Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Window 8.1, Virus "PUP.Otional.Sanbreel.A"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.07.2014, 19:48   #1
Otto II
 
Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



Hallo zusammen,
ich habe seit einigen Tagen folgendes Problem
Mein Program Maiwarebytes erkennt folgende Trojaner
- Pup.Optional.Sanbreel.A
- Pup.Optional.HomeTab.A
Ich kann die Plagegeister in Quarantäne schicken, aber am nächsten Tag sind Die wieder da.
Daher meine Frage, könnt ihr mir helfen die Viren entgültig zu löschen.
Mein System Window 8.1
Ergebnis von Maiware habe ich angehängt
Ich werde derweil die Anleitung befolgen und die entspr. Programme installieren,
damit ich die Inhalte/ Suchergebnisse posten kann
Ich bedanke mich im vorraus und verbleibe mit freundlichen Grüßen
Angehängte Dateien
Dateityp: txt Ergebnis Mailwarebytes_22-07-14.txt (1,5 KB, 128x aufgerufen)

Alt 22.07.2014, 19:51   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 22.07.2014, 20:54   #3
Otto II
 
Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by chalu_000 (ATTENTION: The logged in user is not administrator) on BODOLA on 22-07-2014 21:04:27
Running from C:\Users\chalu_000\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILGE.EXE
(Alexander Miehlke Softwareentwicklung) C:\Program Files (x86)\TraXEx\TraXEx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Farbar) C:\Users\chalu_000\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-05] (IvoSoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [461176 2014-02-22] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000001] => "C:\WINDOWS\is-HLGNH.exe" /REG /REGSVRMODE
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" 
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2358064 2014-04-29] (Samsung Electronics CO., LTD.)
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILGE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\MountPoints2: {e6a1c99b-fa17-11e3-becf-c48508d5caf9} - "F:\AutoRun.exe" 
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-11-11] (NVIDIA Corporation)
AppInit_DLLs: , C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [157504 2014-02-22] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\\AmazonExtIE.dll [141120 2014-02-22] (Amazon Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 4.0.lnk
ShortcutTarget: TraXEx 4.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 6.0.lnk
ShortcutTarget: TraXEx 6.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
URLSearchHook: HKLM-x32 - (No Name) - {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} - No File
SearchScopes: HKLM - {4F372D31-F1E2-3862-3002-058E235F0208} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0DyD0C0A0FyCtD0AtByEtN0D0Tzu0CyCyDzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2Z2Y1N2Y1H1B1Q&cr=1025090899&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO-x32: No Name -> {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} ->  No File
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default\Extensions\toolbar@web.de [2014-07-13]
FF Extension: DownloadHelper - C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-07-13]
FF Extension: Adblock Plus - C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-13]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-10-19]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-19] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [372224 2014-07-13] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55120 2012-11-01] (Condusiv Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-07-20] (IObit)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-13] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-07-13] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
S2 Util webporpoise; "C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [28496 2012-11-01] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104272 2012-11-01] (Condusiv Technologies)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-12-19] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-19] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [52128 2013-11-27] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3346912 2013-10-31] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R1 RrNetCapFilterDriver; C:\Windows\system32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-14] (Audials AG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-09-24] (Windows (R) 2003 DDK 3790 provider)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R1 {572f484b-455f-44b0-9d6a-da3ad2071365}Gw64; C:\Windows\System32\drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}Gw64.sys [61120 2014-06-05] (StdLib)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
S3 SBIOSIO; \??\C:\Users\Bodo\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]
S3 XHCIPort; \SystemRoot\System32\drivers\XHCIPort.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-22 21:03 - 2014-07-22 21:04 - 02090496 _____ (Farbar) C:\Users\chalu_000\Desktop\FRST64(1).exe
2014-07-22 20:43 - 2014-07-22 20:43 - 00001570 _____ () C:\Users\chalu_000\Desktop\Ergebnis Mailwarebytes_22-07-14.txt
2014-07-22 19:43 - 2014-07-22 19:43 - 00000000 ___SH () C:\DkHyperbootSync
2014-07-22 18:37 - 2014-07-22 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 19:46 - 2014-07-22 20:46 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-20 19:46 - 2014-07-22 20:46 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-20 19:46 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BLGE.DLL
2014-07-20 19:46 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2014-07-20 19:34 - 2013-09-12 05:22 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMBLGE.DLL
2014-07-20 17:54 - 2014-07-20 17:54 - 00019574 _____ () C:\Users\chalu_000\Desktop\Addition.txt
2014-07-20 17:52 - 2014-07-22 21:04 - 00023456 _____ () C:\Users\chalu_000\Desktop\FRST.txt
2014-07-20 17:52 - 2014-07-22 21:04 - 00000000 ____D () C:\FRST
2014-07-20 17:48 - 2014-07-20 17:48 - 02089984 _____ (Farbar) C:\Users\chalu_000\Desktop\FRST64.exe
2014-07-20 17:29 - 2014-07-20 17:29 - 01354223 _____ () C:\Users\chalu_000\Desktop\adwcleaner_3.216.exe
2014-07-20 17:28 - 2014-07-20 17:28 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\IObit
2014-07-20 16:52 - 2014-07-20 16:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ProductData
2014-07-20 16:51 - 2014-07-20 16:53 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-20 16:51 - 2014-07-20 16:52 - 00000000 ____D () C:\ProgramData\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00001244 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-07-20 16:51 - 2014-07-20 16:51 - 00000290 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-20 16:37 - 2014-07-20 16:37 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\chalu_000\Desktop\WiNIOgOn64.exe
2014-07-20 14:07 - 2014-07-20 18:38 - 981652488 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-20 14:01 - 2014-07-20 14:01 - 00000000 ____D () C:\Program Files\EpsonNet
2014-07-20 14:01 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppui.dll
2014-07-20 14:01 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppui.dll
2014-07-20 14:01 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppmon.dll
2014-07-20 14:01 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppmon.dll
2014-07-20 14:01 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enspres.dll
2014-07-20 14:01 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enpres.dll
2014-07-20 14:00 - 2014-07-20 19:46 - 00000946 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-20 14:00 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2014-07-20 14:00 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2014-07-20 13:52 - 2014-07-20 13:52 - 06486416 _____ (SEIKO EPSON CORPORATION) C:\Users\chalu_000\Desktop\epson377970eu.EXE
2014-07-20 13:06 - 2014-07-20 13:06 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-20 13:06 - 2014-07-20 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 13:05 - 2014-07-20 13:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 13:05 - 2014-07-20 13:06 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 13:05 - 2014-07-20 13:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-20 13:05 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 13:04 - 2014-07-20 13:04 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-07-20 13:03 - 2014-07-20 13:03 - 00706560 _____ () C:\WINDOWS\is-HLGNH.exe
2014-07-20 13:03 - 2014-07-20 13:03 - 00013815 _____ () C:\WINDOWS\is-HLGNH.msg
2014-07-20 13:03 - 2014-07-20 13:03 - 00000358 _____ () C:\WINDOWS\is-HLGNH.lst
2014-07-20 13:03 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2014-07-20 13:01 - 2014-07-20 13:01 - 27843432 _____ (pdfforge ) C:\Users\Bodo\Downloads\PDFCreator-1_7_3_setup.exe
2014-07-20 13:00 - 2014-07-22 20:07 - 00246760 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-20 13:00 - 2014-07-20 13:00 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apple
2014-07-20 12:53 - 2014-07-21 21:26 - 00008114 _____ () C:\WINDOWS\PFRO.log
2014-07-20 12:53 - 2014-07-20 12:53 - 00377240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-20 12:26 - 2014-07-20 12:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\PDF24
2014-07-14 19:54 - 2014-07-14 19:54 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\HpUpdate
2014-07-13 14:01 - 2014-07-13 14:05 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Deployment
2014-07-13 14:01 - 2014-07-13 14:01 - 00000346 _____ () C:\Users\chalu_000\Desktop\Zattoo Live TV.appref-ms
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Zattoo
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apps\2.0
2014-07-13 13:48 - 2014-07-13 13:48 - 00488160 _____ () C:\Users\chalu_000\Zattoo-5.0.1.exe
2014-07-13 13:39 - 2014-07-13 13:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\chalu_000\Zattoo - CHIP-Installer.exe
2014-07-13 13:31 - 2014-07-13 13:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\DivX
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ManyCam
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\ManyCam
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\system32\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\inetpub
2014-07-12 20:11 - 2014-07-12 20:11 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Samsung
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\vlc
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\RapidSolution
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\CrashRpt
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Macromedia
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Macromedia
2014-07-12 18:24 - 2014-07-12 18:25 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\MGTEK
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieUserList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieSiteList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Adobe
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Epson
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 _____ () C:\Users\chalu_000\Sti_Trace.log
2014-07-12 18:15 - 2014-07-12 18:15 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215(1).exe
2014-07-12 18:13 - 2014-07-12 18:13 - 00000000 ____D () C:\ProgramData\UDL
2014-07-12 18:07 - 2014-07-12 18:07 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-12 17:52 - 2014-07-12 17:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Intel_Corporation
2014-07-12 17:46 - 2014-07-22 19:30 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ClassicShell
2014-07-12 17:46 - 2014-07-12 17:46 - 00000000 _____ () C:\Users\chalu_000\agent.log
2014-07-12 17:43 - 2014-07-22 17:31 - 00000000 ____D () C:\Users\chalu_000\OneDrive
2014-07-12 17:37 - 2014-07-12 17:37 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel Corporation
2014-07-12 17:36 - 2014-07-12 17:36 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Synaptics
2014-07-12 17:35 - 2014-07-12 17:35 - 00002374 _____ () C:\Users\chalu_000\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-12 17:31 - 2014-07-13 18:05 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Packages
2014-07-12 17:31 - 2014-07-12 18:20 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Adobe
2014-07-12 17:31 - 2014-07-12 17:31 - 00001450 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-12 17:31 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\VirtualStore
2014-07-12 17:30 - 2014-07-20 19:16 - 00000000 ____D () C:\Users\chalu_000
2014-07-12 17:30 - 2014-07-12 17:30 - 00000020 ___SH () C:\Users\chalu_000\ntuser.ini
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Vorlagen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Startmenü
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Netzwerkumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Lokale Einstellungen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Eigene Dateien
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Druckumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Verlauf
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel
2014-07-12 17:30 - 2014-07-11 20:14 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 17:30 - 2014-06-12 08:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Garmin
2014-07-12 17:30 - 2014-05-15 23:50 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-12 17:30 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-12 17:30 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-12 17:30 - 2013-11-28 22:23 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Microsoft Help
2014-07-12 17:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-12 17:30 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-12 17:22 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-12 17:22 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-12 17:22 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-12 17:22 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-12 17:22 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-12 17:22 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-12 17:22 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-12 17:22 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-12 17:22 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-12 17:22 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-07-12 17:22 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-12 17:22 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-12 17:22 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-12 17:22 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-12 17:22 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-12 17:22 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-12 17:22 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-12 17:22 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-12 17:22 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-12 17:22 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-12 17:22 - 2014-05-15 00:47 - 04720640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-12 17:22 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-07-12 17:22 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-07-12 17:22 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-07-12 17:22 - 2014-05-13 06:27 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-12 17:22 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-07-12 17:22 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-07-12 17:22 - 2014-05-13 05:41 - 01118720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-12 17:22 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-07-12 17:22 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-07-12 17:22 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-07-12 17:22 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-07-12 17:22 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-07-12 17:22 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-07-12 17:22 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-07-12 17:22 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-07-12 17:22 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-07-12 17:22 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-07-12 17:22 - 2014-05-03 05:30 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-07-12 17:22 - 2014-05-03 05:27 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-07-12 17:22 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-07-12 17:22 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-07-12 17:22 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-07-12 17:22 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-07-12 17:22 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-07-12 17:22 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-07-12 17:22 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-07-12 17:22 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-07-12 17:22 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-07-12 17:22 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-07-12 17:22 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-07-12 17:22 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-07-12 17:22 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-07-12 17:22 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-07-12 17:22 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-07-12 17:22 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-07-12 17:22 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-07-12 17:22 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-07-12 17:22 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-07-12 17:22 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-07-12 17:22 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-07-12 17:22 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-07-12 17:22 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-07-12 17:22 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-07-12 17:22 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-07-12 17:22 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-07-12 17:22 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-07-12 17:22 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-07-12 17:19 - 2014-07-12 17:19 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215.exe
2014-07-12 15:46 - 2014-07-12 15:46 - 03570024 _____ () C:\Users\Bodo\Downloads\EpsonConnect1_2_0.exe
2014-07-12 14:50 - 2014-07-12 14:51 - 00000000 ____D () C:\Users\Bodo\Downloads\hotfix
2014-07-12 14:49 - 2012-11-30 10:09 - 00194952 _____ () C:\Users\Bodo\Downloads\Windows8-RT-KB2789962-x64.msu
2014-07-12 14:48 - 2014-07-12 14:48 - 00319792 _____ () C:\Users\Bodo\Downloads\456121_intl_x64_zip.exe
2014-07-12 14:15 - 2014-07-20 18:38 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-12 13:57 - 2014-07-20 19:47 - 00001278 _____ () C:\Users\Public\Desktop\Epson-Handbücher.lnk
2014-07-12 13:57 - 2014-07-20 19:47 - 00000123 _____ () C:\Users\Public\Desktop\Epson Connect Site.url
2014-07-12 13:57 - 2014-07-20 14:07 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-07-12 13:57 - 2014-07-20 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-12 13:57 - 2014-07-20 14:00 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-12 13:57 - 2014-07-20 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-07-12 13:54 - 2014-07-20 13:44 - 00000000 ____D () C:\ProgramData\Epson
2014-07-12 13:14 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-12 13:12 - 2014-07-12 13:12 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 12:55 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-12 12:55 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-12 12:55 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-12 07:28 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-12 07:28 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-11 20:00 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-11 20:00 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-11 20:00 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-11 20:00 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-11 20:00 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-11 20:00 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-11 20:00 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-11 20:00 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-11 20:00 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-11 20:00 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-11 20:00 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-11 20:00 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-11 20:00 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-11 20:00 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-11 20:00 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-11 20:00 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-11 20:00 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-11 20:00 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-11 20:00 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-11 20:00 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-11 20:00 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-11 20:00 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-11 20:00 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-11 20:00 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-11 20:00 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-11 20:00 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-11 20:00 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-11 20:00 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-11 20:00 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-11 20:00 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-11 20:00 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-11 20:00 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-11 20:00 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-11 20:00 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-11 20:00 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-11 20:00 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-11 20:00 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-11 19:58 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-11 19:58 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-11 19:58 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-11 19:58 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-11 19:58 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-11 19:58 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-11 19:58 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 19:58 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-11 19:58 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-11 19:58 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 19:58 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-11 19:58 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-11 19:58 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-11 19:58 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-11 19:58 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-11 19:58 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-11 19:58 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-11 17:29 - 2014-07-11 17:29 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-29 17:40 - 2014-06-29 17:40 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Zattoo
2014-06-27 16:13 - 2014-06-27 16:13 - 01063312 _____ () C:\Users\Bodo\Downloads\HP-Photosmart-Premium-Fax-C309a-Treiber-lnstall.exe
2014-06-22 13:17 - 2014-06-22 13:18 - 00000000 ____D () C:\Users\Bodo\Downloads\Schützenfest

