _____ () C:\windows\setupact.log
2014-10-10 00:12 - 2013-08-22 16:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-10 00:12 - 2013-08-22 15:25 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-10-10 00:11 - 2014-03-28 08:55 - 00008704 _____ () C:\windows\system32\VfService.trf
2014-10-10 00:11 - 2014-03-28 08:34 - 01233058 _____ () C:\windows\WindowsUpdate.log
2014-10-10 00:09 - 2013-08-22 15:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-10 00:00 - 2014-04-22 19:56 - 00000432 _____ () C:\windows\BRWMARK.INI
2014-10-09 23:59 - 2013-08-22 16:44 - 00499656 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-09 23:58 - 2014-05-07 11:16 - 00000000 ____D () C:\AdwCleaner
2014-10-09 23:56 - 2014-04-29 09:31 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-09 23:43 - 2014-05-07 18:53 - 00000000 ____D () C:\Users\Administrator
2014-10-09 22:17 - 2014-04-22 15:38 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{F5291F67-CB16-4602-A1AA-B673A0FBD3F7}
2014-10-08 16:42 - 2014-04-22 15:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-07 09:59 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\AppReadiness
2014-10-05 15:12 - 2014-04-29 10:05 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\vlc
2014-10-05 13:23 - 2014-06-19 14:39 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\SmartDraw
2014-10-03 16:56 - 2014-04-20 09:09 - 00000000 ____D () C:\MADProg
2014-10-03 16:56 - 2014-04-20 09:08 - 00000000 ____D () C:\MADDaten
2014-10-03 11:32 - 2014-04-22 16:42 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Q-Dir
2014-10-02 18:40 - 2014-03-28 08:55 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-10-01 09:43 - 2014-04-22 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-10-01 09:43 - 2014-04-22 16:35 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-10-01 07:58 - 2014-08-30 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-09-30 08:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-26 15:41 - 2014-04-22 15:08 - 00000000 ____D () C:\Users\Marcel
2014-09-26 13:19 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\rescache
2014-09-26 10:26 - 2013-08-22 17:20 - 00000000 ____D () C:\windows\CbsTemp
2014-09-25 17:44 - 2014-04-22 17:41 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Nitro PDF
2014-09-25 13:13 - 2014-03-28 08:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-22 09:07 - 2014-04-22 16:37 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-22 08:42 - 2014-05-04 18:19 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-17 19:14 - 2014-09-06 07:48 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\RHEng
2014-09-17 19:14 - 2014-04-29 14:34 - 00000967 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2014-09-17 19:14 - 2014-04-29 14:34 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2014-09-15 14:46 - 2013-08-22 21:12 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\windows\ToastData
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\WinStore
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\SysWOW64\setup
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\SysWOW64\InputMethod
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\system32\setup
2014-09-15 14:46 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\system32\oobe
2014-09-10 19:49 - 2014-07-09 18:28 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-10 19:48 - 2014-04-28 20:40 - 00000000 ____D () C:\windows\system32\MRT
2014-09-10 19:48 - 2014-04-22 17:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 19:47 - 2014-04-28 20:40 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-10 15:53 - 2014-06-11 16:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-10 15:53 - 2014-06-11 16:52 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-10 15:53 - 2014-06-11 16:44 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-10 15:53 - 2014-06-11 16:44 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-10 15:53 - 2014-06-11 16:44 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-10 15:53 - 2014-06-11 16:44 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-10 15:53 - 2014-04-28 20:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-10 15:53 - 2014-04-28 20:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-10 08:00 - 2014-07-08 18:39 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 08:00 - 2014-04-29 09:31 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Marcel\AppData\Local\Temp\avgnt.exe
C:\Users\Marcel\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.3.exe
C:\Users\Marcel\AppData\Local\Temp\FreemakeVideoDownloader_3.7.0.1.exe
C:\Users\Marcel\AppData\Local\Temp\i4jdel0.exe
C:\Users\Marcel\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_Screenpresso.exe
C:\Users\Marcel\AppData\Local\Temp\K-Lite_Codec_Pack_Basic.exe
C:\Users\Marcel\AppData\Local\Temp\ms.exe
C:\Users\Marcel\AppData\Local\Temp\msvcr71.dll
C:\Users\Marcel\AppData\Local\Temp\MySwisscomAssistant_Setup.exe
C:\Users\Marcel\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\Marcel\AppData\Local\Temp\optprosetup.exe
C:\Users\Marcel\AppData\Local\Temp\Q-Dir_uninstall.exe
C:\Users\Marcel\AppData\Local\Temp\Quarantine.exe
C:\Users\Marcel\AppData\Local\Temp\safepstbackup_1_00.exe
C:\Users\Marcel\AppData\Local\Temp\SamsungAPInstaller_1412143055024.exe
C:\Users\Marcel\AppData\Local\Temp\ScreenpressoUpd.exe
C:\Users\Marcel\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-05 13:15

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.10.2014
Suchlauf-Zeit: 23:29:46
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.10.09.11
Rootkit Datenbank: v2014.10.08.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Marcel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 375280
Verstrichene Zeit: 13 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3121602427-3534730855-1075997385-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Löschen bei Neustart, [6f406aa86418ec4ab9592970748ef20e], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 1
PUP.Optional.Trovi.A, HKU\S-1-5-21-3121602427-3534730855-1075997385-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3331394&octid=EB_ORIGINAL_CTID&ISID=M4E87B030-82D2-448C-B5C0-7AFF3FA99908&SearchSource=55&CUI=&UM=6&UP=SP727B140A-29DF-4E80-8731-49567B089789&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3331394&octid=EB_ORIGINAL_CTID&ISID=M4E87B030-82D2-448C-B5C0-7AFF3FA99908&SearchSource=55&CUI=&UM=6&UP=SP727B140A-29DF-4E80-8731-49567B089789&SSPV=),Löschen bei Neustart,[b5fa6da506765dd94f8e3dd17c8950b0]

Ordner: 4
Rogue.Multiple, C:\ProgramData\374311380, In Quarantäne, [5f501ff37ffd1b1bcc58e2f4eb172dd3], 
PUP.Optional.OpenCandy, C:\Users\Marcel\AppData\Roaming\OpenCandy, In Quarantäne, [1a953fd38af253e3dee2b23303ff7090], 
PUP.Optional.OpenCandy, C:\Users\Marcel\AppData\Roaming\OpenCandy\3219F105AFB5404AABFEBEF31873658A, In Quarantäne, [1a953fd38af253e3dee2b23303ff7090], 
PUP.Optional.DriverPerformer.A, C:\Users\Marcel\AppData\Local\Temp\DriverPerformer, In Quarantäne, [7e3133dfbdbfff3794635a8b2bd7c43c], 

Dateien: 26
PUP.Optional.SearchProtect.A, C:\$Recycle.Bin\S-1-5-21-3121602427-3534730855-1075997385-1001\$R5YTRZV.dll, In Quarantäne, [a609779b91ebff37499b910ecd3457a9], 
PUP.Optional.Conduit.A, C:\$Recycle.Bin\S-1-5-21-3121602427-3534730855-1075997385-1001\$RJIS5S0.exe, In Quarantäne, [882770a21b61e2540eb6088d29d8c33d], 
PUP.Optional.Conduit.A, C:\Users\Marcel\AppData\Local\Temp\nsb3E39.exe, In Quarantäne, [357af41eb6c68aacad17f5a017eabb45], 
PUP.Optional.Conduit.A, C:\Users\Marcel\AppData\Local\Temp\nsc1C0A.exe, In Quarantäne, [4c6339d9205cfa3cdbe9e9acc041956b], 
PUP.Optional.SearchProtect.A, C:\Users\Marcel\AppData\Local\Temp\nsd3407.exe, In Quarantäne, [f0bf2ae83f3da690e0e47cc07e832fd1], 
PUP.Optional.Conduit.A, C:\Users\Marcel\AppData\Local\Temp\nsf231B.exe, In Quarantäne, [1996d83abebe68ce279d4b4a44bde21e], 
PUP.Optional.SearchProtect.A, C:\Users\Marcel\AppData\Local\Temp\nsq89F0.exe, In Quarantäne, [c9e6bc561b6192a4cff546f6758cd62a], 
PUP.Optional.Conduit.A, C:\Users\Marcel\AppData\Local\Temp\nss4109.exe, In Quarantäne, [07a8c54da0dceb4b675d3461ca37fd03], 
PUP.Optional.SearchProtect.A, C:\Users\Marcel\AppData\Local\Temp\nsu1149.exe, In Quarantäne, [bcf3fd15215bad893d872b119d64d828], 
PUP.Optional.Conduit.A, C:\Users\Marcel\AppData\Local\Temp\spstub.exe, In Quarantäne, [fcb3c151cdaff640d31ffb34a958fc04], 
PUP.Optional.Conduit.A, C:\Users\Marcel\AppData\Local\Temp\verifier.exe, In Quarantäne, [3d72dc366c10ff37d511ef538878a65a], 
PUP.Optional.Conduit.A, C:\Users\Marcel\AppData\Local\Temp\nsm25AD.exe, In Quarantäne, [00af22f0c7b55bdbf8cceaabb849728e], 
PUP.Optional.SearchProtect.A, C:\Users\Marcel\AppData\Local\Temp\nsoE6A.exe, In Quarantäne, [703ffd15e19b42f43193d7656a977789], 
PUP.Optional.Conduit.A, C:\Users\Marcel\AppData\Local\Temp\GCVerifier.dll, In Quarantäne, [4966e52d0676d561a440f44eb24efb05], 
PUP.Optional.Linkey.A, C:\Users\Marcel\AppData\Local\Temp\SettingsManagerSetup.exe, In Quarantäne, [e7c8f022c5b73afc949abbdf8c7532ce], 
PUP.Optional.Conduit.A, C:\Users\Marcel\AppData\Local\Temp\dlLogic.exe, In Quarantäne, [604f34de91eb6fc7cb1a4cf636ca15eb], 
PUP.Optional.OpenCandy, C:\Users\Marcel\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.10.exe, In Quarantäne, [f0bf39d95f1d61d5c74c0120dd24a35d], 
PUP.Optional.SearchProtect.A, C:\Users\Marcel\AppData\Local\Temp\nsf37F0.exe, In Quarantäne, [a60960b2adcf82b45b697bc114ede51b], 
PUP.Optional.Conduit.A, C:\Users\Marcel\AppData\Local\Temp\nsc74C1\SpSetup.exe, In Quarantäne, [a807759d17655bdbbff7f63be61b31cf], 
PUP.Optional.SearchProtect.A, C:\Users\Marcel\AppData\Local\Temp\nsmE69\SpSetup.exe, In Quarantäne, [fdb240d26b11f73f7272148b5ea35ba5], 
PUP.Optional.Conduit.A, C:\Users\Marcel\AppData\Local\Temp\nsnF37E\SpSetup.exe, In Quarantäne, [0ea146cc9ede152176409f921fe23cc4], 
PUP.Optional.Conduit.A, C:\Users\Marcel\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [cde228eac9b3072f4d77435248b95aa6], 
PUP.Optional.Linkey.A, C:\Windows\Temp\7e0b47a8\SettingsManagerSetup.exe, In Quarantäne, [cce336dc720ad363c965f4a661a0ff01], 
PUP.Optional.Trovi.A, C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\searchplugins\trovi-search.xml, In Quarantäne, [505f23ef453755e16feee44d5fa4629e], 
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, In Quarantäne, [2e8135ddeb9142f4ce5677c5b84bd828], 
Rogue.Multiple, C:\ProgramData\374311380\BIT325E.tmp, In Quarantäne, [5f501ff37ffd1b1bcc58e2f4eb172dd3], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

# AdwCleaner v3.311 - Report created 09/10/2014 at 23:58:28
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Marcel - SUGUS
# Running from : F:\90 Daten Systemordner\Downloads_sys\AdwCleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : F:\90 Daten Systemordner\Dokumente_sys\Optimizer Pro
Folder Deleted : C:\Users\Marcel\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\Marcel\AppData\Roaming\Systweak
File Deleted : C:\windows\System32\roboot64.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Ciuvo
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17278


-\\ Mozilla Firefox v32.0.3 (x86 de)

[ File : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\prefs.js ]

Line Deleted : user_pref("avira.safe_search.prev_newtab", "hxxps://safesearch.avira.com");
Line Deleted : user_pref("extensions.fvd_single.__surfcanyon_disable_time", "1");
Line Deleted : user_pref("extensions.fvd_single.seopack.b_surfcanyon", true);