==================== One Month Modified Files and Folders =======

2014-07-22 21:04 - 2014-07-22 21:03 - 02090496 _____ (Farbar) C:\Users\chalu_000\Desktop\FRST64(1).exe
2014-07-22 21:04 - 2014-07-20 17:52 - 00023456 _____ () C:\Users\chalu_000\Desktop\FRST.txt
2014-07-22 21:04 - 2014-07-20 17:52 - 00000000 ____D () C:\FRST
2014-07-22 21:04 - 2013-10-19 20:31 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-22 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-22 20:46 - 2014-07-20 19:46 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-22 20:46 - 2014-07-20 19:46 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-22 20:43 - 2014-07-22 20:43 - 00001570 _____ () C:\Users\chalu_000\Desktop\Ergebnis Mailwarebytes_22-07-14.txt
2014-07-22 20:37 - 2013-10-19 16:44 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-22 20:37 - 2012-09-10 10:37 - 00000360 _____ () C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2014-07-22 20:18 - 2013-10-24 19:40 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002UA.job
2014-07-22 20:07 - 2014-07-20 13:00 - 00246760 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-22 19:43 - 2014-07-22 19:43 - 00000000 ___SH () C:\DkHyperbootSync
2014-07-22 19:32 - 2013-10-19 15:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-22 19:30 - 2014-07-12 17:46 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ClassicShell
2014-07-22 18:37 - 2014-07-22 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 18:18 - 2013-10-24 19:40 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002Core.job
2014-07-22 17:31 - 2014-07-12 17:43 - 00000000 ____D () C:\Users\chalu_000\OneDrive
2014-07-22 17:30 - 2014-01-12 14:44 - 00000472 ____H () C:\WINDOWS\Tasks\GS.Enabler-S-926685765.job
2014-07-22 17:30 - 2013-10-19 20:31 - 00001116 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-22 17:30 - 2013-10-19 17:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-21 21:27 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-21 21:26 - 2014-07-20 12:53 - 00008114 _____ () C:\WINDOWS\PFRO.log
2014-07-20 19:47 - 2014-07-12 13:57 - 00001278 _____ () C:\Users\Public\Desktop\Epson-Handbücher.lnk
2014-07-20 19:47 - 2014-07-12 13:57 - 00000123 _____ () C:\Users\Public\Desktop\Epson Connect Site.url
2014-07-20 19:46 - 2014-07-20 14:00 - 00000946 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-20 19:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-07-20 19:29 - 2013-11-28 22:18 - 00000000 ____D () C:\Users\Bodo
2014-07-20 19:16 - 2014-07-12 17:30 - 00000000 ____D () C:\Users\chalu_000
2014-07-20 18:38 - 2014-07-20 14:07 - 981652488 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-20 18:38 - 2014-07-12 14:15 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-20 17:54 - 2014-07-20 17:54 - 00019574 _____ () C:\Users\chalu_000\Desktop\Addition.txt
2014-07-20 17:48 - 2014-07-20 17:48 - 02089984 _____ (Farbar) C:\Users\chalu_000\Desktop\FRST64.exe
2014-07-20 17:31 - 2013-10-24 20:52 - 00000000 ____D () C:\AdwCleaner
2014-07-20 17:29 - 2014-07-20 17:29 - 01354223 _____ () C:\Users\chalu_000\Desktop\adwcleaner_3.216.exe
2014-07-20 17:28 - 2014-07-20 17:28 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\IObit
2014-07-20 16:53 - 2014-07-20 16:51 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-20 16:52 - 2014-07-20 16:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ProductData
2014-07-20 16:52 - 2014-07-20 16:51 - 00000000 ____D () C:\ProgramData\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00001244 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-07-20 16:51 - 2014-07-20 16:51 - 00000290 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-20 16:37 - 2014-07-20 16:37 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\chalu_000\Desktop\WiNIOgOn64.exe
2014-07-20 14:07 - 2014-07-12 13:57 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-07-20 14:01 - 2014-07-20 14:01 - 00000000 ____D () C:\Program Files\EpsonNet
2014-07-20 14:01 - 2012-09-10 10:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-20 14:00 - 2014-07-12 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-20 14:00 - 2014-07-12 13:57 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-20 13:52 - 2014-07-20 13:52 - 06486416 _____ (SEIKO EPSON CORPORATION) C:\Users\chalu_000\Desktop\epson377970eu.EXE
2014-07-20 13:44 - 2014-07-12 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-07-20 13:44 - 2014-07-12 13:54 - 00000000 ____D () C:\ProgramData\Epson
2014-07-20 13:06 - 2014-07-20 13:06 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-20 13:06 - 2014-07-20 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 13:06 - 2014-07-20 13:05 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 13:06 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 13:06 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-20 13:05 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 13:04 - 2014-07-20 13:04 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-07-20 13:04 - 2014-03-23 18:13 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-07-20 13:03 - 2014-07-20 13:03 - 00706560 _____ () C:\WINDOWS\is-HLGNH.exe
2014-07-20 13:03 - 2014-07-20 13:03 - 00013815 _____ () C:\WINDOWS\is-HLGNH.msg
2014-07-20 13:03 - 2014-07-20 13:03 - 00000358 _____ () C:\WINDOWS\is-HLGNH.lst
2014-07-20 13:03 - 2014-03-23 18:13 - 00001043 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-07-20 13:03 - 2014-03-23 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-07-20 13:01 - 2014-07-20 13:01 - 27843432 _____ (pdfforge ) C:\Users\Bodo\Downloads\PDFCreator-1_7_3_setup.exe
2014-07-20 13:00 - 2014-07-20 13:00 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apple
2014-07-20 12:53 - 2014-07-20 12:53 - 00377240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-20 12:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-20 12:26 - 2014-07-20 12:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\PDF24
2014-07-14 19:54 - 2014-07-14 19:54 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\HpUpdate
2014-07-13 18:05 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Packages
2014-07-13 14:05 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Deployment
2014-07-13 14:01 - 2014-07-13 14:01 - 00000346 _____ () C:\Users\chalu_000\Desktop\Zattoo Live TV.appref-ms
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Zattoo
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apps\2.0
2014-07-13 13:58 - 2013-10-19 14:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-13 13:48 - 2014-07-13 13:48 - 00488160 _____ () C:\Users\chalu_000\Zattoo-5.0.1.exe
2014-07-13 13:39 - 2014-07-13 13:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\chalu_000\Zattoo - CHIP-Installer.exe
2014-07-13 13:31 - 2014-07-13 13:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\DivX
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ManyCam
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\ManyCam
2014-07-13 12:28 - 2013-09-30 06:14 - 01860582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-13 12:28 - 2013-09-30 05:56 - 00801220 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-13 12:28 - 2013-09-30 05:56 - 00168920 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-13 08:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\system32\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\inetpub
2014-07-13 08:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv
2014-07-13 08:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-07-13 08:05 - 2014-06-11 16:31 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2014-07-13 08:05 - 2014-06-11 16:31 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2014-07-13 08:05 - 2014-06-11 16:31 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2014-07-12 20:29 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-12 20:20 - 2013-10-19 21:15 - 00015757 _____ () C:\ProgramData\hpzinstall.log
2014-07-12 20:19 - 2013-10-19 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-12 20:18 - 2013-10-19 21:16 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-12 20:18 - 2013-10-19 21:15 - 00000000 ____D () C:\ProgramData\HP
2014-07-12 20:11 - 2014-07-12 20:11 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Samsung
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\vlc
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\RapidSolution
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\CrashRpt
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Macromedia
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Macromedia
2014-07-12 18:25 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\MGTEK
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieUserList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieSiteList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Adobe
2014-07-12 18:20 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Adobe
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Epson
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 _____ () C:\Users\chalu_000\Sti_Trace.log
2014-07-12 18:15 - 2014-07-12 18:15 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215(1).exe
2014-07-12 18:13 - 2014-07-12 18:13 - 00000000 ____D () C:\ProgramData\UDL
2014-07-12 18:07 - 2014-07-12 18:07 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-12 17:52 - 2014-07-12 17:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Intel_Corporation
2014-07-12 17:46 - 2014-07-12 17:46 - 00000000 _____ () C:\Users\chalu_000\agent.log
2014-07-12 17:37 - 2014-07-12 17:37 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel Corporation
2014-07-12 17:36 - 2014-07-12 17:36 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Synaptics
2014-07-12 17:35 - 2014-07-12 17:35 - 00002374 _____ () C:\Users\chalu_000\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-12 17:31 - 2014-07-12 17:31 - 00001450 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-12 17:31 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\VirtualStore
2014-07-12 17:30 - 2014-07-12 17:30 - 00000020 ___SH () C:\Users\chalu_000\ntuser.ini
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Vorlagen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Startmenü
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Netzwerkumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Lokale Einstellungen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Eigene Dateien
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Druckumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Verlauf
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel
2014-07-12 17:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-07-12 17:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-07-12 17:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-07-12 17:21 - 2014-04-16 17:14 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-07-12 17:19 - 2014-07-12 17:19 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215.exe
2014-07-12 17:19 - 2014-06-11 16:33 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-12 17:17 - 2014-04-16 19:20 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\ClassicShell
2014-07-12 16:41 - 2014-04-16 18:28 - 00000000 __RDO () C:\Users\Bodo\OneDrive
2014-07-12 16:25 - 2012-09-10 10:44 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-12 15:46 - 2014-07-12 15:46 - 03570024 _____ () C:\Users\Bodo\Downloads\EpsonConnect1_2_0.exe
2014-07-12 15:23 - 2013-10-24 17:19 - 00001962 _____ () C:\Users\Public\Desktop\SW Update.lnk
2014-07-12 15:23 - 2012-09-10 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-07-12 14:51 - 2014-07-12 14:50 - 00000000 ____D () C:\Users\Bodo\Downloads\hotfix
2014-07-12 14:48 - 2014-07-12 14:48 - 00319792 _____ () C:\Users\Bodo\Downloads\456121_intl_x64_zip.exe
2014-07-12 13:17 - 2013-10-21 22:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-12 13:14 - 2013-10-25 06:54 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-12 13:12 - 2014-07-12 13:12 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-11 20:14 - 2014-07-12 17:30 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 20:14 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-11 17:29 - 2014-07-11 17:29 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-07 19:48 - 2014-05-01 19:54 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 19:34 - 2014-02-19 00:10 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\vlc
2014-07-07 19:25 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2014-07-07 19:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-01 00:45 - 2014-07-12 12:55 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-29 17:40 - 2014-06-29 17:40 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Zattoo
2014-06-28 09:48 - 2014-07-12 12:55 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 09:07 - 2014-07-12 12:55 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-27 16:41 - 2013-10-19 21:15 - 00249554 _____ () C:\WINDOWS\hpoins35.dat
2014-06-27 16:36 - 2012-07-26 07:26 - 00000127 _____ () C:\WINDOWS\win.ini
2014-06-27 16:26 - 2013-12-22 19:38 - 315085552 _____ () C:\Users\Bodo\Downloads\PS_AIO_05_C309a_Net_Full_Win_WW_140_408(1).exe
2014-06-27 16:13 - 2014-06-27 16:13 - 01063312 _____ () C:\Users\Bodo\Downloads\HP-Photosmart-Premium-Fax-C309a-Treiber-lnstall.exe
2014-06-26 22:55 - 2014-07-12 07:28 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2014-07-12 07:28 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-22 13:18 - 2014-06-22 13:17 - 00000000 ____D () C:\Users\Bodo\Downloads\Schützenfest