*************************

AdwCleaner[R0].txt - [11645 octets] - [07/05/2014 11:16:15]
AdwCleaner[R1].txt - [1269 octets] - [07/05/2014 14:32:34]
AdwCleaner[R2].txt - [2764 octets] - [05/06/2014 15:35:05]
AdwCleaner[R3].txt - [1176 octets] - [05/06/2014 15:43:05]
AdwCleaner[R4].txt - [2359 octets] - [09/10/2014 23:56:07]
AdwCleaner[S0].txt - [11392 octets] - [07/05/2014 11:16:45]
AdwCleaner[S1].txt - [1162 octets] - [07/05/2014 14:33:09]
AdwCleaner[S2].txt - [2594 octets] - [05/06/2014 15:36:01]
AdwCleaner[S3].txt - [1240 octets] - [05/06/2014 15:44:04]
AdwCleaner[S4].txt - [2189 octets] - [09/10/2014 23:58:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2249 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 8.1 x64
Ran by Marcel on 10.10.2014 at  0:14:23.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\kwtr2tzx.default\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\kwtr2tzx.default\extensions\safesearch@avira.com
Successfully deleted the following from C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\kwtr2tzx.default\prefs.js

user_pref("avira.safe_search.search_was_active", "false");
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"147b43cdc9526-04e38ffba20b578-42504336-0-147b43cdc9637e\"");
user_pref("extensions.safesearch.SAUTH_expires_at", "1413100979");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"b78171629a850c996937890135364b74a98a9c7f\"");
user_pref("extensions.safesearch.SAUTH_userid", "4234026729");
user_pref("extensions.safesearch.SAUTH_utoken", "\"8dc5129bff90f090a1b2c84e2554c73028ff1e59\"");
user_pref("extensions.safesearch.install", "1407478193306");
Emptied folder: C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\kwtr2tzx.default\minidumps [59 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.10.2014 at  0:16:19.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber · 10.10.2014, 19:15