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\chalu_000\Zattoo - CHIP-Installer.exe
C:\Users\chalu_000\Zattoo-5.0.1.exe
C:\Users\EasySurvey\EasySurvey.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by chalu_000 at 2014-07-20 17:54:41
Running from C:\Users\chalu_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adblock IE 2.3 (HKLM\...\{58161756-037B-42CD-B575-AF804A2F0F47}) (Version: 2.3.1756 - MGTEK)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon 1Button App (x32 Version: 1.0.6 - Amazon) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Audials (HKLM-x32\...\{DA6EBFC9-8869-4B61-8D38-2668A395C5B0}) (Version: 11.0.54400.0 - Audials AG)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Classic Shell (HKLM\...\{023F92C9-AB10-4C54-BF09-C550AEC37917}) (Version: 4.0.6 - IvoSoft)
Elevated Installer (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Garmin Express (HKLM-x32\...\{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}) (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
IntelliMemory (HKLM\...\{E93403C5-8A91-4940-89DB-EED69DA6E82E}) (Version: 1.0.30.0 - Condusiv Technologies)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
NVIDIA Grafiktreiber 327.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.68 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.68 (Version: 327.68 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.10 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Schoener Fernsehen 0.0.0.1 (HKLM-x32\...\Schoener Fernsehen) (Version: 0.0.0.1 - © schoener-fernsehen.com)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Zattoo Live TV (HKCU\...\6d7aa3e3bf931c56) (Version: 1.0.0.44 - Zattoo Europa AG)

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002Core.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002UA.job => ?
Task: C:\WINDOWS\Tasks\GS.Enabler-S-926685765.job => ? <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => ?
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => ?
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => ?

==================== Loaded Modules (whitelisted) =============

2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-15 02:48 - 2013-11-15 02:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\Users\chalu_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: AudialsNotifier => C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: Google Update => "C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ManyCam => "C:/Program Files (x86)/ManyCam/ManyCam.exe" --silent
MSCONFIG\startupreg: OMESupervisor => C:\Users\Bodo\AppData\Local\omesuperv.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2014 05:32:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/20/2014 05:21:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.7.0.0, Zeitstempel: 0x528d63f1
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.7.0.0, Zeitstempel: 0x528d62f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0xf28
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5

Error: (07/20/2014 03:41:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.7.0.0, Zeitstempel: 0x528d63f1
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.7.0.0, Zeitstempel: 0x528d62f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0xbbc
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5

Error: (07/20/2014 02:43:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm InstallNavi.exe, Version 8.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 528

Startzeit: 01cfa415d7e375aa

Endzeit: 9

Anwendungspfad: C:\Users\CHALU_~1\AppData\Local\Temp\WebIns\WebIns_XP-212_213_EA_V10\InstallNavi.exe

Berichts-ID: 7491c1d1-100b-11e4-bee2-c48508d5caf9

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/20/2014 02:26:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.7.0.0, Zeitstempel: 0x528d63f1
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.7.0.0, Zeitstempel: 0x528d62f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0xea4
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5

Error: (07/20/2014 02:11:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.7.0.0, Zeitstempel: 0x528d63f1
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.7.0.0, Zeitstempel: 0x528d62f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0xdac
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5

Error: (07/20/2014 07:54:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34051360

Error: (07/20/2014 07:54:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34051360

Error: (07/20/2014 07:54:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/19/2014 05:41:46 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.


System errors:
=============
Error: (07/20/2014 05:32:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/20/2014 05:21:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/20/2014 05:20:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/20/2014 05:20:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/20/2014 05:20:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.

Error: (07/20/2014 05:19:03 PM) (Source: DCOM) (EventID: 10010) (User: BODOLA)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (07/20/2014 04:28:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/20/2014 04:10:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/20/2014 04:09:57 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000133 (0x0000000000000001, 0x0000000000001e00, 0x0000000000000000, 0x0000000000000000)C:\WINDOWS\MEMORY.DMP072014-24890-01

Error: (07/20/2014 04:09:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎07.‎2014 um 16:01:11 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 8079.37 MB
Available physical RAM: 4475.83 MB
Total Pagefile: 16271.38 MB
Available Pagefile: 13140.99 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:904.12 GB) (Free:828.71 GB) NTFS
Drive d: (LW D Daten) (Fixed) (Total:931.51 GB) (Free:829.99 GB) NTFS
Drive g: (BODO 1GHZ) (Removable) (Total:0.97 GB) (Free:0.52 GB) FAT

==================== MBR & Partition Table ==================

==================== End Of Log ============================[/CODE]

[CODE][Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by chalu_000 at 2014-07-22 21:47:31
Running from C:\Users\chalu_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adblock IE 2.3 (HKLM\...\{58161756-037B-42CD-B575-AF804A2F0F47}) (Version: 2.3.1756 - MGTEK)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon 1Button App (x32 Version: 1.0.6 - Amazon) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Audials (HKLM-x32\...\{DA6EBFC9-8869-4B61-8D38-2668A395C5B0}) (Version: 11.0.54400.0 - Audials AG)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Classic Shell (HKLM\...\{023F92C9-AB10-4C54-BF09-C550AEC37917}) (Version: 4.0.6 - IvoSoft)
Elevated Installer (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version: - SEIKO EPSON Corporation)
Epson-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Garmin Express (HKLM-x32\...\{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}) (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
IntelliMemory (HKLM\...\{E93403C5-8A91-4940-89DB-EED69DA6E82E}) (Version: 1.0.30.0 - Condusiv Technologies)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
NVIDIA Grafiktreiber 327.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.68 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.68 (Version: 327.68 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.10 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Schoener Fernsehen 0.0.0.1 (HKLM-x32\...\Schoener Fernsehen) (Version: 0.0.0.1 - © schoener-fernsehen.com)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Zattoo Live TV (HKCU\...\6d7aa3e3bf931c56) (Version: 1.0.0.44 - Zattoo Europa AG)

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job => ?
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002Core.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002UA.job => ?
Task: C:\WINDOWS\Tasks\GS.Enabler-S-926685765.job => ? <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => ?
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => ?
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => ?

==================== Loaded Modules (whitelisted) =============

2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-15 02:48 - 2013-11-15 02:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\Users\chalu_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: AudialsNotifier => C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: Google Update => "C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ManyCam => "C:/Program Files (x86)/ManyCam/ManyCam.exe" --silent
MSCONFIG\startupreg: OMESupervisor => C:\Users\Bodo\AppData\Local\omesuperv.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2014 06:25:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BODOLA)
Description: Bei der Aktivierung der App „Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/20/2014 05:32:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/20/2014 05:21:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.7.0.0, Zeitstempel: 0x528d63f1
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.7.0.0, Zeitstempel: 0x528d62f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0xf28
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5

Error: (07/20/2014 03:41:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.7.0.0, Zeitstempel: 0x528d63f1
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.7.0.0, Zeitstempel: 0x528d62f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0xbbc
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5

Error: (07/20/2014 02:43:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm InstallNavi.exe, Version 8.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 528

Startzeit: 01cfa415d7e375aa

Endzeit: 9

Anwendungspfad: C:\Users\CHALU_~1\AppData\Local\Temp\WebIns\WebIns_XP-212_213_EA_V10\InstallNavi.exe

Berichts-ID: 7491c1d1-100b-11e4-bee2-c48508d5caf9

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/20/2014 02:26:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.7.0.0, Zeitstempel: 0x528d63f1
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.7.0.0, Zeitstempel: 0x528d62f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0xea4
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5

Error: (07/20/2014 02:11:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.7.0.0, Zeitstempel: 0x528d63f1
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.7.0.0, Zeitstempel: 0x528d62f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0xdac
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5

Error: (07/20/2014 07:54:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34051360

Error: (07/20/2014 07:54:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34051360

Error: (07/20/2014 07:54:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/22/2014 06:25:34 AM) (Source: DCOM) (EventID: 10010) (User: BODOLA)
Description: Microsoft.Reader

Error: (07/21/2014 09:27:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/20/2014 07:17:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/20/2014 06:38:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/20/2014 06:38:20 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000133 (0x0000000000000001, 0x0000000000001e00, 0x0000000000000000, 0x0000000000000000)C:\WINDOWS\MEMORY.DMP072014-28015-01

Error: (07/20/2014 06:38:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎07.‎2014 um 18:12:12 unerwartet heruntergefahren.

Error: (07/20/2014 05:32:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/20/2014 05:21:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/20/2014 05:20:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/20/2014 05:20:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 8079.37 MB
Available physical RAM: 3942.97 MB
Total Pagefile: 16271.38 MB
Available Pagefile: 12143.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:904.12 GB) (Free:829.06 GB) NTFS
Drive d: (LW D Daten) (Fixed) (Total:931.51 GB) (Free:829.99 GB) NTFS
Drive f: (HiLink) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================/CODE]

Hi, Schrauber
ich hoffe ich habe alles richtig eingestellt und du kannst damit etwas anfangen.

Viele Grüße
Otto
__________________

Alt 23.07.2014, 12:05   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Unsere Tools brauchen immer Adminrechte!


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.07.2014, 18:12   #5
Otto II
 
Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



Hallo Schrauber,
erst einmal Danke für deine freundliche Unterstüzung. Ich hoffe, dass ich alles korrekt ausgeführt habe
Anbei wie gewünscht Anhänge
Viele Grüße
Otto