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

sugus666 · 12.10.2014, 09:08

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=744e2bc7acfa8b47994f704ac4a094c6
# engine=20550
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-11 06:24:32
# local_time=2014-10-11 08:24:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 132640 132731 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 159320 17435393 0 0
# scanned=683982
# found=250
# cleaned=0
# scan_time=13648
sh=81FBC911F6F39943B5A508257ED317C6A388CA54 ft=1 fh=f881a71255879118 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=6F4FD559E82ECD0E9BF238374A8AE7763D9AF88F ft=1 fh=0fe3e64a55eab364 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=09975ED04166B761DC1CED0B15BAE6D37DCC0560 ft=1 fh=919d2464905062de vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=CC7735B51ACFC778DAFCE7B9C25798C1149059CA ft=1 fh=bdcf262ba56c13e6 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=C2BF9E02AAF8CD61356523AF0425BD4DEEE8A0E8 ft=1 fh=aed2a53e39c1b826 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=E07AC00C609A9096EFEDCF5839D77AD91C96BD2D ft=1 fh=a44174895411af10 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=6C0CFF21847BEBDC22C8ED1C8A24ED19724D7741 ft=1 fh=91d5fb4f6ab1ad55 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=19D4CD0E4DDB51C3B3A25676F68963807BE1710C ft=1 fh=5c3c9fe0db73a8b4 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=3AE79DE1D9A3C56075DB1B53DF9D7880AE03A5F6 ft=1 fh=bd390a3911fc5a39 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=0F00EB8310C851AAD8AE9C7C17EF5F0D81617D3A ft=1 fh=1090c94a8e08b65e vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=1022729A03AE1EE7245404144A85076AA206B99C ft=1 fh=02c6b3b58a4624e4 vn="Variante von Win32/Toolbar.Besttoolbars.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Speed Test 127\AddonsFramework.Typelib.dll.vir"
sh=112C392B2803837A18EAE38D2AE7554F8A299A79 ft=1 fh=60abaa6b700cc78e vn="Win64/Toolbar.Besttoolbars.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Speed Test 127\AddonsFramework.Typelib64.dll.vir"
sh=D9AC66012AA2EB9AD9F95DAE569C563023CBAF74 ft=1 fh=f0ff556d3619374a vn="Variante von Win32/Toolbar.Besttoolbars.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Speed Test 127\BackgroundHost.exe.vir"
sh=69CBF3EBA00C795155FFE5787A23987DB5DE8C34 ft=1 fh=2e7ee03c6aed0bab vn="Variante von Win64/Toolbar.Besttoolbars.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Speed Test 127\BackgroundHost64.exe.vir"
sh=818FF91B61230E4C3EB0BC46F77F1CE0B4D92E3E ft=1 fh=2eabe045491068b1 vn="Variante von Win32/Toolbar.Besttoolbars.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Speed Test 127\ScriptHost.dll.vir"
sh=4FDF85D0459BEB65E652EB33DF68D2B2EA520F58 ft=1 fh=ba00c479d30efde5 vn="Variante von Win32/Toolbar.Besttoolbars.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Speed Test 127\ScriptHost64.dll.vir"
sh=4F55D4BA017B76A086E01603094E9EFB0C0104E8 ft=1 fh=ac019d8a7dbf5519 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marcel\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=0514F85D9D2FD6813764F9403A2DEFAEDCA92CB4 ft=1 fh=69c28d9a8b309854 vn="Variante von Win32/Toolbar.Besttoolbars.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marcel\AppData\Local\Temp\speedtest127\speedtest127.exe.vir"
sh=857C38D0BD66C0C15A0B35B410248C072F5092AB ft=1 fh=8277d04d435396de vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marcel\AppData\Roaming\OpenCandy\D7E6E66F666C4715B022A9F802AAB2F3\SnapDo_RBCB_p5v4.exe.vir"
sh=83D573440F3ADDB187AC4A0138FA186E31491576 ft=1 fh=429b3a480985a82f vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marcel\AppData\Roaming\OpenCandy\FBF2EC64298E44D1B62FED3E9D8F3D35\rcmswdlm_275.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marcel\AppData\Roaming\OpenCandy\FBF2EC64298E44D1B62FED3E9D8F3D35\sp-downloader.exe.vir"
sh=7C620D1FDA9B0BCB94387A0E5AFD2565B2FB5B08 ft=1 fh=0ea7a7a2438ec590 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marcel\AppData\Roaming\OpenCandy\FBF2EC64298E44D1B62FED3E9D8F3D35\Whitesmoke_directN_p1v1.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marcel\AppData\Roaming\OpenCandy\FF01EB86C04D4B6EB3BE97085FFDF316\sp-downloader.exe.vir"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marcel\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=633BC524428DEF52C6A1DFFF6593B1C6054A480B ft=1 fh=76b4636b0ec33ffb vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir"
sh=F98FF661F688BD6F189859C2A78DBF6FCCF82AB9 ft=1 fh=3c245da402a56afe vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF10.dll"
sh=5AC84545928A543100162747573A2FC21A0F7FE9 ft=1 fh=97a7c4f97b8a424f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF11.dll"
sh=2C3F31F96AB81F79980D43706CF1563EE6D4003F ft=1 fh=dffa755347eabdc4 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF12.dll"
sh=2F2325AF9BD15CD4FD4478FC58656D65ED57BADB ft=1 fh=a7603299d719567f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF13.dll"
sh=E2D3478615A2CE17029C1A7617756055DF28A3A4 ft=1 fh=1905ee0c2f27972c vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF14.dll"
sh=526C185C213E90BC211C071DDC86386919A7E5C8 ft=1 fh=457840f59897b453 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF15.dll"
sh=7C2AAF865964FB063D9BDA5755445A78A336A83A ft=1 fh=a9705feca25dc0a2 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF16.dll"
sh=6605CC36937DC9A936B672A0C648A93D64FD7388 ft=1 fh=b42e5d115161fc7d vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF17.dll"
sh=6DB28F00C804D1EE45A309858A3ACF56549F8230 ft=1 fh=fb9f0a7967faf4e8 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF18.dll"
sh=36130FFE3E3E9D3986675422E60256AED977C7AD ft=1 fh=b9dec59615116f53 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF19.dll"
sh=EE37C191CC84278A6FE513A9D32CDADA25C7CC3B ft=1 fh=6cd31d0033b6bba3 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF2.dll"
sh=B779F957A0B61C3F1FE8F2637E7D2865CEBE84D4 ft=1 fh=1d3a5ef665c59aa5 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF20.dll"
sh=CF5E4EE03FC512AF7A7AD177EA967500D4E9BD5F ft=1 fh=7ff9df504bed4e37 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF21.dll"
sh=AAA8E83421D950082154883CADBD9BDBC892673E ft=1 fh=b5368ac0aaa9c198 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF22.dll"
sh=411B3904312945F6DC1DA2B640E83FF8AA2BB5CA ft=1 fh=0db430101a8640a3 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF23.dll"
sh=45EE235AB41563199A06176ECFAC91C57381FE5E ft=1 fh=3a66d4a6c16f0f6d vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF24.dll"
sh=C1A07783C043BD6AE547D431FF399E89A5D1FD52 ft=1 fh=f703fd5738c36679 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF25.dll"
sh=93F4EC00540BD4BB266528F56989C60551B1EC78 ft=1 fh=161dbc8c73c2898c vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF26.dll"
sh=A845ECC82397EE95D492BA3A87AE97BC29505FD1 ft=1 fh=a4d4ffb4f65bed06 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF27.dll"
sh=E7E0CD1C99DA287103F6CE9E08EE2711B5993E66 ft=1 fh=67f7062f656626ef vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF28.dll"
sh=02BDF10B123D2B329B87328A09D740F8C0214F51 ft=1 fh=d2c3f8c8a36e4e94 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF29.dll"
sh=F19E46E90C4F2B59699C930598B42D62DDEBB798 ft=1 fh=aebab918b46d0177 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF4.dll"
sh=094D50ADE95ED6A4C6F8FF4901158DA474EE166A ft=1 fh=c1a6a33dc66292d5 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF5.dll"
sh=6479C7E628AB5170178C5CA73A58634643C337DF ft=1 fh=741e7d64dc3bd2b5 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF6.dll"
sh=C5C13B3455F8254F3E99593CD4D7847AE72A248D ft=1 fh=243127f4590a6a06 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF7.dll"
sh=5289B30273EEBE3ECB6BC5B8D9C4AC1019CC0BB6 ft=1 fh=e93a294cab38fa42 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF8.dll"
sh=7AB8092A1021279F6F5C56D57A3ABDC4186FFA4B ft=1 fh=0a8122557f3ca4eb vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF9.dll"
sh=601143E8287A3F389575923628C350FA60452D45 ft=1 fh=141c647b4a117be5 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="C:\MADProg\Madabawi\Avotime32.exe"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="C:\MADProg\Madabawi\AVOTIME32_726.ex"
sh=69BE8AA92B40E3DA33C3FD6B825EC16CE4607B16 ft=1 fh=c102d8eb1c1ea776 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="C:\MADProg\Madabawi\Rel9\avotime32.exe"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="C:\MADProg\Madabawi\Rel9\AVOTIME32_726.ex"
sh=E93540AA8FAEC819EFDA957EEDAD43CCDED26552 ft=1 fh=e7fc1a8e2719cf79 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="C:\MADProg\Madabawi\Rel9\orig_avotime32.exe"
sh=FCFBE75F2ECAEA070404497B19EC105A7033F556 ft=1 fh=dcdc497ecf88e96b vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="C:\MADProg\Madabawi\Rel9\safes\avotime32.EXE"
sh=FCC82E443011493DF75542548A3363EEA302F673 ft=1 fh=44261ff73ac16540 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="C:\MADProg\Madabawi\Rel9\safes\avotime32_Standvor23.11.10.exe"
sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marcel\AppData\Local\Microsoft\Windows\INetCache\IE\4OJ0N9SJ\SPSetup[1].exe"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marcel\AppData\Local\Microsoft\Windows\INetCache\IE\4OJ0N9SJ\spstub[1].exe"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marcel\AppData\Local\Microsoft\Windows\INetCache\IE\6PPW86U2\spstub[1].exe"
sh=54BE56B6705EB161677DEE881A9E7B72E5861179 ft=1 fh=f0ed7077fc73dcf1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marcel\AppData\Local\Microsoft\Windows\INetCache\IE\H6JQ2Q6F\SPSetup[1].exe"
sh=D1BB99407BCA7C91F7A4AD001A7D85D6705C2719 ft=1 fh=bb9b185e4d7d1709 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Marcel\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.3.exe"
sh=7F7581F90BD4E7CABC1E85879BE2092660E9D5CD ft=1 fh=3a90b09c9cf43697 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Marcel\AppData\Local\Temp\FreemakeVideoDownloader_3.7.0.1.exe"
sh=950B67665E8C9AB1571BEF1717D153D934ACE541 ft=1 fh=c71c0011a7df4c29 vn="Variante von Win32/InstallCore.OO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marcel\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_Screenpresso.exe"
sh=C1D78D4FCA3A060B7E7435C88DE2C72B326FE7E6 ft=1 fh=5b39ac7221466c9f vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Marcel\AppData\Local\Temp\optprosetup.exe"
sh=520F0D8B3803CE096F70144A06515FD3103AC38E ft=1 fh=ee3be8126730583a vn="Variante von Win32/AdWare.SpeedingUpMyPC.N Anwendung" ac=I fn="C:\Users\Marcel\AppData\Local\Temp\is1751165634\521356741_stp\OptimizerPro_600.exe"
sh=782D08A2CCB01B6C1C392B59439FE10854A7CA61 ft=1 fh=1946932e991d6526 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsh9E96.tmp\Helper.dll"
sh=E6C216FB24253BDC4B60CAF51A2DF8E5E392C75E ft=1 fh=f3d6cb12a8c9e906 vn="Variante von Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsh9E96.tmp\Starter.exe"
sh=782D08A2CCB01B6C1C392B59439FE10854A7CA61 ft=1 fh=1946932e991d6526 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsh9E96.tmp\Helper.dll"
sh=E6C216FB24253BDC4B60CAF51A2DF8E5E392C75E ft=1 fh=f3d6cb12a8c9e906 vn="Variante von Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsh9E96.tmp\Starter.exe"
sh=81FBC911F6F39943B5A508257ED317C6A388CA54 ft=1 fh=f881a71255879118 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=6F4FD559E82ECD0E9BF238374A8AE7763D9AF88F ft=1 fh=0fe3e64a55eab364 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=09975ED04166B761DC1CED0B15BAE6D37DCC0560 ft=1 fh=919d2464905062de vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=CC7735B51ACFC778DAFCE7B9C25798C1149059CA ft=1 fh=bdcf262ba56c13e6 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=C2BF9E02AAF8CD61356523AF0425BD4DEEE8A0E8 ft=1 fh=aed2a53e39c1b826 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=E07AC00C609A9096EFEDCF5839D77AD91C96BD2D ft=1 fh=a44174895411af10 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=6C0CFF21847BEBDC22C8ED1C8A24ED19724D7741 ft=1 fh=91d5fb4f6ab1ad55 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=19D4CD0E4DDB51C3B3A25676F68963807BE1710C ft=1 fh=5c3c9fe0db73a8b4 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=3AE79DE1D9A3C56075DB1B53DF9D7880AE03A5F6 ft=1 fh=bd390a3911fc5a39 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=0F00EB8310C851AAD8AE9C7C17EF5F0D81617D3A ft=1 fh=1090c94a8e08b65e vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=1022729A03AE1EE7245404144A85076AA206B99C ft=1 fh=02c6b3b58a4624e4 vn="Variante von Win32/Toolbar.Besttoolbars.I evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\Speed Test 127\AddonsFramework.Typelib.dll.vir"
sh=112C392B2803837A18EAE38D2AE7554F8A299A79 ft=1 fh=60abaa6b700cc78e vn="Win64/Toolbar.Besttoolbars.B evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\Speed Test 127\AddonsFramework.Typelib64.dll.vir"
sh=D9AC66012AA2EB9AD9F95DAE569C563023CBAF74 ft=1 fh=f0ff556d3619374a vn="Variante von Win32/Toolbar.Besttoolbars.G evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\Speed Test 127\BackgroundHost.exe.vir"
sh=69CBF3EBA00C795155FFE5787A23987DB5DE8C34 ft=1 fh=2e7ee03c6aed0bab vn="Variante von Win64/Toolbar.Besttoolbars.A evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\Speed Test 127\BackgroundHost64.exe.vir"
sh=818FF91B61230E4C3EB0BC46F77F1CE0B4D92E3E ft=1 fh=2eabe045491068b1 vn="Variante von Win32/Toolbar.Besttoolbars.J evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\Speed Test 127\ScriptHost.dll.vir"
sh=4FDF85D0459BEB65E652EB33DF68D2B2EA520F58 ft=1 fh=ba00c479d30efde5 vn="Variante von Win32/Toolbar.Besttoolbars.J evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Program Files (x86)\Speed Test 127\ScriptHost64.dll.vir"
sh=0514F85D9D2FD6813764F9403A2DEFAEDCA92CB4 ft=1 fh=69c28d9a8b309854 vn="Variante von Win32/Toolbar.Besttoolbars.I evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Users\Marcel\AppData\Local\Temp\speedtest127\speedtest127.exe.vir"
sh=857C38D0BD66C0C15A0B35B410248C072F5092AB ft=1 fh=8277d04d435396de vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Users\Marcel\AppData\Roaming\OpenCandy\D7E6E66F666C4715B022A9F802AAB2F3\SnapDo_RBCB_p5v4.exe.vir"
sh=83D573440F3ADDB187AC4A0138FA186E31491576 ft=1 fh=429b3a480985a82f vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Users\Marcel\AppData\Roaming\OpenCandy\FBF2EC64298E44D1B62FED3E9D8F3D35\rcmswdlm_275.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Users\Marcel\AppData\Roaming\OpenCandy\FBF2EC64298E44D1B62FED3E9D8F3D35\sp-downloader.exe.vir"
sh=7C620D1FDA9B0BCB94387A0E5AFD2565B2FB5B08 ft=1 fh=0ea7a7a2438ec590 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Users\Marcel\AppData\Roaming\OpenCandy\FBF2EC64298E44D1B62FED3E9D8F3D35\Whitesmoke_directN_p1v1.exe.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Users\Marcel\AppData\Roaming\OpenCandy\FF01EB86C04D4B6EB3BE97085FFDF316\sp-downloader.exe.vir"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\Users\Marcel\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=C5AA96F17ED2B68CA4C839EA7394F4534B4F5C3F ft=1 fh=57a85fb4fd4bc01c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RI2GBBI\Quarantine\C\windows\System32\roboot64.exe.vir"
sh=F98FF661F688BD6F189859C2A78DBF6FCCF82AB9 ft=1 fh=3c245da402a56afe vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF10.dll"
sh=5AC84545928A543100162747573A2FC21A0F7FE9 ft=1 fh=97a7c4f97b8a424f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF11.dll"
sh=2C3F31F96AB81F79980D43706CF1563EE6D4003F ft=1 fh=dffa755347eabdc4 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF12.dll"
sh=2F2325AF9BD15CD4FD4478FC58656D65ED57BADB ft=1 fh=a7603299d719567f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF13.dll"
sh=E2D3478615A2CE17029C1A7617756055DF28A3A4 ft=1 fh=1905ee0c2f27972c vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF14.dll"
sh=526C185C213E90BC211C071DDC86386919A7E5C8 ft=1 fh=457840f59897b453 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF15.dll"
sh=7C2AAF865964FB063D9BDA5755445A78A336A83A ft=1 fh=a9705feca25dc0a2 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF16.dll"
sh=6605CC36937DC9A936B672A0C648A93D64FD7388 ft=1 fh=b42e5d115161fc7d vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF17.dll"
sh=6DB28F00C804D1EE45A309858A3ACF56549F8230 ft=1 fh=fb9f0a7967faf4e8 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF18.dll"
sh=36130FFE3E3E9D3986675422E60256AED977C7AD ft=1 fh=b9dec59615116f53 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF19.dll"
sh=EE37C191CC84278A6FE513A9D32CDADA25C7CC3B ft=1 fh=6cd31d0033b6bba3 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF2.dll"
sh=B779F957A0B61C3F1FE8F2637E7D2865CEBE84D4 ft=1 fh=1d3a5ef665c59aa5 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF20.dll"
sh=CF5E4EE03FC512AF7A7AD177EA967500D4E9BD5F ft=1 fh=7ff9df504bed4e37 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF21.dll"
sh=AAA8E83421D950082154883CADBD9BDBC892673E ft=1 fh=b5368ac0aaa9c198 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF22.dll"
sh=411B3904312945F6DC1DA2B640E83FF8AA2BB5CA ft=1 fh=0db430101a8640a3 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF23.dll"
sh=45EE235AB41563199A06176ECFAC91C57381FE5E ft=1 fh=3a66d4a6c16f0f6d vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF24.dll"
sh=C1A07783C043BD6AE547D431FF399E89A5D1FD52 ft=1 fh=f703fd5738c36679 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF25.dll"
sh=93F4EC00540BD4BB266528F56989C60551B1EC78 ft=1 fh=161dbc8c73c2898c vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF26.dll"
sh=A845ECC82397EE95D492BA3A87AE97BC29505FD1 ft=1 fh=a4d4ffb4f65bed06 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF27.dll"
sh=E7E0CD1C99DA287103F6CE9E08EE2711B5993E66 ft=1 fh=67f7062f656626ef vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF28.dll"
sh=02BDF10B123D2B329B87328A09D740F8C0214F51 ft=1 fh=d2c3f8c8a36e4e94 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF29.dll"
sh=F19E46E90C4F2B59699C930598B42D62DDEBB798 ft=1 fh=aebab918b46d0177 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF4.dll"
sh=094D50ADE95ED6A4C6F8FF4901158DA474EE166A ft=1 fh=c1a6a33dc66292d5 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF5.dll"
sh=6479C7E628AB5170178C5CA73A58634643C337DF ft=1 fh=741e7d64dc3bd2b5 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF6.dll"
sh=C5C13B3455F8254F3E99593CD4D7847AE72A248D ft=1 fh=243127f4590a6a06 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF7.dll"
sh=5289B30273EEBE3ECB6BC5B8D9C4AC1019CC0BB6 ft=1 fh=e93a294cab38fa42 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF8.dll"
sh=7AB8092A1021279F6F5C56D57A3ABDC4186FFA4B ft=1 fh=0a8122557f3ca4eb vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RKU3AFS\{FE30DFF5-F0E6-FC86-2C45-F540EB604757}\components\SystemKHlpFF9.dll"
sh=601143E8287A3F389575923628C350FA60452D45 ft=1 fh=141c647b4a117be5 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RQ53PBH\Madabawi\Avotime32.exe"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RQ53PBH\Madabawi\AVOTIME32_726.ex"
sh=69BE8AA92B40E3DA33C3FD6B825EC16CE4607B16 ft=1 fh=c102d8eb1c1ea776 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RQ53PBH\Madabawi\Rel9\avotime32.exe"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RQ53PBH\Madabawi\Rel9\AVOTIME32_726.ex"
sh=E93540AA8FAEC819EFDA957EEDAD43CCDED26552 ft=1 fh=e7fc1a8e2719cf79 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RQ53PBH\Madabawi\Rel9\orig_avotime32.exe"
sh=FCFBE75F2ECAEA070404497B19EC105A7033F556 ft=1 fh=dcdc497ecf88e96b vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RQ53PBH\Madabawi\Rel9\safes\avotime32.EXE"
sh=FCC82E443011493DF75542548A3363EEA302F673 ft=1 fh=44261ff73ac16540 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RQ53PBH\Madabawi\Rel9\safes\avotime32_Standvor23.11.10.exe"
sh=79C67C009EB9B93E2A8914A9E90FF592887D0F43 ft=1 fh=e4ddbcf87943114f vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\AVOPARTNER\Hauser Friourg\Auftraege Projekte\Juli 2011\00_Auftrag 20072011\Rel_8\avotime32.Tapi.exe"
sh=69BE8AA92B40E3DA33C3FD6B825EC16CE4607B16 ft=1 fh=c102d8eb1c1ea776 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\AVOPARTNER\Hauser Friourg\Auftraege Projekte\Juli 2011\00_Auftrag 20072011\Rel_9\avotime32.exe"
sh=65A6D9BE0B51B61073C01CB6C1CECE9787886A5B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\AVOPARTNER\Hauser Friourg\System\neue Version 7.25 oder so\time.zip"
sh=4620A39C78FC88AFE9A4B59C9DF39333C2226DD3 ft=1 fh=bbea886eca1048d4 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\AVOPARTNER\Hauser Friourg\System\neue Version 7.25 oder so\Time\AVOTIME32.exe"
sh=79C67C009EB9B93E2A8914A9E90FF592887D0F43 ft=1 fh=e4ddbcf87943114f vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\Hauser Friourg\Auftraege Projekte\Juli 2011\00_Auftrag 20072011\Rel_8\avotime32.Tapi.exe"
sh=69BE8AA92B40E3DA33C3FD6B825EC16CE4607B16 ft=1 fh=c102d8eb1c1ea776 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\Hauser Friourg\Auftraege Projekte\Juli 2011\00_Auftrag 20072011\Rel_9\avotime32.exe"
sh=65A6D9BE0B51B61073C01CB6C1CECE9787886A5B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\Hauser Friourg\System\neue Version 7.25 oder so\time.zip"
sh=4620A39C78FC88AFE9A4B59C9DF39333C2226DD3 ft=1 fh=bbea886eca1048d4 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\Hauser Friourg\System\neue Version 7.25 oder so\Time\AVOTIME32.exe"
sh=A6F63DBCF4B5F648E23381E85C27C89BF56F1DB8 ft=1 fh=627bc39b1f7abada vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\Raggenbass\Auftraege Projekte\060201 externe Erfassung\neues exe  Raggenbass\avotime32.exe"
sh=B86EF011297DFE532954AE425D5CA244D1B8D5CB ft=1 fh=8c2d85b32feb7f4d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\Raggenbass\Auftraege Projekte\060201 externe Erfassung\neues exe  Raggenbass\neues exe für Raggenbass_mit KundenNr\avotime32.exe"
sh=65A6D9BE0B51B61073C01CB6C1CECE9787886A5B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\System\7.26\time.zip"
sh=4620A39C78FC88AFE9A4B59C9DF39333C2226DD3 ft=1 fh=bbea886eca1048d4 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\System\7.26\Time\AVOTIME32.exe"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\System\7.26\von ar 22.8.04\AVOTIME32.exe"
sh=6C65CD7ABA825F85874E7F105AD54E43B30A476B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\System\Readme\prog.txt"
sh=6C65CD7ABA825F85874E7F105AD54E43B30A476B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\System\Readme\prog.txt.tmp"
sh=3021509CE0A13F0DA538EE734CE8547B8273C592 ft=1 fh=0f387936d6bc3fb3 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\02 bsX GmbH\000 Administration\91 MAD Pelosi\MADProg\Madabawi\Rel8\avotime32.exe"
sh=6C65CD7ABA825F85874E7F105AD54E43B30A476B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\02 bsX GmbH\030 Partner\101 Infocall Produkte AG\005 System, Programm, Beschreibungen\02 Beschreibungen, Handbuch\Readme\prog.txt"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\07  - Delta zu CD\AVOTIME32.exe"
sh=FCC82E443011493DF75542548A3363EEA302F673 ft=1 fh=44261ff73ac16540 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\08\20.10.06\avotime32.exe"
sh=3AA87D49F33985FB74F542BF5BB990A8D4C04FBB ft=1 fh=1ed567147236dc4f vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\08\Rel8  - Programmfile copy_in_ p_madabawi\avotime32.exe"
sh=00588AD456DEB073DAA084EEECC377E1B2AF574D ft=1 fh=862acd7ad51b12d4 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\08\Rel8  - Programmfile copy_in_ p_madabawi\nicht installiert-kopiert\avotime32.Tapi.exe"
sh=79C67C009EB9B93E2A8914A9E90FF592887D0F43 ft=1 fh=e4ddbcf87943114f vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\08\Rel8.5\avotime32.Tapi.exe"
sh=FF73A21166008085F7730687A0E3682F53F1A5D4 ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\08\Release 8.x inkl. Office2007\avotime32.zip"
sh=69BE8AA92B40E3DA33C3FD6B825EC16CE4607B16 ft=1 fh=c102d8eb1c1ea776 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\09\Rel9 - aktuell\avotime32.exe"
sh=FCFBE75F2ECAEA070404497B19EC105A7033F556 ft=1 fh=dcdc497ecf88e96b vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\09\Rel9 - aktuell\Dezember 2010\avotime32.EXE"
sh=AEB135A42EEF43C462FC9D704A0DDC229CFC05BE ft=1 fh=7e62fb5fb48df9ae vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\09\Rel9_Vista\avotime32.exe"
sh=D3E0FEE4F22AE283794C476AD9932CBFD37FAFAE ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\09\Rel9_Vista\Rel 9 time_bill vista.zip"
sh=3ACD10BD0AED45A8788E9B6B25EB1029A49A8CDC ft=1 fh=1cc59a8c9c8251ed vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\09\Rel9_XP\avotime32.Word2000.Tapi.OutlSeq.R9.exe"
sh=88EC14393CBB5682ED4C419DA51F691A18D27AA8 ft=1 fh=f88a4a1aea63fc96 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\09\Rel9_XP\avotime32.Word2000.Tapi.R9.exe"
sh=1EEF893ABFC756EE2A8612002C1BCDE01B7C84C4 ft=1 fh=083977f0e8175f22 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="E:\Data\90 Daten Systemordner\Desktop\Technik & Pflege\FreeFileSync_6.1_Windows_Setup.exe"
sh=B3CCCBD19DB885F4D6E668A678D1189C6C9AACE2 ft=1 fh=958d383f8941ad98 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="E:\Data\90 Daten Systemordner\Downloads_sys\FreeFileSync_6.9_Windows_Setup.exe"
sh=3ED2B8BD5A2F29E9D734AB0FC8071F7558C1E5B4 ft=1 fh=fe576f1933bbac06 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="E:\Data\90 Daten Systemordner\Downloads_sys\FreemakeVideoConverterSetup.exe"
sh=9CE9B1D4CB453084076F4C1D0472E7634C942BC6 ft=1 fh=f748fc20e8dcd30b vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="E:\Data\90 Daten Systemordner\Downloads_sys\sysrc_trial_25044.exe"
sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Microsoft\Windows\INetCache\IE\4OJ0N9SJ\SPSetup[1].exe"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Microsoft\Windows\INetCache\IE\4OJ0N9SJ\spstub[1].exe"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Microsoft\Windows\INetCache\IE\6PPW86U2\spstub[1].exe"
sh=54BE56B6705EB161677DEE881A9E7B72E5861179 ft=1 fh=f0ed7077fc73dcf1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Microsoft\Windows\INetCache\IE\H6JQ2Q6F\SPSetup[1].exe"
sh=657CD0DD6279F8B2AE512BE54A42024EDD399A33 ft=1 fh=5b82da4391921bb9 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.10.exe"
sh=D1BB99407BCA7C91F7A4AD001A7D85D6705C2719 ft=1 fh=bb9b185e4d7d1709 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.3.exe"
sh=7F7581F90BD4E7CABC1E85879BE2092660E9D5CD ft=1 fh=3a90b09c9cf43697 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\FreemakeVideoDownloader_3.7.0.1.exe"
sh=950B67665E8C9AB1571BEF1717D153D934ACE541 ft=1 fh=c71c0011a7df4c29 vn="Variante von Win32/InstallCore.OO evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_Screenpresso.exe"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\nsb3E39.exe"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\nsf231B.exe"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\nsm25AD.exe"
sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\nss4109.exe"
sh=C1D78D4FCA3A060B7E7435C88DE2C72B326FE7E6 ft=1 fh=5b39ac7221466c9f vn="Mehrere Bedrohungen" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\optprosetup.exe"
sh=9B1AC183D59239187E1E6B7C6771A5485E15D7C2 ft=1 fh=90854c2883740fc0 vn="Variante von Win32/Toolbar.SearchSuite.U evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\SettingsManagerSetup.exe"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\spstub.exe"
sh=520F0D8B3803CE096F70144A06515FD3103AC38E ft=1 fh=ee3be8126730583a vn="Variante von Win32/AdWare.SpeedingUpMyPC.N Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\is1751165634\521356741_stp\OptimizerPro_600.exe"
sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\nsc74C1\SpSetup.exe"
sh=8398427DEE8FECAF5BC25B22C826FC2DC6DF9747 ft=1 fh=81c159dc949cee29 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\nsmE69\SpSetup.exe"
sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\nsnF37E\SpSetup.exe"
sh=4F55D4BA017B76A086E01603094E9EFB0C0104E8 ft=1 fh=ac019d8a7dbf5519 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Data\C_System\Users\Marcel\AppData\Local\Temp\OCS\ocs_v71b.exe"
sh=1EEF893ABFC756EE2A8612002C1BCDE01B7C84C4 ft=1 fh=083977f0e8175f22 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="E:\FileHistory\Marcel\SUGUS\Data\C\Users\Marcel\Desktop\Technik & Pflege\FreeFileSync_6.1_Windows_Setup (2014_05_02 17_20_20 UTC).exe"
sh=1EEF893ABFC756EE2A8612002C1BCDE01B7C84C4 ft=1 fh=083977f0e8175f22 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="E:\FileHistory\Marcel\SUGUS\Data\F\90 Daten Systemordner\Desktop\Technik & Pflege\FreeFileSync_6.1_Windows_Setup (2014_05_07 15_35_52 UTC).exe"
sh=1EEF893ABFC756EE2A8612002C1BCDE01B7C84C4 ft=1 fh=083977f0e8175f22 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="E:\FileHistory\Marcel\SUGUS\Data\F\90 Daten Systemordner\Desktop\Technik & Pflege\FreeFileSync_6.1_Windows_Setup (2014_08_08 13_28_41 UTC).exe"
sh=1EEF893ABFC756EE2A8612002C1BCDE01B7C84C4 ft=1 fh=083977f0e8175f22 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="E:\FileHistory\Marcel\SUGUS\Data\F\90 Daten Systemordner\Desktop\Technik & Pflege\FreeFileSync_6.1_Windows_Setup (2014_10_08 18_47_07 UTC).exe"
sh=B3CCCBD19DB885F4D6E668A678D1189C6C9AACE2 ft=1 fh=958d383f8941ad98 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="E:\FileHistory\Marcel\SUGUS\Data\F\90 Daten Systemordner\Downloads_sys\FreeFileSync_6.9_Windows_Setup (2014_09_17 17_42_09 UTC).exe"
sh=3ED2B8BD5A2F29E9D734AB0FC8071F7558C1E5B4 ft=1 fh=fe576f1933bbac06 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="E:\FileHistory\Marcel\SUGUS\Data\F\90 Daten Systemordner\Downloads_sys\FreemakeVideoConverterSetup (2014_09_06 05_51_39 UTC).exe"
sh=4DADC026B04569BC580BBB9138DAFF944CAAF92C ft=1 fh=a616740a9ab0cde5 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="E:\FileHistory\Marcel\SUGUS\Data\F\90 Daten Systemordner\Downloads_sys\FreemakeVideoDownloaderSetup (2014_05_31 19_20_42 UTC).exe"
sh=4DADC026B04569BC580BBB9138DAFF944CAAF92C ft=1 fh=a616740a9ab0cde5 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="E:\FileHistory\Marcel\SUGUS\Data\F\90 Daten Systemordner\Downloads_sys\FreemakeVideoDownloaderSetup(1) (2014_05_31 19_20_42 UTC).exe"
sh=5FF75E47B5E22A057D6D81D6EAEA739A88077197 ft=1 fh=01cf50edef12dca3 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\FileHistory\Marcel\SUGUS\Data\F\90 Daten Systemordner\Downloads_sys\inSSIDer Home letzte Freeware Version - CHIP-Installer (2014_05_24 08_11_46 UTC).exe"
sh=6E51A0BF424669DC4DD75C8E7FC770EA0074FC66 ft=1 fh=7dcb11e98a7351ec vn="Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung" ac=I fn="E:\FileHistory\Marcel\SUGUS\Data\F\90 Daten Systemordner\Downloads_sys\Q-Dir_Installer_x64_CB-DL-Manager (2014_10_03 15_59_59 UTC).exe"
sh=071DD1E7E7CFB838DD3E41AF780458DAEF0A93DF ft=1 fh=875442ad9de4cf35 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="E:\FileHistory\Marcel\SUGUS\Data\F\90 Daten Systemordner\Downloads_sys\SoftonicDownloader_fuer_shellexview (2014_05_14 12_14_57 UTC).exe"
sh=9CE9B1D4CB453084076F4C1D0472E7634C942BC6 ft=1 fh=f748fc20e8dcd30b vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="E:\FileHistory\Marcel\SUGUS\Data\F\90 Daten Systemordner\Downloads_sys\sysrc_trial_25044 (2014_10_03 08_16_59 UTC).exe"
sh=8C514C5716EA642130E984C9DF82AA85D79078B6 ft=1 fh=759f33758147d932 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\FileHistory\Marcel\SUGUS\Data\F\90 Daten Systemordner\Downloads_sys\Vollversion Ashampoo Snap - CHIP-Installer (2014_06_11 15_00_57 UTC).exe"
sh=601143E8287A3F389575923628C350FA60452D45 ft=1 fh=141c647b4a117be5 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\RECYCLER\S-1-5-21-2941558105-2386079395-355706368-1007\Dg6\Madabawi\Avotime32.exe"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\RECYCLER\S-1-5-21-2941558105-2386079395-355706368-1007\Dg6\Madabawi\AVOTIME32_726.ex"
sh=69BE8AA92B40E3DA33C3FD6B825EC16CE4607B16 ft=1 fh=c102d8eb1c1ea776 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\RECYCLER\S-1-5-21-2941558105-2386079395-355706368-1007\Dg6\Madabawi\Rel9\avotime32.exe"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\RECYCLER\S-1-5-21-2941558105-2386079395-355706368-1007\Dg6\Madabawi\Rel9\AVOTIME32_726.ex"
sh=E93540AA8FAEC819EFDA957EEDAD43CCDED26552 ft=1 fh=e7fc1a8e2719cf79 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\RECYCLER\S-1-5-21-2941558105-2386079395-355706368-1007\Dg6\Madabawi\Rel9\orig_avotime32.exe"
sh=FCFBE75F2ECAEA070404497B19EC105A7033F556 ft=1 fh=dcdc497ecf88e96b vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\RECYCLER\S-1-5-21-2941558105-2386079395-355706368-1007\Dg6\Madabawi\Rel9\safes\avotime32.EXE"
sh=FCC82E443011493DF75542548A3363EEA302F673 ft=1 fh=44261ff73ac16540 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\RECYCLER\S-1-5-21-2941558105-2386079395-355706368-1007\Dg6\Madabawi\Rel9\safes\avotime32_Standvor23.11.10.exe"
sh=DD64182CDA7D98D95CB9EE831BDB331296259D69 ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_Adarvo_Themen\bsx.net.rar"
sh=6C65CD7ABA825F85874E7F105AD54E43B30A476B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_Adarvo_Themen\bsx.net\101 Infocall Produkte AG\005 System, Programm, Beschreibungen\02 Beschreibungen, Handbuch\Readme\prog.txt"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_Madaba Technik\01 Releases\07  - Delta zu CD\AVOTIME32.exe"
sh=FCC82E443011493DF75542548A3363EEA302F673 ft=1 fh=44261ff73ac16540 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_Madaba Technik\01 Releases\08\20.10.06\avotime32.exe"
sh=3AA87D49F33985FB74F542BF5BB990A8D4C04FBB ft=1 fh=1ed567147236dc4f vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_Madaba Technik\01 Releases\08\Rel8  - Programmfile copy_in_ p_madabawi\avotime32.exe"
sh=00588AD456DEB073DAA084EEECC377E1B2AF574D ft=1 fh=862acd7ad51b12d4 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_Madaba Technik\01 Releases\08\Rel8  - Programmfile copy_in_ p_madabawi\nicht installiert-kopiert\avotime32.Tapi.exe"
sh=79C67C009EB9B93E2A8914A9E90FF592887D0F43 ft=1 fh=e4ddbcf87943114f vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_Madaba Technik\01 Releases\08\Rel8.5\avotime32.Tapi.exe"
sh=FF73A21166008085F7730687A0E3682F53F1A5D4 ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_Madaba Technik\01 Releases\08\Release 8.x inkl. Office2007\avotime32.zip"
sh=FCFBE75F2ECAEA070404497B19EC105A7033F556 ft=1 fh=dcdc497ecf88e96b vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_Madaba Technik\01 Releases\09\Rel9 - aktuell\avotime32.EXE"
sh=AEB135A42EEF43C462FC9D704A0DDC229CFC05BE ft=1 fh=7e62fb5fb48df9ae vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_Madaba Technik\01 Releases\09\Rel9_Vista\avotime32.exe"
sh=D3E0FEE4F22AE283794C476AD9932CBFD37FAFAE ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_Madaba Technik\01 Releases\09\Rel9_Vista\Rel 9 time_bill vista.zip"
sh=3ACD10BD0AED45A8788E9B6B25EB1029A49A8CDC ft=1 fh=1cc59a8c9c8251ed vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_Madaba Technik\01 Releases\09\Rel9_XP\avotime32.Word2000.Tapi.OutlSeq.R9.exe"
sh=88EC14393CBB5682ED4C419DA51F691A18D27AA8 ft=1 fh=f88a4a1aea63fc96 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_Madaba Technik\01 Releases\09\Rel9_XP\avotime32.Word2000.Tapi.R9.exe"
sh=601143E8287A3F389575923628C350FA60452D45 ft=1 fh=141c647b4a117be5 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_P_Mad_prog\Madabawi\Avotime32.exe"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_P_Mad_prog\Madabawi\AVOTIME32_726.ex"
sh=FCC82E443011493DF75542548A3363EEA302F673 ft=1 fh=44261ff73ac16540 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_P_Mad_prog\Madabawi\Rel8\avotime32.exe"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_P_Mad_prog\Madabawi\Rel8\AVOTIME32_726.ex"
sh=E93540AA8FAEC819EFDA957EEDAD43CCDED26552 ft=1 fh=e7fc1a8e2719cf79 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\_P_Mad_prog\Madabawi\Rel8\orig_avotime32.exe"
sh=6E51A0BF424669DC4DD75C8E7FC770EA0074FC66 ft=1 fh=7dcb11e98a7351ec vn="Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$R7DYHIU.exe"
sh=B3CCCBD19DB885F4D6E668A678D1189C6C9AACE2 ft=1 fh=958d383f8941ad98 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$R9KC0BQ.exe"
sh=6E51A0BF424669DC4DD75C8E7FC770EA0074FC66 ft=1 fh=7dcb11e98a7351ec vn="Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RASKOZL.exe"
sh=3ED2B8BD5A2F29E9D734AB0FC8071F7558C1E5B4 ft=1 fh=fe576f1933bbac06 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$ROBVQ2Y.exe"
sh=9CE9B1D4CB453084076F4C1D0472E7634C942BC6 ft=1 fh=f748fc20e8dcd30b vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RUY4ZRG.exe"
sh=79C67C009EB9B93E2A8914A9E90FF592887D0F43 ft=1 fh=e4ddbcf87943114f vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\AVOPARTNER\Hauser Friourg\Auftraege Projekte\Juli 2011\00_Auftrag 20072011\Rel_8\avotime32.Tapi.exe"
sh=69BE8AA92B40E3DA33C3FD6B825EC16CE4607B16 ft=1 fh=c102d8eb1c1ea776 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\AVOPARTNER\Hauser Friourg\Auftraege Projekte\Juli 2011\00_Auftrag 20072011\Rel_9\avotime32.exe"
sh=65A6D9BE0B51B61073C01CB6C1CECE9787886A5B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\AVOPARTNER\Hauser Friourg\System\neue Version 7.25 oder so\time.zip"
sh=4620A39C78FC88AFE9A4B59C9DF39333C2226DD3 ft=1 fh=bbea886eca1048d4 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\AVOPARTNER\Hauser Friourg\System\neue Version 7.25 oder so\Time\AVOTIME32.exe"
sh=A6F63DBCF4B5F648E23381E85C27C89BF56F1DB8 ft=1 fh=627bc39b1f7abada vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\Raggenbass\Auftraege Projekte\060201 externe Erfassung\neues exe  Raggenbass\avotime32.exe"
sh=B86EF011297DFE532954AE425D5CA244D1B8D5CB ft=1 fh=8c2d85b32feb7f4d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\Raggenbass\Auftraege Projekte\060201 externe Erfassung\neues exe  Raggenbass\neues exe für Raggenbass_mit KundenNr\avotime32.exe"
sh=65A6D9BE0B51B61073C01CB6C1CECE9787886A5B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\System\7.26\time.zip"
sh=4620A39C78FC88AFE9A4B59C9DF39333C2226DD3 ft=1 fh=bbea886eca1048d4 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\System\7.26\Time\AVOTIME32.exe"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\System\7.26\von ar 22.8.04\AVOTIME32.exe"
sh=6C65CD7ABA825F85874E7F105AD54E43B30A476B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\System\Readme\prog.txt"
sh=6C65CD7ABA825F85874E7F105AD54E43B30A476B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\02 bsX GmbH\030 Partner\101 Infocall Produkte AG\005 System, Programm, Beschreibungen\02 Beschreibungen, Handbuch\Readme\prog.txt"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\40 Madaba Technik\01 Releases\07  - Delta zu CD\AVOTIME32.exe"
sh=FCC82E443011493DF75542548A3363EEA302F673 ft=1 fh=44261ff73ac16540 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\40 Madaba Technik\01 Releases\08\20.10.06\avotime32.exe"
sh=3AA87D49F33985FB74F542BF5BB990A8D4C04FBB ft=1 fh=1ed567147236dc4f vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\40 Madaba Technik\01 Releases\08\Rel8  - Programmfile copy_in_ p_madabawi\avotime32.exe"
sh=00588AD456DEB073DAA084EEECC377E1B2AF574D ft=1 fh=862acd7ad51b12d4 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\40 Madaba Technik\01 Releases\08\Rel8  - Programmfile copy_in_ p_madabawi\nicht installiert-kopiert\avotime32.Tapi.exe"
sh=79C67C009EB9B93E2A8914A9E90FF592887D0F43 ft=1 fh=e4ddbcf87943114f vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\40 Madaba Technik\01 Releases\08\Rel8.5\avotime32.Tapi.exe"
sh=FF73A21166008085F7730687A0E3682F53F1A5D4 ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\40 Madaba Technik\01 Releases\08\Release 8.x inkl. Office2007\avotime32.zip"
sh=69BE8AA92B40E3DA33C3FD6B825EC16CE4607B16 ft=1 fh=c102d8eb1c1ea776 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\40 Madaba Technik\01 Releases\09\Rel9 - aktuell\avotime32.exe"
sh=FCFBE75F2ECAEA070404497B19EC105A7033F556 ft=1 fh=dcdc497ecf88e96b vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\40 Madaba Technik\01 Releases\09\Rel9 - aktuell\Dezember 2010\avotime32.EXE"
sh=AEB135A42EEF43C462FC9D704A0DDC229CFC05BE ft=1 fh=7e62fb5fb48df9ae vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\40 Madaba Technik\01 Releases\09\Rel9_Vista\avotime32.exe"
sh=D3E0FEE4F22AE283794C476AD9932CBFD37FAFAE ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\40 Madaba Technik\01 Releases\09\Rel9_Vista\Rel 9 time_bill vista.zip"
sh=3ACD10BD0AED45A8788E9B6B25EB1029A49A8CDC ft=1 fh=1cc59a8c9c8251ed vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\40 Madaba Technik\01 Releases\09\Rel9_XP\avotime32.Word2000.Tapi.OutlSeq.R9.exe"
sh=88EC14393CBB5682ED4C419DA51F691A18D27AA8 ft=1 fh=f88a4a1aea63fc96 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="F:\10 Business\40 Madaba Technik\01 Releases\09\Rel9_XP\avotime32.Word2000.Tapi.R9.exe"
sh=1EEF893ABFC756EE2A8612002C1BCDE01B7C84C4 ft=1 fh=083977f0e8175f22 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="F:\90 Daten Systemordner\Desktop\Technik & Pflege\FreeFileSync_6.1_Windows_Setup.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.9016)   
 Java 7 Update 65  
 Java version out of Date! 
 Adobe Flash Player 	15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0.3) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
[b][u]````````````````````End of Log```````