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 01
Ran by chalu_000 (ATTENTION: The logged in user is not administrator) on BODOLA on 23-07-2014 18:39:45
Running from C:\Users\chalu_000\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILGE.EXE
(Alexander Miehlke Softwareentwicklung) C:\Program Files (x86)\TraXEx\TraXEx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-05] (IvoSoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [461176 2014-02-22] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000001] => "C:\WINDOWS\is-HLGNH.exe" /REG /REGSVRMODE
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" 
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2358064 2014-04-29] (Samsung Electronics CO., LTD.)
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILGE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\MountPoints2: {82282e80-f638-11e3-becf-c48508d5caf9} - "F:\AutoRun.exe" 
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\MountPoints2: {e6a1c99b-fa17-11e3-becf-c48508d5caf9} - "F:\AutoRun.exe" 
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-11-11] (NVIDIA Corporation)
AppInit_DLLs: , C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [157504 2014-02-22] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\\AmazonExtIE.dll [141120 2014-02-22] (Amazon Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 4.0.lnk
ShortcutTarget: TraXEx 4.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 6.0.lnk
ShortcutTarget: TraXEx 6.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
URLSearchHook: HKLM-x32 - (No Name) - {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} - No File
SearchScopes: HKLM - {4F372D31-F1E2-3862-3002-058E235F0208} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0DyD0C0A0FyCtD0AtByEtN0D0Tzu0CyCyDzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2Z2Y1N2Y1H1B1Q&cr=1025090899&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO-x32: No Name -> {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} ->  No File
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default\Extensions\toolbar@web.de [2014-07-13]
FF Extension: DownloadHelper - C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-07-13]
FF Extension: Adblock Plus - C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-13]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-10-19]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-19] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [372224 2014-07-13] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55120 2012-11-01] (Condusiv Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-07-20] (IObit)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-13] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-07-13] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
S2 Util webporpoise; "C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [28496 2012-11-01] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104272 2012-11-01] (Condusiv Technologies)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-12-19] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-19] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [52128 2013-11-27] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3346912 2013-10-31] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R1 RrNetCapFilterDriver; C:\Windows\system32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-14] (Audials AG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-09-24] (Windows (R) 2003 DDK 3790 provider)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R1 {572f484b-455f-44b0-9d6a-da3ad2071365}Gw64; C:\Windows\System32\drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}Gw64.sys [61120 2014-06-05] (StdLib)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
S3 SBIOSIO; \??\C:\Users\Bodo\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]
S3 XHCIPort; \SystemRoot\System32\drivers\XHCIPort.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-23 18:39 - 2014-07-23 18:40 - 00023571 _____ () C:\Users\chalu_000\Desktop\FRST.txt
2014-07-23 18:39 - 2014-07-23 18:39 - 00000000 ____D () C:\Users\chalu_000\Desktop\FRST-OlderVersion
2014-07-23 18:05 - 2014-07-23 18:05 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-23 18:04 - 2014-07-23 18:04 - 01016261 _____ (Thisisu) C:\Users\chalu_000\Desktop\JRT.exe
2014-07-23 17:41 - 2014-07-23 17:41 - 00002601 _____ () C:\Users\chalu_000\Desktop\AdwCleaner[S13].txt
2014-07-23 17:38 - 2014-07-23 18:10 - 00000000 ____D () C:\Users\Administrator
2014-07-22 18:37 - 2014-07-22 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 19:46 - 2014-07-23 17:46 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-20 19:46 - 2014-07-23 17:46 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-20 19:46 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BLGE.DLL
2014-07-20 19:46 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2014-07-20 19:34 - 2013-09-12 05:22 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMBLGE.DLL
2014-07-20 17:52 - 2014-07-23 18:39 - 00000000 ____D () C:\FRST
2014-07-20 17:48 - 2014-07-23 18:39 - 02091520 _____ (Farbar) C:\Users\chalu_000\Desktop\FRST64.exe
2014-07-20 17:29 - 2014-07-20 17:29 - 01354223 _____ () C:\Users\chalu_000\Desktop\adwcleaner_3.216.exe
2014-07-20 17:28 - 2014-07-20 17:28 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\IObit
2014-07-20 16:52 - 2014-07-20 16:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ProductData
2014-07-20 16:51 - 2014-07-20 16:53 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-20 16:51 - 2014-07-20 16:52 - 00000000 ____D () C:\ProgramData\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00001244 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-07-20 16:51 - 2014-07-20 16:51 - 00000290 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-20 16:37 - 2014-07-20 16:37 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\chalu_000\Desktop\WiNIOgOn64.exe
2014-07-20 14:07 - 2014-07-20 18:38 - 981652488 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-20 14:01 - 2014-07-20 14:01 - 00000000 ____D () C:\Program Files\EpsonNet
2014-07-20 14:01 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppui.dll
2014-07-20 14:01 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppui.dll
2014-07-20 14:01 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppmon.dll
2014-07-20 14:01 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppmon.dll
2014-07-20 14:01 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enspres.dll
2014-07-20 14:01 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enpres.dll
2014-07-20 14:00 - 2014-07-20 19:46 - 00000946 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-20 14:00 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2014-07-20 14:00 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2014-07-20 13:52 - 2014-07-20 13:52 - 06486416 _____ (SEIKO EPSON CORPORATION) C:\Users\chalu_000\Desktop\epson377970eu.EXE
2014-07-20 13:06 - 2014-07-20 13:06 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-20 13:06 - 2014-07-20 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 13:05 - 2014-07-20 13:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 13:05 - 2014-07-20 13:06 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 13:05 - 2014-07-20 13:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-20 13:05 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 13:04 - 2014-07-20 13:04 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-07-20 13:03 - 2014-07-20 13:03 - 00706560 _____ () C:\WINDOWS\is-HLGNH.exe
2014-07-20 13:03 - 2014-07-20 13:03 - 00013815 _____ () C:\WINDOWS\is-HLGNH.msg
2014-07-20 13:03 - 2014-07-20 13:03 - 00000358 _____ () C:\WINDOWS\is-HLGNH.lst
2014-07-20 13:03 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2014-07-20 13:01 - 2014-07-20 13:01 - 27843432 _____ (pdfforge ) C:\Users\Bodo\Downloads\PDFCreator-1_7_3_setup.exe
2014-07-20 13:00 - 2014-07-23 18:37 - 00397978 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-20 13:00 - 2014-07-20 13:00 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apple
2014-07-20 12:53 - 2014-07-23 17:44 - 00008742 _____ () C:\WINDOWS\PFRO.log
2014-07-20 12:53 - 2014-07-20 12:53 - 00377240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-20 12:26 - 2014-07-20 12:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\PDF24
2014-07-14 19:54 - 2014-07-14 19:54 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\HpUpdate
2014-07-13 14:01 - 2014-07-13 14:05 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Deployment
2014-07-13 14:01 - 2014-07-13 14:01 - 00000346 _____ () C:\Users\chalu_000\Desktop\Zattoo Live TV.appref-ms
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Zattoo
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apps\2.0
2014-07-13 13:48 - 2014-07-13 13:48 - 00488160 _____ () C:\Users\chalu_000\Zattoo-5.0.1.exe
2014-07-13 13:39 - 2014-07-13 13:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\chalu_000\Zattoo - CHIP-Installer.exe
2014-07-13 13:31 - 2014-07-13 13:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\DivX
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ManyCam
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\ManyCam
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\system32\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\inetpub
2014-07-12 20:11 - 2014-07-12 20:11 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Samsung
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\vlc
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\RapidSolution
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\CrashRpt
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Macromedia
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Macromedia
2014-07-12 18:24 - 2014-07-12 18:25 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\MGTEK
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieUserList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieSiteList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Adobe
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Epson
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 _____ () C:\Users\chalu_000\Sti_Trace.log
2014-07-12 18:15 - 2014-07-12 18:15 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215(1).exe
2014-07-12 18:13 - 2014-07-12 18:13 - 00000000 ____D () C:\ProgramData\UDL
2014-07-12 18:07 - 2014-07-12 18:07 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-12 17:52 - 2014-07-12 17:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Intel_Corporation
2014-07-12 17:46 - 2014-07-23 18:38 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ClassicShell
2014-07-12 17:46 - 2014-07-12 17:46 - 00000000 _____ () C:\Users\chalu_000\agent.log
2014-07-12 17:43 - 2014-07-23 18:36 - 00000000 ___RD () C:\Users\chalu_000\OneDrive
2014-07-12 17:37 - 2014-07-12 17:37 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel Corporation
2014-07-12 17:36 - 2014-07-12 17:36 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Synaptics
2014-07-12 17:35 - 2014-07-12 17:35 - 00002374 _____ () C:\Users\chalu_000\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-12 17:31 - 2014-07-13 18:05 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Packages
2014-07-12 17:31 - 2014-07-12 18:20 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Adobe
2014-07-12 17:31 - 2014-07-12 17:31 - 00001450 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-12 17:31 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\VirtualStore
2014-07-12 17:30 - 2014-07-20 19:16 - 00000000 ____D () C:\Users\chalu_000
2014-07-12 17:30 - 2014-07-12 17:30 - 00000020 ___SH () C:\Users\chalu_000\ntuser.ini
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Vorlagen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Startmenü
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Netzwerkumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Lokale Einstellungen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Eigene Dateien
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Druckumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Verlauf
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel
2014-07-12 17:30 - 2014-07-11 20:14 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 17:30 - 2014-06-12 08:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Garmin
2014-07-12 17:30 - 2014-05-15 23:50 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-12 17:30 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-12 17:30 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-12 17:30 - 2013-11-28 22:23 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Microsoft Help
2014-07-12 17:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-12 17:30 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-12 17:22 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-12 17:22 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-12 17:22 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-12 17:22 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-12 17:22 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-12 17:22 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-12 17:22 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-12 17:22 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-12 17:22 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-12 17:22 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-07-12 17:22 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-12 17:22 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-12 17:22 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-12 17:22 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-12 17:22 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-12 17:22 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-12 17:22 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-12 17:22 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-12 17:22 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-12 17:22 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-12 17:22 - 2014-05-15 00:47 - 04720640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-12 17:22 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-07-12 17:22 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-07-12 17:22 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-07-12 17:22 - 2014-05-13 06:27 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-12 17:22 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-07-12 17:22 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-07-12 17:22 - 2014-05-13 05:41 - 01118720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-12 17:22 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-07-12 17:22 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-07-12 17:22 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-07-12 17:22 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-07-12 17:22 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-07-12 17:22 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-07-12 17:22 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-07-12 17:22 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-07-12 17:22 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-07-12 17:22 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-07-12 17:22 - 2014-05-03 05:30 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-07-12 17:22 - 2014-05-03 05:27 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-07-12 17:22 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-07-12 17:22 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-07-12 17:22 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-07-12 17:22 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-07-12 17:22 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-07-12 17:22 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-07-12 17:22 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-07-12 17:22 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-07-12 17:22 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-07-12 17:22 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-07-12 17:22 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-07-12 17:22 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-07-12 17:22 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-07-12 17:22 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-07-12 17:22 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-07-12 17:22 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-07-12 17:22 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-07-12 17:22 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-07-12 17:22 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-07-12 17:22 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-07-12 17:22 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-07-12 17:22 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-07-12 17:22 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-07-12 17:22 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-07-12 17:22 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-07-12 17:22 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-07-12 17:22 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-07-12 17:22 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-07-12 17:19 - 2014-07-12 17:19 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215.exe
2014-07-12 15:46 - 2014-07-12 15:46 - 03570024 _____ () C:\Users\Bodo\Downloads\EpsonConnect1_2_0.exe
2014-07-12 14:50 - 2014-07-12 14:51 - 00000000 ____D () C:\Users\Bodo\Downloads\hotfix
2014-07-12 14:49 - 2012-11-30 10:09 - 00194952 _____ () C:\Users\Bodo\Downloads\Windows8-RT-KB2789962-x64.msu
2014-07-12 14:48 - 2014-07-12 14:48 - 00319792 _____ () C:\Users\Bodo\Downloads\456121_intl_x64_zip.exe
2014-07-12 14:15 - 2014-07-20 18:38 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-12 13:57 - 2014-07-20 19:47 - 00001278 _____ () C:\Users\Public\Desktop\Epson-Handbücher.lnk
2014-07-12 13:57 - 2014-07-20 19:47 - 00000123 _____ () C:\Users\Public\Desktop\Epson Connect Site.url
2014-07-12 13:57 - 2014-07-20 14:07 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-07-12 13:57 - 2014-07-20 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-12 13:57 - 2014-07-20 14:00 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-12 13:57 - 2014-07-20 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-07-12 13:54 - 2014-07-20 13:44 - 00000000 ____D () C:\ProgramData\Epson
2014-07-12 13:14 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-12 13:12 - 2014-07-12 13:12 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 12:55 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-12 12:55 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-12 12:55 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-12 07:28 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-12 07:28 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-11 20:00 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-11 20:00 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-11 20:00 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-11 20:00 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-11 20:00 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-11 20:00 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-11 20:00 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-11 20:00 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-11 20:00 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-11 20:00 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-11 20:00 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-11 20:00 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-11 20:00 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-11 20:00 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-11 20:00 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-11 20:00 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-11 20:00 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-11 20:00 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-11 20:00 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-11 20:00 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-11 20:00 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-11 20:00 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-11 20:00 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-11 20:00 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-11 20:00 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-11 20:00 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-11 20:00 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-11 20:00 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-11 20:00 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-11 20:00 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-11 20:00 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-11 20:00 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-11 20:00 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-11 20:00 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-11 20:00 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-11 20:00 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-11 20:00 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-11 19:58 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-11 19:58 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-11 19:58 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-11 19:58 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-11 19:58 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-11 19:58 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-11 19:58 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 19:58 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-11 19:58 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-11 19:58 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 19:58 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-11 19:58 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-11 19:58 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-11 19:58 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-11 19:58 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-11 19:58 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-11 19:58 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-11 17:29 - 2014-07-11 17:29 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-29 17:40 - 2014-06-29 17:40 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Zattoo
2014-06-27 16:13 - 2014-06-27 16:13 - 01063312 _____ () C:\Users\Bodo\Downloads\HP-Photosmart-Premium-Fax-C309a-Treiber-lnstall.exe