sugus666 · 12.10.2014, 09:09

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Marcel (administrator) on SUGUS on 12-10-2014 10:08:15
Running from F:\90 Daten Systemordner\Downloads_sys
Loaded Profile: Marcel (Available profiles: Marcel & Administrator)
Platform: Windows 8.1 (X64) OS Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Learnpulse) C:\Users\Marcel\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
(Docking Station) C:\Program Files (x86)\Lenovo\USB3.0 Dock\igpxtskmgn64win8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Nenad Hrg (SoftwareOK.com)) C:\Program Files\Q-Dir\Q-Dir.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() F:\90 Daten Systemordner\Downloads_sys\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13656792 2013-10-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-02] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-03-28] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-03-28] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59923440 2014-03-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-03-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2014-09-29] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119280 2014-01-06] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [My Swisscom Assistant] => C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe [7503792 2014-02-27] (Swisscom (Schweiz) AG)
HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2322944 2014-04-08] (FileZilla Project)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-10-10] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3121602427-3534730855-1075997385-1001\...\Run: [Screenpresso] => C:\Users\Marcel\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe [10983952 2014-09-22] (Learnpulse)
HKU\S-1-5-21-3121602427-3534730855-1075997385-1001\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe
HKU\S-1-5-21-3121602427-3534730855-1075997385-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\igpxtskmgn.lnk
ShortcutTarget: igpxtskmgn.lnk -> C:\Program Files (x86)\Lenovo\USB3.0 Dock\igpxtskmgn64win8.exe (Docking Station)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.bat ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {72A5F580-1FA0-4C34-B0EF-61D4BC34A5E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 - {72A5F580-1FA0-4C34-B0EF-61D4BC34A5E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - {72A5F580-1FA0-4C34-B0EF-61D4BC34A5E0} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/00%20A%20Temp/001%20USB%20DOking/launch.ocx
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: Xmarks - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\Extensions\foxmarks@kei.com [2014-09-17]
FF Extension: My Swisscom Assistant - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\Extensions\{6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B} [2014-05-15]
FF Extension: Tab Mix Plus - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\kwtr2tzx.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-09-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-10]