==================== One Month Modified Files and Folders =======

2014-07-23 18:40 - 2014-07-23 18:39 - 00023571 _____ () C:\Users\chalu_000\Desktop\FRST.txt
2014-07-23 18:39 - 2014-07-23 18:39 - 00000000 ____D () C:\Users\chalu_000\Desktop\FRST-OlderVersion
2014-07-23 18:39 - 2014-07-20 17:52 - 00000000 ____D () C:\FRST
2014-07-23 18:39 - 2014-07-20 17:48 - 02091520 _____ (Farbar) C:\Users\chalu_000\Desktop\FRST64.exe
2014-07-23 18:38 - 2014-07-12 17:46 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ClassicShell
2014-07-23 18:37 - 2014-07-20 13:00 - 00397978 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-23 18:37 - 2013-10-19 16:44 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-23 18:37 - 2012-09-10 10:37 - 00000360 _____ () C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2014-07-23 18:36 - 2014-07-12 17:43 - 00000000 ___RD () C:\Users\chalu_000\OneDrive
2014-07-23 18:36 - 2013-10-19 20:31 - 00001116 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-23 18:35 - 2014-01-12 14:44 - 00000472 ____H () C:\WINDOWS\Tasks\GS.Enabler-S-926685765.job
2014-07-23 18:35 - 2013-10-19 17:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-23 18:31 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-23 18:18 - 2013-10-24 19:40 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002UA.job
2014-07-23 18:18 - 2013-10-24 19:40 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002Core.job
2014-07-23 18:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-23 18:10 - 2014-07-23 17:38 - 00000000 ____D () C:\Users\Administrator
2014-07-23 18:05 - 2014-07-23 18:05 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-23 18:04 - 2014-07-23 18:04 - 01016261 _____ (Thisisu) C:\Users\chalu_000\Desktop\JRT.exe
2014-07-23 18:04 - 2013-10-19 20:31 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 18:01 - 2013-10-24 20:52 - 00000000 ____D () C:\AdwCleaner
2014-07-23 18:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-23 17:46 - 2014-07-20 19:46 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-23 17:46 - 2014-07-20 19:46 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-23 17:44 - 2014-07-20 12:53 - 00008742 _____ () C:\WINDOWS\PFRO.log
2014-07-23 17:41 - 2014-07-23 17:41 - 00002601 _____ () C:\Users\chalu_000\Desktop\AdwCleaner[S13].txt
2014-07-23 06:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-22 22:43 - 2013-10-19 15:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-22 21:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-07-22 18:37 - 2014-07-22 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 19:47 - 2014-07-12 13:57 - 00001278 _____ () C:\Users\Public\Desktop\Epson-Handbücher.lnk
2014-07-20 19:47 - 2014-07-12 13:57 - 00000123 _____ () C:\Users\Public\Desktop\Epson Connect Site.url
2014-07-20 19:46 - 2014-07-20 14:00 - 00000946 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-20 19:29 - 2013-11-28 22:18 - 00000000 ____D () C:\Users\Bodo
2014-07-20 19:16 - 2014-07-12 17:30 - 00000000 ____D () C:\Users\chalu_000
2014-07-20 18:38 - 2014-07-20 14:07 - 981652488 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-20 18:38 - 2014-07-12 14:15 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-20 17:29 - 2014-07-20 17:29 - 01354223 _____ () C:\Users\chalu_000\Desktop\adwcleaner_3.216.exe
2014-07-20 17:28 - 2014-07-20 17:28 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\IObit
2014-07-20 16:53 - 2014-07-20 16:51 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-20 16:52 - 2014-07-20 16:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ProductData
2014-07-20 16:52 - 2014-07-20 16:51 - 00000000 ____D () C:\ProgramData\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00001244 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-07-20 16:51 - 2014-07-20 16:51 - 00000290 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-20 16:37 - 2014-07-20 16:37 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\chalu_000\Desktop\WiNIOgOn64.exe
2014-07-20 14:07 - 2014-07-12 13:57 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-07-20 14:01 - 2014-07-20 14:01 - 00000000 ____D () C:\Program Files\EpsonNet
2014-07-20 14:01 - 2012-09-10 10:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-20 14:00 - 2014-07-12 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-20 14:00 - 2014-07-12 13:57 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-20 13:52 - 2014-07-20 13:52 - 06486416 _____ (SEIKO EPSON CORPORATION) C:\Users\chalu_000\Desktop\epson377970eu.EXE
2014-07-20 13:44 - 2014-07-12 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-07-20 13:44 - 2014-07-12 13:54 - 00000000 ____D () C:\ProgramData\Epson
2014-07-20 13:06 - 2014-07-20 13:06 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-20 13:06 - 2014-07-20 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 13:06 - 2014-07-20 13:05 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 13:06 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 13:06 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-20 13:05 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 13:04 - 2014-07-20 13:04 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-07-20 13:04 - 2014-03-23 18:13 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-07-20 13:03 - 2014-07-20 13:03 - 00706560 _____ () C:\WINDOWS\is-HLGNH.exe
2014-07-20 13:03 - 2014-07-20 13:03 - 00013815 _____ () C:\WINDOWS\is-HLGNH.msg
2014-07-20 13:03 - 2014-07-20 13:03 - 00000358 _____ () C:\WINDOWS\is-HLGNH.lst
2014-07-20 13:03 - 2014-03-23 18:13 - 00001043 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-07-20 13:03 - 2014-03-23 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-07-20 13:01 - 2014-07-20 13:01 - 27843432 _____ (pdfforge ) C:\Users\Bodo\Downloads\PDFCreator-1_7_3_setup.exe
2014-07-20 13:00 - 2014-07-20 13:00 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apple
2014-07-20 12:53 - 2014-07-20 12:53 - 00377240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-20 12:26 - 2014-07-20 12:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\PDF24
2014-07-14 19:54 - 2014-07-14 19:54 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\HpUpdate
2014-07-13 18:05 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Packages
2014-07-13 14:05 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Deployment
2014-07-13 14:01 - 2014-07-13 14:01 - 00000346 _____ () C:\Users\chalu_000\Desktop\Zattoo Live TV.appref-ms
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Zattoo
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apps\2.0
2014-07-13 13:58 - 2013-10-19 14:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-13 13:48 - 2014-07-13 13:48 - 00488160 _____ () C:\Users\chalu_000\Zattoo-5.0.1.exe
2014-07-13 13:39 - 2014-07-13 13:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\chalu_000\Zattoo - CHIP-Installer.exe
2014-07-13 13:31 - 2014-07-13 13:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\DivX
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ManyCam
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\ManyCam
2014-07-13 12:28 - 2013-09-30 06:14 - 01860582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-13 12:28 - 2013-09-30 05:56 - 00801220 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-13 12:28 - 2013-09-30 05:56 - 00168920 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-13 08:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\system32\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\inetpub
2014-07-13 08:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv
2014-07-13 08:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-07-13 08:05 - 2014-06-11 16:31 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2014-07-13 08:05 - 2014-06-11 16:31 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2014-07-13 08:05 - 2014-06-11 16:31 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2014-07-12 20:29 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-12 20:20 - 2013-10-19 21:15 - 00015757 _____ () C:\ProgramData\hpzinstall.log
2014-07-12 20:19 - 2013-10-19 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-12 20:18 - 2013-10-19 21:16 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-12 20:18 - 2013-10-19 21:15 - 00000000 ____D () C:\ProgramData\HP
2014-07-12 20:11 - 2014-07-12 20:11 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Samsung
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\vlc
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\RapidSolution
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\CrashRpt
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Macromedia
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Macromedia
2014-07-12 18:25 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\MGTEK
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieUserList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieSiteList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Adobe
2014-07-12 18:20 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Adobe
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Epson
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 _____ () C:\Users\chalu_000\Sti_Trace.log
2014-07-12 18:15 - 2014-07-12 18:15 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215(1).exe
2014-07-12 18:13 - 2014-07-12 18:13 - 00000000 ____D () C:\ProgramData\UDL
2014-07-12 18:07 - 2014-07-12 18:07 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-12 17:52 - 2014-07-12 17:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Intel_Corporation
2014-07-12 17:46 - 2014-07-12 17:46 - 00000000 _____ () C:\Users\chalu_000\agent.log
2014-07-12 17:37 - 2014-07-12 17:37 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel Corporation
2014-07-12 17:36 - 2014-07-12 17:36 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Synaptics
2014-07-12 17:35 - 2014-07-12 17:35 - 00002374 _____ () C:\Users\chalu_000\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-12 17:31 - 2014-07-12 17:31 - 00001450 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-12 17:31 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\VirtualStore
2014-07-12 17:30 - 2014-07-12 17:30 - 00000020 ___SH () C:\Users\chalu_000\ntuser.ini
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Vorlagen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Startmenü
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Netzwerkumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Lokale Einstellungen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Eigene Dateien
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Druckumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Verlauf
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel
2014-07-12 17:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-07-12 17:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-07-12 17:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-07-12 17:21 - 2014-04-16 17:14 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-07-12 17:19 - 2014-07-12 17:19 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215.exe
2014-07-12 17:19 - 2014-06-11 16:33 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-12 17:17 - 2014-04-16 19:20 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\ClassicShell
2014-07-12 16:41 - 2014-04-16 18:28 - 00000000 __RDO () C:\Users\Bodo\OneDrive
2014-07-12 16:25 - 2012-09-10 10:44 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-12 15:46 - 2014-07-12 15:46 - 03570024 _____ () C:\Users\Bodo\Downloads\EpsonConnect1_2_0.exe
2014-07-12 15:23 - 2013-10-24 17:19 - 00001962 _____ () C:\Users\Public\Desktop\SW Update.lnk
2014-07-12 15:23 - 2012-09-10 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-07-12 14:51 - 2014-07-12 14:50 - 00000000 ____D () C:\Users\Bodo\Downloads\hotfix
2014-07-12 14:48 - 2014-07-12 14:48 - 00319792 _____ () C:\Users\Bodo\Downloads\456121_intl_x64_zip.exe
2014-07-12 13:17 - 2013-10-21 22:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-12 13:14 - 2013-10-25 06:54 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-12 13:12 - 2014-07-12 13:12 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-11 20:14 - 2014-07-12 17:30 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 20:14 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-11 17:29 - 2014-07-11 17:29 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-07 19:48 - 2014-05-01 19:54 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 19:34 - 2014-02-19 00:10 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\vlc
2014-07-07 19:25 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2014-07-01 00:45 - 2014-07-12 12:55 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-29 17:40 - 2014-06-29 17:40 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Zattoo
2014-06-28 09:48 - 2014-07-12 12:55 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 09:07 - 2014-07-12 12:55 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-27 16:41 - 2013-10-19 21:15 - 00249554 _____ () C:\WINDOWS\hpoins35.dat
2014-06-27 16:36 - 2012-07-26 07:26 - 00000127 _____ () C:\WINDOWS\win.ini
2014-06-27 16:26 - 2013-12-22 19:38 - 315085552 _____ () C:\Users\Bodo\Downloads\PS_AIO_05_C309a_Net_Full_Win_WW_140_408(1).exe
2014-06-27 16:13 - 2014-06-27 16:13 - 01063312 _____ () C:\Users\Bodo\Downloads\HP-Photosmart-Premium-Fax-C309a-Treiber-lnstall.exe
2014-06-26 22:55 - 2014-07-12 07:28 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2014-07-12 07:28 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\chalu_000\Zattoo - CHIP-Installer.exe
C:\Users\chalu_000\Zattoo-5.0.1.exe
C:\Users\EasySurvey\EasySurvey.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2014 01
Ran by chalu_000 at 2014-07-23 18:41:20
Running from C:\Users\chalu_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adblock IE 2.3 (HKLM\...\{58161756-037B-42CD-B575-AF804A2F0F47}) (Version: 2.3.1756 - MGTEK)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon 1Button App (x32 Version: 1.0.6 - Amazon) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Audials (HKLM-x32\...\{DA6EBFC9-8869-4B61-8D38-2668A395C5B0}) (Version: 11.0.54400.0 - Audials AG)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Classic Shell (HKLM\...\{023F92C9-AB10-4C54-BF09-C550AEC37917}) (Version: 4.0.6 - IvoSoft)
Elevated Installer (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version: - SEIKO EPSON Corporation)
Epson-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Garmin Express (HKLM-x32\...\{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}) (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
IntelliMemory (HKLM\...\{E93403C5-8A91-4940-89DB-EED69DA6E82E}) (Version: 1.0.30.0 - Condusiv Technologies)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
NVIDIA Grafiktreiber 327.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.68 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.68 (Version: 327.68 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.10 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Schoener Fernsehen 0.0.0.1 (HKLM-x32\...\Schoener Fernsehen) (Version: 0.0.0.1 - © schoener-fernsehen.com)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Zattoo Live TV (HKCU\...\6d7aa3e3bf931c56) (Version: 1.0.0.44 - Zattoo Europa AG)

==================== Custom CLSID entries: ==========================


==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job => ?
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002Core.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002UA.job => ?
Task: C:\WINDOWS\Tasks\GS.Enabler-S-926685765.job => ? <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => ?
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => ?
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => ?

==================== Loaded Modules (whitelisted) =============

2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-15 02:48 - 2013-11-15 02:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\Users\chalu_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: AudialsNotifier => C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: Google Update => "C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ManyCam => "C:/Program Files (x86)/ManyCam/ManyCam.exe" --silent
MSCONFIG\startupreg: OMESupervisor => C:\Users\Bodo\AppData\Local\omesuperv.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2014 06:40:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17039, Zeitstempel: 0x53156588
Name des fehlerhaften Moduls: DEVRTL.dll, Version: 6.3.9600.16384, Zeitstempel: 0x5215e1cb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000013e5
ID des fehlerhaften Prozesses: 0x11f0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (07/23/2014 06:30:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EasySettingsCmdServer.exe, Version: 0.0.0.0, Zeitstempel: 0x52e75292
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.30319.460, Zeitstempel: 0x4db13576
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008cb95
ID des fehlerhaften Prozesses: 0x50d4
Startzeit der fehlerhaften Anwendung: 0xEasySettingsCmdServer.exe0
Pfad der fehlerhaften Anwendung: EasySettingsCmdServer.exe1
Pfad des fehlerhaften Moduls: EasySettingsCmdServer.exe2
Berichtskennung: EasySettingsCmdServer.exe3
Vollständiger Name des fehlerhaften Pakets: EasySettingsCmdServer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: EasySettingsCmdServer.exe5


System errors:
=============
Error: (07/23/2014 06:31:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8079.37 MB
Available physical RAM: 5748.49 MB
Total Pagefile: 16271.38 MB
Available Pagefile: 14084.54 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:904.12 GB) (Free:828.64 GB) NTFS
Drive d: (LW D Daten) (Fixed) (Total:931.51 GB) (Free:829.99 GB) NTFS
Drive f: (HiLink) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.216 - Bericht erstellt am 23/07/2014 um 17:41:16
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Administrator - BODOLA
# Gestartet von : C:\Users\chalu_000\Desktop\adwcleaner_3.216(1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\WINDOWS\System32\Tasks\Browser Updater
Datei Gelöscht : C:\WINDOWS\System32\Tasks\ProtectedSearch

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


*************************

AdwCleaner[R0].txt - [91575 octets] - [24/10/2013 20:53:38]
AdwCleaner[R10].txt - [4801 octets] - [08/06/2014 20:28:07]
AdwCleaner[R11].txt - [2220 octets] - [08/06/2014 20:36:25]
AdwCleaner[R12].txt - [6427 octets] - [07/07/2014 18:46:58]
AdwCleaner[R13].txt - [2359 octets] - [12/07/2014 18:15:27]
AdwCleaner[R15].txt - [3248 octets] - [20/07/2014 17:29:34]
AdwCleaner[R16].txt - [2709 octets] - [22/07/2014 22:35:49]
AdwCleaner[R17].txt - [2770 octets] - [22/07/2014 22:40:42]
AdwCleaner[R18].txt - [2539 octets] - [23/07/2014 17:39:08]
AdwCleaner[R1].txt - [23194 octets] - [01/05/2014 19:17:17]
AdwCleaner[R2].txt - [1618 octets] - [01/05/2014 19:33:26]
AdwCleaner[R3].txt - [1492 octets] - [02/05/2014 07:27:00]
AdwCleaner[R4].txt - [1492 octets] - [03/05/2014 18:38:15]
AdwCleaner[R5].txt - [2125 octets] - [06/05/2014 21:28:49]
AdwCleaner[R6].txt - [2202 octets] - [17/05/2014 15:25:02]
AdwCleaner[R7].txt - [2241 octets] - [17/05/2014 16:26:59]
AdwCleaner[R8].txt - [2307 octets] - [17/05/2014 16:44:42]
AdwCleaner[R9].txt - [2386 octets] - [24/05/2014 23:00:48]
AdwCleaner[S0].txt - [86378 octets] - [24/10/2013 20:57:24]
AdwCleaner[S11].txt - [3210 octets] - [20/07/2014 17:31:15]
AdwCleaner[S12].txt - [2832 octets] - [22/07/2014 22:42:40]
AdwCleaner[S13].txt - [1920 octets] - [23/07/2014 17:41:16]
AdwCleaner[S1].txt - [20323 octets] - [01/05/2014 19:19:42]
AdwCleaner[S2].txt - [1628 octets] - [01/05/2014 19:34:49]
AdwCleaner[S3].txt - [1502 octets] - [02/05/2014 07:52:17]
AdwCleaner[S4].txt - [1553 octets] - [03/05/2014 18:39:17]
AdwCleaner[S5].txt - [2447 octets] - [24/05/2014 23:02:10]
AdwCleaner[S6].txt - [4318 octets] - [08/06/2014 20:29:21]
AdwCleaner[S7].txt - [2280 octets] - [08/06/2014 20:37:23]
AdwCleaner[S8].txt - [3318 octets] - [12/07/2014 17:22:45]
AdwCleaner[S9].txt - [2419 octets] - [12/07/2014 18:16:39]

########## EOF - \AdwCleaner\AdwCleaner[S13].txt - [2522 octets] ##########
         
--- --- ---
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Administrator on 23.07.2014 at 18:44:47,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2014 at 18:54:01,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
[/CODE]


Alt 24.07.2014, 17:18   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



denk bitte dran, Adminrechte!

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Window 8.1, Virus "PUP.Otional.Sanbreel.A"

Alt 24.07.2014, 18:27   #7
Otto II
 
Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



Hallo Schrauber,
ich habe Comfix auf den desktop geladen. Beim Ausführen als Admin wird aber folger Fehler angezeigt:
- Combofix is not run in Compatibility Mode, The Program shall now exit
So kann das Program mit starten
Ich weis nicht wie das Problem gelöst werden kann
Daher meine Frage und Bitte wie kann ich das Problem lösen.
Auch mit rechter Maustaste Behandeln von Kompatbilitätsproblemen brachte keine Lösung
VG
Otto

Alt 25.07.2014, 17:28   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



Mein Fehler.

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.07.2014, 10:23   #9
Otto II
 
Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



Hallo Schrauber,
die log -datei war für den Versand zu lang. Ich werde die log-Datei separat versenden.