Chrome: 
=======
CHR HomePage: Default -> 5FD6602D6B86A539C20686A1CB99B2A780E1A1B0780E37D75CFE014D717112F9
CHR DefaultSearchKeyword: Default -> EAFAF2E251F5C83F62CB63AD81023B5FB20496766E0889D628FF70BF605D17BF
CHR DefaultSearchProvider: Default -> CBBC6EA8E082BD16B2A69866DD930199149DEE49A5BCF3BB7FD7F2C04244576E
CHR DefaultSearchURL: Default -> F8CEC1F60F4DF2499FE13DC23D37B09D4D1C193EFF015B5343DE7CB3D72DACAA
CHR Profile: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-10]
CHR Extension: (Google Docs) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-10]
CHR Extension: (Google Drive) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-10]
CHR Extension: (YouTube) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-10]
CHR Extension: (Google-Suche) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-10]
CHR Extension: (Google Tabellen) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-10]
CHR Extension: (Avira Browser Safety) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-10]
CHR Extension: (avast! Online Security) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-10]
CHR Extension: (Google Mail) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-10] (AVAST Software)
R2 Crypkey License; C:\windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-02] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-02] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-02] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-02] (Intel Corporation)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [627712 2014-04-08] (FileZilla Project) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-04] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-08-18] (LENOVO INCORPORATED.)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-03-28] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2014-01-08] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2014-03-28] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2014-03-28] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2014-09-29] (Copyright 2013 SAMSUNG)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-03-28] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [34576 2014-03-28] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2014-01-07] ()
S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]
S4 McOobeSv2; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-10] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-10] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-10] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-10] ()
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-10-07] ()
R3 dlcdcncm6_x64; C:\Windows\system32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-11] (DisplayLink Corp.)
R3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [203152 2013-10-11] (DisplayLink Corp.)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-02] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-02] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-02] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-19] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 qzozigbn; C:\Windows\System32\Drivers\qzozigbn.sys [423240 2014-05-07] (AVAST Software)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 sidtohjv; C:\Windows\System32\Drivers\sidtohjv.sys [423240 2014-05-04] (AVAST Software)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-29] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1527928 2013-08-23] (Sunplus)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-05-07] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 PCASp60; System32\Drivers\PCASp60.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 07:34 - 2014-10-10 07:34 - 00001993 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-10 07:34 - 2014-10-10 07:34 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\AVAST Software
2014-10-10 07:34 - 2014-10-10 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-10 07:33 - 2014-10-10 07:34 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-10-10 07:33 - 2014-10-10 07:33 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-10-10 07:33 - 2014-10-10 07:33 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-10-10 07:33 - 2014-10-10 07:33 - 00426848 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.1412919230218
2014-10-10 07:33 - 2014-10-10 07:33 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-10-10 07:33 - 2014-10-10 07:33 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-10-10 07:33 - 2014-10-10 07:33 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-10-10 07:33 - 2014-10-10 07:33 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-10-10 07:33 - 2014-10-10 07:33 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-10-10 07:33 - 2014-10-10 07:33 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-10-10 07:33 - 2014-10-10 07:33 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-10-10 07:33 - 2014-10-10 07:33 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-10-10 07:32 - 2014-10-10 07:32 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-10 00:16 - 2014-10-10 00:16 - 00001716 _____ () C:\Users\Marcel\Desktop\JRT.txt
2014-10-10 00:14 - 2014-10-10 00:14 - 00000000 ____D () C:\windows\ERUNT
2014-10-09 23:27 - 2014-10-12 09:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 23:26 - 2014-10-09 23:26 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-09 23:26 - 2014-10-09 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-09 23:26 - 2014-10-09 23:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-09 23:26 - 2014-10-09 23:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-09 23:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-09 23:26 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-09 23:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-09 23:20 - 2014-10-09 23:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-08 17:30 - 2014-10-12 10:08 - 00000000 ____D () C:\FRST
2014-10-03 11:30 - 2014-10-03 17:10 - 00000000 ____D () C:\Program Files\Q-Dir
2014-10-03 11:19 - 2014-10-03 11:19 - 00000000 ____D () C:\Users\Marcel\AppData\Local\GHISLER
2014-10-03 11:17 - 2014-10-03 11:17 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\GHISLER
2014-10-03 09:03 - 2014-10-03 09:18 - 00000004 _____ () C:\windows\vx86036.dat
2014-10-03 09:03 - 2014-10-03 09:13 - 00000260 _____ () C:\CKINFO.TXT
2014-10-03 09:03 - 2014-10-03 09:03 - 00000000 ____D () C:\ProgramData\CrypKey
2014-10-03 09:02 - 2014-10-10 00:12 - 00035991 _____ () C:\windows\errord.log
2014-10-03 09:02 - 2014-10-10 00:12 - 00000620 _____ () C:\windows\error.log
2014-10-03 09:02 - 2014-10-03 09:18 - 00003360 _____ () C:\windows\system32\esnecil.ind
2014-10-03 09:02 - 2014-10-03 09:18 - 00000127 _____ () C:\windows\Crypkey.ini
2014-10-03 09:02 - 2014-10-03 09:18 - 00000000 ____D () C:\Program Files\Stellar Phoenix Outlook PST Repair
2014-10-03 09:02 - 2008-05-08 01:29 - 00122880 _____ (CrypKey (Canada) Ltd.) C:\windows\system32\Crypserv.exe
2014-10-03 09:02 - 2008-03-17 19:12 - 00028664 _____ () C:\windows\system32\Ckldrv.sys
2014-10-03 09:02 - 1999-06-18 22:49 - 00165888 _____ (Kenonic Controls) C:\windows\Ckconfig.exe
2014-10-03 09:02 - 1996-05-03 18:21 - 00027648 ____R () C:\windows\Setup_ck.exe
2014-10-03 09:02 - 1996-05-03 16:36 - 00018432 _____ () C:\windows\Setup_ck.dll
2014-10-03 09:02 - 1995-07-04 19:33 - 00011776 _____ () C:\windows\Ckrfresh.exe
2014-10-02 18:42 - 2014-10-02 18:42 - 00003974 _____ () C:\windows\System32\Tasks\4Team updater
2014-10-02 18:41 - 2014-10-03 16:56 - 00000000 ____D () C:\Program Files (x86)\4Team Corporation
2014-10-02 18:41 - 2014-10-02 18:41 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\4Team
2014-10-02 18:41 - 2014-10-02 18:41 - 00000000 ____D () C:\Users\Marcel\AppData\Local\IsolatedStorage
2014-10-02 09:40 - 2014-10-02 09:40 - 00000000 ____D () C:\Neuer Ordner
2014-10-01 09:42 - 2014-10-09 12:03 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\FileZilla
2014-09-26 15:41 - 2014-09-30 08:40 - 00000000 ____D () C:\Users\Marcel\Tracing
2014-09-26 15:40 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2014-09-26 15:40 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2014-09-26 15:40 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2014-09-26 15:40 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2014-09-26 15:40 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2014-09-26 15:40 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2014-09-26 15:40 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2014-09-26 15:40 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2014-09-26 15:39 - 2014-09-26 15:39 - 00002242 _____ () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-09-26 15:39 - 2014-09-26 15:39 - 00002147 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-09-26 15:39 - 2014-09-26 15:39 - 00002147 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-09-26 15:39 - 2014-09-26 15:39 - 00000196 _____ () C:\windows\DirectX.log
2014-09-26 15:39 - 2014-09-26 15:39 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2014-09-26 15:39 - 2014-09-26 15:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-09-26 15:39 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_42.dll
2014-09-26 15:39 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_42.dll
2014-09-26 15:39 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_32.dll
2014-09-26 15:39 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_32.dll
2014-09-26 15:38 - 2014-09-30 08:54 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Windows Live
2014-09-25 13:13 - 2014-10-08 16:50 - 00003718 _____ () C:\windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-09-25 13:13 - 2014-09-25 13:13 - 00003476 _____ () C:\windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-09-25 09:57 - 2014-09-25 09:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 17:16 - 2014-09-24 17:16 - 00000000 ____D () C:\Users\Marcel\AppData\Local\FreemakeVideoDownloader
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\Program Files\iTunes
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\Program Files\iPod
2014-09-16 09:11 - 2014-09-16 09:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-15 08:43 - 2014-07-24 17:28 - 00468288 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-09-15 08:43 - 2014-07-24 17:28 - 00419648 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-09-15 08:43 - 2014-07-24 17:28 - 00412992 ____C (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2014-09-15 08:43 - 2014-07-24 17:28 - 00280384 ____C (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys
2014-09-15 08:43 - 2014-07-24 17:28 - 00143680 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-09-15 08:43 - 2014-07-24 17:25 - 00054752 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-09-15 08:43 - 2014-07-24 17:23 - 01519488 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-09-15 08:43 - 2014-07-24 17:23 - 00125472 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2014-09-15 08:43 - 2014-07-24 17:20 - 21266336 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-09-15 08:43 - 2014-07-24 17:20 - 00645592 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-09-15 08:43 - 2014-07-24 17:20 - 00263400 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlows.exe
2014-09-15 08:43 - 2014-07-24 17:16 - 02574208 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-09-15 08:43 - 2014-07-24 17:16 - 00211216 _____ (Microsoft Corporation) C:\windows\system32\SndVol.exe
2014-09-15 08:43 - 2014-07-24 17:07 - 07424320 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-09-15 08:43 - 2014-07-24 17:07 - 02009920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-09-15 08:43 - 2014-07-24 17:05 - 01660048 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-09-15 08:43 - 2014-07-24 17:05 - 01519560 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-09-15 08:43 - 2014-07-24 17:05 - 01488008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-09-15 08:43 - 2014-07-24 17:05 - 01356840 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-09-15 08:43 - 2014-07-24 17:03 - 02141920 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00882136 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00818624 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00360480 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00233888 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-09-15 08:43 - 2014-07-24 17:03 - 00205512 _____ (Microsoft Corporation) C:\windows\system32\mftranscode.dll
2014-09-15 08:43 - 2014-07-24 16:57 - 02515264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-09-15 08:43 - 2014-07-24 16:57 - 00475968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-09-15 08:43 - 2014-07-24 15:50 - 00098048 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2014-09-15 08:43 - 2014-07-24 15:48 - 02410976 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-09-15 08:43 - 2014-07-24 15:48 - 00180208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SndVol.exe
2014-09-15 08:43 - 2014-07-24 15:46 - 18760328 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-09-15 08:43 - 2014-07-24 15:46 - 00477200 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 02145472 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 00707536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 00674512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 00355800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll
2014-09-15 08:43 - 2014-07-24 15:36 - 00180720 _____ (Microsoft Corporation) C:\windows\SysWOW64\mftranscode.dll
2014-09-15 08:43 - 2014-07-24 13:51 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTT102.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-09-15 08:43 - 2014-07-24 13:51 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-09-15 08:43 - 2014-07-24 13:47 - 00132608 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-09-15 08:43 - 2014-07-24 13:46 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-09-15 08:43 - 2014-07-24 13:45 - 00076800 ____C (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-09-15 08:43 - 2014-07-24 13:44 - 00674816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-09-15 08:43 - 2014-07-24 13:43 - 00412160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2014-09-15 08:43 - 2014-07-24 13:42 - 01200640 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2014-09-15 08:43 - 2014-07-24 13:42 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nwifi.sys
2014-09-15 08:43 - 2014-07-24 13:42 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NdisImPlatform.sys
2014-09-15 08:43 - 2014-07-24 13:41 - 00118272 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthpan.sys
2014-09-15 08:43 - 2014-07-24 13:41 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bridge.sys
2014-09-15 08:43 - 2014-07-24 13:33 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-09-15 08:43 - 2014-07-24 13:33 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-09-15 08:43 - 2014-07-24 13:22 - 00308736 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2014-09-15 08:43 - 2014-07-24 13:06 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\iasnap.dll
2014-09-15 08:43 - 2014-07-24 13:05 - 00287232 _____ (Microsoft Corporation) C:\windows\system32\usbmon.dll
2014-09-15 08:43 - 2014-07-24 13:05 - 00226816 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-09-15 08:43 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-09-15 08:43 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTT102.DLL
2014-09-15 08:43 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-09-15 08:43 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2014-09-15 08:43 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-09-15 08:43 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-09-15 08:43 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-09-15 08:43 - 2014-07-24 12:49 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\WorkFoldersGPExt.dll
2014-09-15 08:43 - 2014-07-24 12:33 - 00026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-09-15 08:43 - 2014-07-24 12:32 - 00207360 _____ (Microsoft Corporation) C:\windows\system32\powercfg.cpl
2014-09-15 08:43 - 2014-07-24 12:20 - 02050560 _____ (Microsoft Corporation) C:\windows\system32\SRH.dll
2014-09-15 08:43 - 2014-07-24 12:18 - 01089024 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-09-15 08:43 - 2014-07-24 12:12 - 00878592 _____ (Microsoft Corporation) C:\windows\system32\ActionCenter.dll
2014-09-15 08:43 - 2014-07-24 12:10 - 01844224 _____ (Microsoft Corporation) C:\windows\system32\Display.dll
2014-09-15 08:43 - 2014-07-24 12:10 - 00834560 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-09-15 08:43 - 2014-07-24 12:10 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-09-15 08:43 - 2014-07-24 12:10 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\iasnap.dll
2014-09-15 08:43 - 2014-07-24 12:09 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-09-15 08:43 - 2014-07-24 12:06 - 00438272 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2014-09-15 08:43 - 2014-07-24 12:05 - 00187392 _____ (Microsoft Corporation) C:\windows\system32\WorkFoldersShell.dll
2014-09-15 08:43 - 2014-07-24 11:53 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\prnntfy.dll
2014-09-15 08:43 - 2014-07-24 11:52 - 00621056 _____ (Microsoft Corporation) C:\windows\system32\comdlg32.dll
2014-09-15 08:43 - 2014-07-24 11:44 - 16874496 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-09-15 08:43 - 2014-07-24 11:42 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\powercfg.cpl
2014-09-15 08:43 - 2014-07-24 11:40 - 00557056 _____ (Microsoft Corporation) C:\windows\system32\PrintDialogs.dll
2014-09-15 08:43 - 2014-07-24 11:39 - 00770048 _____ (Microsoft Corporation) C:\windows\system32\WorkfoldersControl.dll
2014-09-15 08:43 - 2014-07-24 11:33 - 01741824 _____ (Microsoft Corporation) C:\windows\SysWOW64\SRH.dll
2014-09-15 08:43 - 2014-07-24 11:32 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-09-15 08:43 - 2014-07-24 11:27 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-09-15 08:43 - 2014-07-24 11:27 - 00779264 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-09-15 08:43 - 2014-07-24 11:25 - 00832512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ActionCenter.dll
2014-09-15 08:43 - 2014-07-24 11:24 - 01817088 _____ (Microsoft Corporation) C:\windows\SysWOW64\Display.dll
2014-09-15 08:43 - 2014-07-24 11:23 - 00328704 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2014-09-15 08:43 - 2014-07-24 11:21 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\browser.dll
2014-09-15 08:43 - 2014-07-24 11:18 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wlansvcpal.dll
2014-09-15 08:43 - 2014-07-24 11:16 - 12730880 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-09-15 08:43 - 2014-07-24 11:14 - 00443904 _____ (Microsoft Corporation) C:\windows\system32\wlansec.dll
2014-09-15 08:43 - 2014-07-24 11:13 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\prnntfy.dll
2014-09-15 08:43 - 2014-07-24 11:12 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\WiFiDisplay.dll
2014-09-15 08:43 - 2014-07-24 11:11 - 00356864 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-09-15 08:43 - 2014-07-24 11:11 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\wshbth.dll
2014-09-15 08:43 - 2014-07-24 11:10 - 00540672 _____ (Microsoft Corporation) C:\windows\SysWOW64\comdlg32.dll
2014-09-15 08:43 - 2014-07-24 11:09 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\httpprxm.dll
2014-09-15 08:43 - 2014-07-24 11:04 - 00492032 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintDialogs.dll
2014-09-15 08:43 - 2014-07-24 11:04 - 00183808 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2014-09-15 08:43 - 2014-07-24 11:03 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2014-09-15 08:43 - 2014-07-24 11:02 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-09-15 08:43 - 2014-07-24 10:58 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\BluetoothApis.dll
2014-09-15 08:43 - 2014-07-24 10:53 - 01261056 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2014-09-15 08:43 - 2014-07-24 10:53 - 00449536 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2014-09-15 08:43 - 2014-07-24 10:49 - 01361408 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-09-15 08:43 - 2014-07-24 10:49 - 01287680 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll
2014-09-15 08:43 - 2014-07-24 10:49 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\wlanapi.dll
2014-09-15 08:43 - 2014-07-24 10:49 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\adhsvc.dll
2014-09-15 08:43 - 2014-07-24 10:48 - 00659968 _____ (Microsoft Corporation) C:\windows\system32\Windows.Devices.Bluetooth.dll
2014-09-15 08:43 - 2014-07-24 10:47 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-09-15 08:43 - 2014-07-24 10:43 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshbth.dll
2014-09-15 08:43 - 2014-07-24 10:39 - 02397184 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2014-09-15 08:43 - 2014-07-24 10:38 - 00371200 _____ (Microsoft Corporation) C:\windows\system32\wlanmsm.dll
2014-09-15 08:43 - 2014-07-24 10:36 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\BluetoothApis.dll
2014-09-15 08:43 - 2014-07-24 10:32 - 01532416 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll
2014-09-15 08:43 - 2014-07-24 10:30 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanapi.dll
2014-09-15 08:43 - 2014-07-24 10:29 - 00439296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-15 08:43 - 2014-07-24 10:28 - 00595456 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.dll
2014-09-15 08:43 - 2014-07-24 10:27 - 00907776 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2014-09-15 08:43 - 2014-07-24 10:24 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 08:43 - 2014-07-24 10:23 - 01404416 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2014-09-15 08:43 - 2014-07-24 10:22 - 00487936 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv
2014-09-15 08:43 - 2014-07-24 10:21 - 01231872 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.dll
2014-09-15 08:43 - 2014-07-24 10:21 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanmsm.dll
2014-09-15 08:43 - 2014-07-24 10:20 - 00187392 _____ (Microsoft Corporation) C:\windows\system32\puiapi.dll
2014-09-15 08:43 - 2014-07-24 10:19 - 00388608 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-09-15 08:43 - 2014-07-24 10:18 - 01144320 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll
2014-09-15 08:43 - 2014-07-24 10:18 - 00795136 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe
2014-09-15 08:43 - 2014-07-24 10:18 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-09-15 08:43 - 2014-07-24 10:16 - 00505344 _____ (Microsoft Corporation) C:\windows\system32\VAN.dll
2014-09-15 08:43 - 2014-07-24 10:16 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\wpdbusenum.dll
2014-09-15 08:43 - 2014-07-24 10:15 - 00828416 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-09-15 08:43 - 2014-07-24 10:15 - 00721408 _____ (Microsoft Corporation) C:\windows\system32\twinapi.dll
2014-09-15 08:43 - 2014-07-24 10:15 - 00432128 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.dll
2014-09-15 08:43 - 2014-07-24 10:13 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\SndVolSSO.dll
2014-09-15 08:43 - 2014-07-24 10:12 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 08:43 - 2014-07-24 10:10 - 01029632 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-09-15 08:43 - 2014-07-24 10:10 - 00889344 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.dll
2014-09-15 08:43 - 2014-07-24 10:10 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-09-15 08:43 - 2014-07-24 10:10 - 00371712 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv
2014-09-15 08:43 - 2014-07-24 10:08 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2014-09-15 08:43 - 2014-07-24 10:08 - 00162816 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiapi.dll
2014-09-15 08:43 - 2014-07-24 10:07 - 01705472 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-09-15 08:43 - 2014-07-24 10:06 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-09-15 08:43 - 2014-07-24 10:05 - 00448000 _____ (Microsoft Corporation) C:\windows\SysWOW64\VAN.dll
2014-09-15 08:43 - 2014-07-24 10:04 - 00667136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-09-15 08:43 - 2014-07-24 10:02 - 03465216 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-09-15 08:43 - 2014-07-24 10:01 - 05833216 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Search.dll
2014-09-15 08:43 - 2014-07-24 10:01 - 01992192 _____ (Microsoft Corporation) C:\windows\system32\XpsPrint.dll
2014-09-15 08:43 - 2014-07-24 10:01 - 01126912 _____ (Microsoft Corporation) C:\windows\system32\SearchFolder.dll
2014-09-15 08:43 - 2014-07-24 10:00 - 02100736 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlowUI.dll
2014-09-15 08:43 - 2014-07-24 09:58 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll
2014-09-15 08:43 - 2014-07-24 09:58 - 00288768 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2014-09-15 08:43 - 2014-07-24 09:54 - 01290752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsPrint.dll
2014-09-15 08:43 - 2014-07-24 09:50 - 01182208 _____ (Microsoft Corporation) C:\windows\system32\printui.dll
2014-09-15 08:43 - 2014-07-24 09:50 - 00923136 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-09-15 08:43 - 2014-07-24 09:49 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\DafPrintProvider.dll
2014-09-15 08:43 - 2014-07-24 09:47 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2014-09-15 08:43 - 2014-07-24 09:46 - 08652800 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Search.dll
2014-09-15 08:43 - 2014-07-24 09:44 - 01057792 _____ (Microsoft Corporation) C:\windows\SysWOW64\printui.dll
2014-09-15 08:43 - 2014-07-24 09:43 - 02696704 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2014-09-15 08:43 - 2014-07-24 09:43 - 00756224 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-09-15 08:43 - 2014-07-24 09:43 - 00200192 _____ (Microsoft Corporation) C:\windows\SysWOW64\DafPrintProvider.dll
2014-09-15 08:43 - 2014-07-24 09:41 - 00459264 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2014-09-15 08:43 - 2014-07-24 09:39 - 02642944 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-09-15 08:43 - 2014-07-24 09:38 - 06649344 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-09-15 08:43 - 2014-07-24 09:38 - 05777408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-09-15 08:43 - 2014-07-24 09:33 - 03360768 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-09-15 08:43 - 2014-07-24 09:30 - 02318336 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-09-15 08:43 - 2014-07-24 09:28 - 01600000 _____ (Microsoft Corporation) C:\windows\system32\workfolderssvc.dll
2014-09-15 08:43 - 2014-07-24 06:11 - 00513544 _____ () C:\windows\SysWOW64\locale.nls
2014-09-15 08:43 - 2014-07-24 06:11 - 00513544 _____ () C:\windows\system32\locale.nls
2014-09-15 08:43 - 2014-07-12 07:55 - 00268288 _____ (Microsoft Corporation) C:\windows\system32\wisp.dll
2014-09-15 08:43 - 2014-07-12 07:23 - 00436224 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2014-09-15 08:43 - 2014-07-12 06:58 - 00210944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wisp.dll
2014-09-15 08:43 - 2014-07-12 06:33 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2014-09-15 08:43 - 2014-07-12 06:13 - 01417216 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-15 08:43 - 2014-07-10 01:19 - 00387391 _____ () C:\windows\system32\ApnDatabase.xml
2014-09-15 08:43 - 2014-07-04 14:59 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ks.sys
2014-09-15 08:43 - 2014-07-04 12:29 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\AppxSip.dll
2014-09-15 08:43 - 2014-07-04 12:20 - 01656832 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2014-09-15 08:43 - 2014-07-04 12:06 - 00095232 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxSip.dll
2014-09-15 08:43 - 2014-07-04 12:00 - 01351168 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2014-09-15 08:43 - 2014-07-04 11:30 - 00544768 _____ (Microsoft Corporation) C:\windows\system32\AppxPackaging.dll
2014-09-15 08:43 - 2014-07-04 11:27 - 00474112 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxPackaging.dll
2014-09-15 08:43 - 2014-06-27 08:22 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-09-15 08:43 - 2014-06-26 02:32 - 01029632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll
2014-09-15 08:43 - 2014-06-26 02:29 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\dab.dll
2014-09-15 08:43 - 2014-06-20 01:37 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-09-15 08:43 - 2014-06-19 04:13 - 00310080 ____C (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-09-15 08:43 - 2014-06-14 08:03 - 02389504 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-15 08:43 - 2014-06-14 07:46 - 02071552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-15 08:43 - 2014-06-07 14:46 - 00216368 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2014-09-15 08:43 - 2014-06-07 12:20 - 00189016 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2014-09-15 08:43 - 2014-06-05 16:00 - 01118040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2014-09-15 08:43 - 2014-06-05 12:18 - 01018368 _____ (Microsoft Corporation) C:\windows\system32\aclui.dll
2014-09-15 08:43 - 2014-06-05 11:42 - 00889856 _____ (Microsoft Corporation) C:\windows\SysWOW64\aclui.dll
2014-09-15 08:43 - 2014-05-31 07:00 - 01463808 _____ (Microsoft Corporation) C:\windows\system32\wsecedit.dll
2014-09-15 08:43 - 2014-05-31 06:18 - 01319936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsecedit.dll
2014-09-15 08:43 - 2014-05-29 08:23 - 00427008 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2014-09-15 08:43 - 2014-05-29 07:25 - 00313856 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2014-09-15 08:43 - 2014-05-29 07:20 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-09-15 08:43 - 2014-05-29 06:36 - 00344576 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-09-15 08:43 - 2014-05-26 09:26 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\AppxSysprep.dll
2014-09-15 08:43 - 2014-05-10 12:12 - 00387896 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2014-09-15 08:43 - 2014-05-10 10:46 - 00335680 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2014-09-15 08:43 - 2014-05-06 06:41 - 00486744 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2014-09-15 08:43 - 2014-05-06 02:55 - 00391000 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2014-09-15 08:43 - 2014-03-25 04:27 - 00160600 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll
2014-09-15 08:43 - 2014-03-25 04:27 - 00123920 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll
2014-09-15 08:43 - 2014-03-25 03:20 - 00128568 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll
2014-09-15 08:43 - 2014-03-25 03:20 - 00127544 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll
2014-09-15 08:37 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\windows\explorer.exe
2014-09-15 08:37 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2014-09-15 08:37 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-09-15 08:37 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-09-15 08:37 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-09-15 08:37 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-09-15 08:37 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\windows\system32\uDWM.dll
2014-09-15 08:37 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-09-15 08:37 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-09-15 08:37 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys
2014-09-15 08:37 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\windows\system32\WSDMon.dll
2014-09-15 08:37 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\windows\system32\tcpmon.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 10:02 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\system32\sru
2014-10-12 10:01 - 2014-04-22 19:56 - 00000432 _____ () C:\windows\BRWMARK.INI
2014-10-12 09:56 - 2014-04-29 09:31 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 09:50 - 2014-04-22 15:38 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{F5291F67-CB16-4602-A1AA-B673A0FBD3F7}
2014-10-12 09:48 - 2014-04-22 15:14 - 00000000 __RDO () C:\Users\Marcel\SkyDrive
2014-10-11 14:58 - 2014-04-22 15:13 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3121602427-3534730855-1075997385-1001
2014-10-11 13:08 - 2014-03-28 08:34 - 01739583 _____ () C:\windows\WindowsUpdate.log
2014-10-11 12:28 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\AppReadiness
2014-10-10 07:37 - 2014-04-22 16:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-10 07:34 - 2014-04-22 16:35 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Google
2014-10-10 01:38 - 2014-04-29 10:05 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\vlc
2014-10-10 00:38 - 2014-04-22 16:42 - 00022391 _____ () C:\windows\Q-Dir.ini
2014-10-10 00:31 - 2014-05-04 19:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-10 00:31 - 2014-03-28 08:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-10 00:17 - 2014-03-28 09:27 - 00932212 _____ () C:\windows\system32\perfh00C.dat
2014-10-10 00:17 - 2014-03-28 09:27 - 00241950 _____ () C:\windows\system32\perfc00C.dat
2014-10-10 00:17 - 2014-03-28 09:24 - 01004934 _____ () C:\windows\system32\perfh007.dat
2014-10-10 00:17 - 2014-03-28 09:24 - 00243912 _____ () C:\windows\system32\perfc007.dat
2014-10-10 00:17 - 2013-10-07 20:27 - 00005870 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-10 00:16 - 2014-03-28 08:43 - 00005872 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-10-10 00:14 - 2014-04-30 12:43 - 00000000 ____D () C:\Users\Marcel\AppData\Local\CrashDumps
2014-10-10 00:12 - 2013-10-07 20:23 - 00150040 _____ () C:\windows\PFRO.log
2014-10-10 00:12 - 2013-08-22 16:46 - 00034421 _____ () C:\windows\setupact.log
2014-10-10 00:12 - 2013-08-22 16:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-10 00:12 - 2013-08-22 15:25 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-10-10 00:11 - 2014-03-28 08:55 - 00008704 _____ () C:\windows\system32\VfService.trf
2014-10-10 00:09 - 2013-08-22 15:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-09 23:59 - 2013-08-22 16:44 - 00499656 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-09 23:58 - 2014-05-07 11:16 - 00000000 ____D () C:\AdwCleaner
2014-10-09 23:43 - 2014-05-07 18:53 - 00000000 ____D () C:\Users\Administrator
2014-10-08 16:42 - 2014-04-22 15:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-05 13:23 - 2014-06-19 14:39 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\SmartDraw
2014-10-03 16:56 - 2014-04-20 09:09 - 00000000 ____D () C:\MADProg
2014-10-03 16:56 - 2014-04-20 09:08 - 00000000 ____D () C:\MADDaten
2014-10-03 11:32 - 2014-04-22 16:42 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Q-Dir
2014-10-02 18:40 - 2014-03-28 08:55 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-10-01 09:43 - 2014-04-22 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-10-01 09:43 - 2014-04-22 16:35 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-10-01 07:58 - 2014-08-30 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-09-30 08:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-26 15:41 - 2014-04-22 15:08 - 00000000 ____D () C:\Users\Marcel
2014-09-26 13:19 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\rescache
2014-09-26 10:26 - 2013-08-22 17:20 - 00000000 ____D () C:\windows\CbsTemp
2014-09-25 17:44 - 2014-04-22 17:41 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Nitro PDF
2014-09-25 13:13 - 2014-03-28 08:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-22 09:07 - 2014-04-22 16:37 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-22 08:42 - 2014-05-04 18:19 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-17 19:14 - 2014-09-06 07:48 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\RHEng
2014-09-17 19:14 - 2014-04-29 14:34 - 00000967 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2014-09-17 19:14 - 2014-04-29 14:34 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2014-09-15 14:46 - 2013-08-22 21:12 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\windows\ToastData
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\WinStore
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\SysWOW64\setup
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\SysWOW64\InputMethod
2014-09-15 14:46 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\system32\setup
2014-09-15 14:46 - 2013-08-22 15:36 - 00000000 ____D () C:\windows\system32\oobe

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Marcel\AppData\Local\Temp\avgnt.exe
C:\Users\Marcel\AppData\Local\Temp\FreemakeVideoDownloader_3.6.4.3.exe
C:\Users\Marcel\AppData\Local\Temp\FreemakeVideoDownloader_3.7.0.1.exe
C:\Users\Marcel\AppData\Local\Temp\i4jdel0.exe
C:\Users\Marcel\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_Screenpresso.exe
C:\Users\Marcel\AppData\Local\Temp\K-Lite_Codec_Pack_Basic.exe
C:\Users\Marcel\AppData\Local\Temp\ms.exe
C:\Users\Marcel\AppData\Local\Temp\msvcr71.dll
C:\Users\Marcel\AppData\Local\Temp\MySwisscomAssistant_Setup.exe
C:\Users\Marcel\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\Marcel\AppData\Local\Temp\optprosetup.exe
C:\Users\Marcel\AppData\Local\Temp\Q-Dir_uninstall.exe
C:\Users\Marcel\AppData\Local\Temp\Quarantine.exe
C:\Users\Marcel\AppData\Local\Temp\safepstbackup_1_00.exe
C:\Users\Marcel\AppData\Local\Temp\SamsungAPInstaller_1412143055024.exe
C:\Users\Marcel\AppData\Local\Temp\ScreenpressoUpd.exe
C:\Users\Marcel\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-05 13:15

==================== End Of Log ============================

--- --- ---

schrauber · 12.10.2014, 22:58

Java updaten. Was hast Du nur für einen Müll auf den externen Platten?

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\extensions

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

sugus666 · 13.10.2014, 07:19

was meinst du mit 'Müll' auf externen Platten...??

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02
Ran by Marcel at 2014-10-13 08:14:11 Run:1
Running from F:\90 Daten Systemordner\Downloads_sys
Loaded Profile: Marcel (Available profiles: Marcel & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\extensions
*****************

C:\extensions => Moved successfully.

==== End of Fixlog ====

schrauber · 13.10.2014, 16:35

Schau doch mal ins ESET LOg. 250 Funde, davon 240 oder so nur auf den externen.

sugus666 · 13.10.2014, 17:20

hallo Schrauber

Nochmals besten Dank für deine Arbeiten.

Was deine Hinweise bezüglich dem 'Schrott' betreffen kann ich nur soviel sagen: Nicht alles was im Scann hängen bleibt muss suspekt sein ... nur weil man es nicht kennt. Beim 'Überfliegen' der Files sind mir sicher 40/50 Treffer aufgefallen, welche meine Finanz-& Reporting-Applikationen...!

Gruss
sugus666

... so z.B.:

Code:

ATTFilter

sh=601143E8287A3F389575923628C350FA60452D45 ft=1 fh=141c647b4a117be5 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RQ53PBH\Madabawi\Avotime32.exe"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RQ53PBH\Madabawi\AVOTIME32_726.ex"
sh=69BE8AA92B40E3DA33C3FD6B825EC16CE4607B16 ft=1 fh=c102d8eb1c1ea776 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RQ53PBH\Madabawi\Rel9\avotime32.exe"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RQ53PBH\Madabawi\Rel9\AVOTIME32_726.ex"
sh=E93540AA8FAEC819EFDA957EEDAD43CCDED26552 ft=1 fh=e7fc1a8e2719cf79 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RQ53PBH\Madabawi\Rel9\orig_avotime32.exe"
sh=FCFBE75F2ECAEA070404497B19EC105A7033F556 ft=1 fh=dcdc497ecf88e96b vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RQ53PBH\Madabawi\Rel9\safes\avotime32.EXE"
sh=FCC82E443011493DF75542548A3363EEA302F673 ft=1 fh=44261ff73ac16540 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-3121602427-3534730855-1075997385-1001\$RQ53PBH\Madabawi\Rel9\safes\avotime32_Standvor23.11.10.exe"
sh=79C67C009EB9B93E2A8914A9E90FF592887D0F43 ft=1 fh=e4ddbcf87943114f vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\AVOPARTNER\Hauser Friourg\Auftraege Projekte\Juli 2011\00_Auftrag 20072011\Rel_8\avotime32.Tapi.exe"
sh=69BE8AA92B40E3DA33C3FD6B825EC16CE4607B16 ft=1 fh=c102d8eb1c1ea776 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\AVOPARTNER\Hauser Friourg\Auftraege Projekte\Juli 2011\00_Auftrag 20072011\Rel_9\avotime32.exe"
sh=65A6D9BE0B51B61073C01CB6C1CECE9787886A5B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\AVOPARTNER\Hauser Friourg\System\neue Version 7.25 oder so\time.zip"
sh=4620A39C78FC88AFE9A4B59C9DF39333C2226DD3 ft=1 fh=bbea886eca1048d4 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\AVOPARTNER\Hauser Friourg\System\neue Version 7.25 oder so\Time\AVOTIME32.exe"
sh=79C67C009EB9B93E2A8914A9E90FF592887D0F43 ft=1 fh=e4ddbcf87943114f vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\Hauser Friourg\Auftraege Projekte\Juli 2011\00_Auftrag 20072011\Rel_8\avotime32.Tapi.exe"
sh=69BE8AA92B40E3DA33C3FD6B825EC16CE4607B16 ft=1 fh=c102d8eb1c1ea776 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\Hauser Friourg\Auftraege Projekte\Juli 2011\00_Auftrag 20072011\Rel_9\avotime32.exe"
sh=65A6D9BE0B51B61073C01CB6C1CECE9787886A5B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\Hauser Friourg\System\neue Version 7.25 oder so\time.zip"
sh=4620A39C78FC88AFE9A4B59C9DF39333C2226DD3 ft=1 fh=bbea886eca1048d4 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\Hauser Friourg\System\neue Version 7.25 oder so\Time\AVOTIME32.exe"
sh=A6F63DBCF4B5F648E23381E85C27C89BF56F1DB8 ft=1 fh=627bc39b1f7abada vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\Raggenbass\Auftraege Projekte\060201 externe Erfassung\neues exe  Raggenbass\avotime32.exe"
sh=B86EF011297DFE532954AE425D5CA244D1B8D5CB ft=1 fh=8c2d85b32feb7f4d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\Kunden\Raggenbass\Auftraege Projekte\060201 externe Erfassung\neues exe  Raggenbass\neues exe für Raggenbass_mit KundenNr\avotime32.exe"
sh=65A6D9BE0B51B61073C01CB6C1CECE9787886A5B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\System\7.26\time.zip"
sh=4620A39C78FC88AFE9A4B59C9DF39333C2226DD3 ft=1 fh=bbea886eca1048d4 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\System\7.26\Time\AVOTIME32.exe"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\System\7.26\von ar 22.8.04\AVOTIME32.exe"
sh=6C65CD7ABA825F85874E7F105AD54E43B30A476B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\System\Readme\prog.txt"
sh=6C65CD7ABA825F85874E7F105AD54E43B30A476B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\01 Meierhofer & Cie\01 Partner\02 ICP\EX\System\Readme\prog.txt.tmp"
sh=3021509CE0A13F0DA538EE734CE8547B8273C592 ft=1 fh=0f387936d6bc3fb3 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\02 bsX GmbH\000 Administration\91 MAD Pelosi\MADProg\Madabawi\Rel8\avotime32.exe"
sh=6C65CD7ABA825F85874E7F105AD54E43B30A476B ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\02 bsX GmbH\030 Partner\101 Infocall Produkte AG\005 System, Programm, Beschreibungen\02 Beschreibungen, Handbuch\Readme\prog.txt"
sh=A1DE82CF286B3E300B7B02F5F19A1CA80E94E98C ft=1 fh=a028633e8ac5b40d vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\07  - Delta zu CD\AVOTIME32.exe"
sh=FCC82E443011493DF75542548A3363EEA302F673 ft=1 fh=44261ff73ac16540 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\08\20.10.06\avotime32.exe"
sh=3AA87D49F33985FB74F542BF5BB990A8D4C04FBB ft=1 fh=1ed567147236dc4f vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\08\Rel8  - Programmfile copy_in_ p_madabawi\avotime32.exe"
sh=00588AD456DEB073DAA084EEECC377E1B2AF574D ft=1 fh=862acd7ad51b12d4 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\08\Rel8  - Programmfile copy_in_ p_madabawi\nicht installiert-kopiert\avotime32.Tapi.exe"
sh=79C67C009EB9B93E2A8914A9E90FF592887D0F43 ft=1 fh=e4ddbcf87943114f vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\08\Rel8.5\avotime32.Tapi.exe"
sh=FF73A21166008085F7730687A0E3682F53F1A5D4 ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\08\Release 8.x inkl. Office2007\avotime32.zip"
sh=69BE8AA92B40E3DA33C3FD6B825EC16CE4607B16 ft=1 fh=c102d8eb1c1ea776 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\09\Rel9 - aktuell\avotime32.exe"
sh=FCFBE75F2ECAEA070404497B19EC105A7033F556 ft=1 fh=dcdc497ecf88e96b vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\09\Rel9 - aktuell\Dezember 2010\avotime32.EXE"
sh=AEB135A42EEF43C462FC9D704A0DDC229CFC05BE ft=1 fh=7e62fb5fb48df9ae vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\09\Rel9_Vista\avotime32.exe"
sh=D3E0FEE4F22AE283794C476AD9932CBFD37FAFAE ft=0 fh=0000000000000000 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\09\Rel9_Vista\Rel 9 time_bill vista.zip"
sh=3ACD10BD0AED45A8788E9B6B25EB1029A49A8CDC ft=1 fh=1cc59a8c9c8251ed vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\09\Rel9_XP\avotime32.Word2000.Tapi.OutlSeq.R9.exe"
sh=88EC14393CBB5682ED4C419DA51F691A18D27AA8 ft=1 fh=f88a4a1aea63fc96 vn="möglicherweise unbekannter Virus NewHeur_PE Virus" ac=I fn="E:\Data\10 Business\40 Madaba Technik\01 Releases\09\Rel9_XP\avotime32.Word2000.Tapi.R9.exe"

13.10.2014, 16:35	#14
schrauber /// the machine /// TB-Ausbilder	Bluescren - Polizeiwarnung - Ultrabook startet nur noch bis Lenovo-Symbol Schau doch mal ins ESET LOg. 250 Funde, davon 240 oder so nur auf den externen. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Bluescren - Polizeiwarnung - Ultrabook startet nur noch bis Lenovo-Symbol

Plagegeister aller Art und deren Bekämpfung: Bluescren - Polizeiwarnung - Ultrabook startet nur noch bis Lenovo-Symbol