Code:
ATTFilter
Farbar Service Scanner Version: 21-07-2014
Ran by Administrator (administrator) on 26-07-2014 at 11:06:28
Running from "C:\Users\chalu_000\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.85  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
Windows Defender              
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 	14.0.0.145  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (31.0) 
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-07-2014
Ran by chalu_000 (ATTENTION: The logged in user is not administrator) on BODOLA on 26-07-2014 10:51:54
Running from C:\Users\chalu_000\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILGE.EXE
(Alexander Miehlke Softwareentwicklung) C:\Program Files (x86)\TraXEx\TraXEx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-05] (IvoSoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-07-01] (Garmin Ltd or its subsidiaries)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" 
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2358064 2014-04-29] (Samsung Electronics CO., LTD.)
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILGE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\MountPoints2: {82282e80-f638-11e3-becf-c48508d5caf9} - "F:\AutoRun.exe" 
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\MountPoints2: {e6a1c99b-fa17-11e3-becf-c48508d5caf9} - "F:\AutoRun.exe" 
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-11-11] (NVIDIA Corporation)
AppInit_DLLs: , C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [157504 2014-02-22] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\\AmazonExtIE.dll [141120 2014-02-22] (Amazon Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 4.0.lnk
ShortcutTarget: TraXEx 4.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 6.0.lnk
ShortcutTarget: TraXEx 6.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing
URLSearchHook: HKLM-x32 - (No Name) - {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} - No File
SearchScopes: HKLM - {4F372D31-F1E2-3862-3002-058E235F0208} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0DyD0C0A0FyCtD0AtByEtN0D0Tzu0CyCyDzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2Z2Y1N2Y1H1B1Q&cr=1025090899&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO-x32: No Name -> {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} ->  No File
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default\Extensions\toolbar@web.de [2014-07-13]
FF Extension: DownloadHelper - C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-07-13]
FF Extension: Adblock Plus - C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-13]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-10-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-19] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [372224 2014-07-13] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [437080 2014-07-01] (Garmin Ltd or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55120 2012-11-01] (Condusiv Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-07-20] (IObit)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-13] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-07-13] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
S2 Util webporpoise; "C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [28496 2012-11-01] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104272 2012-11-01] (Condusiv Technologies)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-12-19] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-19] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [52128 2013-11-27] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3346912 2013-10-31] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R1 RrNetCapFilterDriver; C:\Windows\system32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-14] (Audials AG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-09-24] (Windows (R) 2003 DDK 3790 provider)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R1 {572f484b-455f-44b0-9d6a-da3ad2071365}Gw64; C:\Windows\System32\drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}Gw64.sys [61120 2014-06-05] (StdLib)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
S3 SBIOSIO; \??\C:\Users\Bodo\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]
S3 XHCIPort; \SystemRoot\System32\drivers\XHCIPort.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 10:51 - 2014-07-26 10:52 - 00024289 _____ () C:\Users\chalu_000\Desktop\FRST.txt
2014-07-26 00:13 - 2014-07-26 00:13 - 00854390 _____ () C:\Users\chalu_000\Desktop\SecurityCheck.exe
2014-07-25 21:03 - 2014-07-25 21:03 - 02347384 _____ (ESET) C:\Users\chalu_000\Desktop\esetsmartinstaller_deu.exe
2014-07-25 20:53 - 2014-07-25 20:53 - 00000797 _____ () C:\WINDOWS\setupact.log
2014-07-25 20:53 - 2014-07-25 20:53 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-25 20:44 - 2014-07-26 00:30 - 00003237 _____ () C:\Users\chalu_000\Desktop\FSS.txt
2014-07-25 20:42 - 2014-07-25 20:42 - 00415232 _____ (Farbar) C:\Users\chalu_000\Desktop\FSS.exe
2014-07-25 20:26 - 2014-07-25 20:26 - 00000000 ___SH () C:\DkHyperbootSync
2014-07-24 18:49 - 2014-07-24 18:50 - 05562147 _____ (Swearware) C:\Users\chalu_000\Desktop\ComboFix.exe
2014-07-24 06:16 - 2014-07-24 06:16 - 00001904 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-24 06:16 - 2014-07-24 06:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-23 22:10 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-23 22:10 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-23 22:10 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-23 19:02 - 2014-07-23 19:01 - 00000622 _____ () C:\Users\chalu_000\Desktop\JRT.txt
2014-07-23 19:01 - 2014-07-23 19:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ClassicShell
2014-07-23 18:58 - 2014-07-23 18:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-07-23 18:57 - 2014-07-23 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Synaptics
2014-07-23 18:57 - 2014-07-23 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
2014-07-23 18:56 - 2014-07-23 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel
2014-07-23 18:10 - 2014-07-23 18:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-07-23 18:05 - 2014-07-23 18:05 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-23 18:04 - 2014-07-23 18:04 - 01016261 _____ (Thisisu) C:\Users\chalu_000\Desktop\JRT.exe
2014-07-23 17:41 - 2014-07-23 17:41 - 00002601 _____ () C:\Users\chalu_000\Desktop\AdwCleaner[S13].txt
2014-07-23 17:38 - 2014-07-23 18:10 - 00000000 ____D () C:\Users\Administrator
2014-07-23 17:38 - 2014-07-23 17:38 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-07-23 17:38 - 2014-06-12 08:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Garmin
2014-07-22 18:37 - 2014-07-22 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 19:46 - 2014-07-26 10:46 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-20 19:46 - 2014-07-26 10:46 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-20 19:46 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BLGE.DLL
2014-07-20 19:46 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2014-07-20 19:34 - 2013-09-12 05:22 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMBLGE.DLL
2014-07-20 17:52 - 2014-07-26 10:51 - 00000000 ____D () C:\FRST
2014-07-20 17:48 - 2014-07-26 00:15 - 02093568 _____ (Farbar) C:\Users\chalu_000\Desktop\FRST64.exe
2014-07-20 17:29 - 2014-07-20 17:29 - 01354223 _____ () C:\Users\chalu_000\Desktop\adwcleaner_3.216.exe
2014-07-20 17:28 - 2014-07-20 17:28 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\IObit
2014-07-20 16:52 - 2014-07-20 16:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ProductData
2014-07-20 16:51 - 2014-07-20 16:53 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-20 16:51 - 2014-07-20 16:52 - 00000000 ____D () C:\ProgramData\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00001244 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-07-20 16:51 - 2014-07-20 16:51 - 00000290 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-20 16:37 - 2014-07-20 16:37 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\chalu_000\Desktop\WiNIOgOn64.exe
2014-07-20 14:07 - 2014-07-20 18:38 - 981652488 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-20 14:01 - 2014-07-20 14:01 - 00000000 ____D () C:\Program Files\EpsonNet
2014-07-20 14:01 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppui.dll
2014-07-20 14:01 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppui.dll
2014-07-20 14:01 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppmon.dll
2014-07-20 14:01 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppmon.dll
2014-07-20 14:01 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enspres.dll
2014-07-20 14:01 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enpres.dll
2014-07-20 14:00 - 2014-07-20 19:46 - 00000946 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-20 14:00 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2014-07-20 14:00 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2014-07-20 13:52 - 2014-07-20 13:52 - 06486416 _____ (SEIKO EPSON CORPORATION) C:\Users\chalu_000\Desktop\epson377970eu.EXE
2014-07-20 13:06 - 2014-07-20 13:06 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-20 13:06 - 2014-07-20 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 13:05 - 2014-07-20 13:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 13:05 - 2014-07-20 13:06 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 13:05 - 2014-07-20 13:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-20 13:05 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 13:04 - 2014-07-20 13:04 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-07-20 13:03 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2014-07-20 13:01 - 2014-07-20 13:01 - 27843432 _____ (pdfforge ) C:\Users\Bodo\Downloads\PDFCreator-1_7_3_setup.exe
2014-07-20 13:00 - 2014-07-25 18:36 - 00791117 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-20 13:00 - 2014-07-20 13:00 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apple
2014-07-20 12:53 - 2014-07-23 17:44 - 00008742 _____ () C:\WINDOWS\PFRO.log
2014-07-20 12:53 - 2014-07-20 12:53 - 00377240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-20 12:26 - 2014-07-20 12:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\PDF24
2014-07-14 19:54 - 2014-07-14 19:54 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\HpUpdate
2014-07-13 14:01 - 2014-07-13 14:05 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Deployment
2014-07-13 14:01 - 2014-07-13 14:01 - 00000346 _____ () C:\Users\chalu_000\Desktop\Zattoo Live TV.appref-ms
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Zattoo
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apps\2.0
2014-07-13 13:48 - 2014-07-13 13:48 - 00488160 _____ () C:\Users\chalu_000\Zattoo-5.0.1.exe
2014-07-13 13:39 - 2014-07-13 13:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\chalu_000\Zattoo - CHIP-Installer.exe
2014-07-13 13:31 - 2014-07-13 13:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\DivX
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ManyCam
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\ManyCam
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\system32\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\inetpub
2014-07-12 20:11 - 2014-07-12 20:11 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Samsung
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\vlc
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\RapidSolution
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\CrashRpt
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Macromedia
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Macromedia
2014-07-12 18:24 - 2014-07-12 18:25 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\MGTEK
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieUserList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieSiteList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Adobe
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Epson
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 _____ () C:\Users\chalu_000\Sti_Trace.log
2014-07-12 18:15 - 2014-07-12 18:15 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215(1).exe
2014-07-12 18:13 - 2014-07-12 18:13 - 00000000 ____D () C:\ProgramData\UDL
2014-07-12 18:07 - 2014-07-12 18:07 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-12 17:52 - 2014-07-12 17:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Intel_Corporation
2014-07-12 17:46 - 2014-07-25 17:37 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ClassicShell
2014-07-12 17:46 - 2014-07-12 17:46 - 00000000 _____ () C:\Users\chalu_000\agent.log
2014-07-12 17:43 - 2014-07-25 18:16 - 00000000 ____D () C:\Users\chalu_000\OneDrive
2014-07-12 17:37 - 2014-07-12 17:37 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel Corporation
2014-07-12 17:36 - 2014-07-12 17:36 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Synaptics
2014-07-12 17:35 - 2014-07-12 17:35 - 00002374 _____ () C:\Users\chalu_000\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-12 17:31 - 2014-07-13 18:05 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Packages
2014-07-12 17:31 - 2014-07-12 18:20 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Adobe
2014-07-12 17:31 - 2014-07-12 17:31 - 00001450 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-12 17:31 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\VirtualStore
2014-07-12 17:30 - 2014-07-20 19:16 - 00000000 ____D () C:\Users\chalu_000
2014-07-12 17:30 - 2014-07-12 17:30 - 00000020 ___SH () C:\Users\chalu_000\ntuser.ini
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Vorlagen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Startmenü
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Netzwerkumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Lokale Einstellungen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Eigene Dateien
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Druckumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Verlauf
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel
2014-07-12 17:30 - 2014-07-11 20:14 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 17:30 - 2014-06-12 08:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Garmin
2014-07-12 17:30 - 2014-05-15 23:50 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-12 17:30 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-12 17:30 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-12 17:30 - 2013-11-28 22:23 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Microsoft Help
2014-07-12 17:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-12 17:30 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-12 17:22 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-12 17:22 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-12 17:22 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-12 17:22 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-12 17:22 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-12 17:22 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-12 17:22 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-12 17:22 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-12 17:22 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-12 17:22 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-07-12 17:22 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-12 17:22 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-12 17:22 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-12 17:22 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-12 17:22 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-12 17:22 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-12 17:22 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-12 17:22 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-12 17:22 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-12 17:22 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-12 17:22 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-07-12 17:22 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-07-12 17:22 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-07-12 17:22 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-07-12 17:22 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-07-12 17:22 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-07-12 17:22 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-07-12 17:22 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-07-12 17:22 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-07-12 17:22 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-07-12 17:22 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-07-12 17:22 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-07-12 17:22 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-07-12 17:22 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-07-12 17:22 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-07-12 17:22 - 2014-05-03 05:30 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-07-12 17:22 - 2014-05-03 05:27 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-07-12 17:22 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-07-12 17:22 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-07-12 17:22 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-07-12 17:22 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-07-12 17:22 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-07-12 17:22 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-07-12 17:22 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-07-12 17:22 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-07-12 17:22 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-07-12 17:22 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-07-12 17:22 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-07-12 17:22 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-07-12 17:22 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-07-12 17:22 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-07-12 17:22 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-07-12 17:22 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-07-12 17:22 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-07-12 17:22 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-07-12 17:22 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-07-12 17:22 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-07-12 17:22 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-07-12 17:22 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-07-12 17:22 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-07-12 17:22 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-07-12 17:22 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-07-12 17:22 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-07-12 17:22 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-07-12 17:22 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-07-12 17:19 - 2014-07-12 17:19 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215.exe
2014-07-12 15:46 - 2014-07-12 15:46 - 03570024 _____ () C:\Users\Bodo\Downloads\EpsonConnect1_2_0.exe
2014-07-12 14:50 - 2014-07-12 14:51 - 00000000 ____D () C:\Users\Bodo\Downloads\hotfix
2014-07-12 14:49 - 2012-11-30 10:09 - 00194952 _____ () C:\Users\Bodo\Downloads\Windows8-RT-KB2789962-x64.msu
2014-07-12 14:48 - 2014-07-12 14:48 - 00319792 _____ () C:\Users\Bodo\Downloads\456121_intl_x64_zip.exe
2014-07-12 14:15 - 2014-07-20 18:38 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-12 13:57 - 2014-07-20 19:47 - 00001278 _____ () C:\Users\Public\Desktop\Epson-Handbücher.lnk
2014-07-12 13:57 - 2014-07-20 19:47 - 00000123 _____ () C:\Users\Public\Desktop\Epson Connect Site.url
2014-07-12 13:57 - 2014-07-20 14:07 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-07-12 13:57 - 2014-07-20 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-12 13:57 - 2014-07-20 14:00 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-12 13:57 - 2014-07-20 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-07-12 13:54 - 2014-07-20 13:44 - 00000000 ____D () C:\ProgramData\Epson
2014-07-12 13:14 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-12 13:12 - 2014-07-12 13:12 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 12:55 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-12 12:55 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-12 12:55 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-12 07:28 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-12 07:28 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-11 20:00 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-11 20:00 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-11 20:00 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-11 20:00 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-11 20:00 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-11 20:00 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-11 20:00 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-11 20:00 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-11 20:00 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-11 20:00 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-11 20:00 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-11 20:00 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-11 20:00 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-11 20:00 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-11 20:00 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-11 20:00 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-11 20:00 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-11 20:00 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-11 20:00 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-11 20:00 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-11 20:00 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-11 20:00 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-11 20:00 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-11 20:00 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-11 20:00 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-11 20:00 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-11 20:00 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-11 20:00 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-11 20:00 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-11 20:00 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-11 20:00 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-11 20:00 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-11 20:00 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-11 20:00 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-11 20:00 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-11 20:00 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-11 20:00 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-11 19:58 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-11 19:58 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-11 19:58 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-11 19:58 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-11 19:58 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-11 19:58 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-11 19:58 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 19:58 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-11 19:58 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-11 19:58 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 19:58 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-11 19:58 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-11 19:58 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-11 19:58 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-11 19:58 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-11 19:58 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-11 19:58 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-11 17:29 - 2014-07-11 17:29 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-29 17:40 - 2014-06-29 17:40 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Zattoo
2014-06-27 16:13 - 2014-06-27 16:13 - 01063312 _____ () C:\Users\Bodo\Downloads\HP-Photosmart-Premium-Fax-C309a-Treiber-lnstall.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 10:52 - 2014-07-26 10:51 - 00024289 _____ () C:\Users\chalu_000\Desktop\FRST.txt
2014-07-26 10:51 - 2014-07-20 17:52 - 00000000 ____D () C:\FRST
2014-07-26 10:46 - 2014-07-20 19:46 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-26 10:46 - 2014-07-20 19:46 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-26 10:37 - 2013-10-19 16:44 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-26 10:37 - 2012-09-10 10:37 - 00000360 _____ () C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2014-07-26 10:18 - 2013-10-24 19:40 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002UA.job
2014-07-26 10:04 - 2013-10-19 20:31 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-26 10:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-26 09:56 - 2013-10-19 17:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-26 00:30 - 2014-07-25 20:44 - 00003237 _____ () C:\Users\chalu_000\Desktop\FSS.txt
2014-07-26 00:15 - 2014-07-20 17:48 - 02093568 _____ (Farbar) C:\Users\chalu_000\Desktop\FRST64.exe
2014-07-26 00:13 - 2014-07-26 00:13 - 00854390 _____ () C:\Users\chalu_000\Desktop\SecurityCheck.exe
2014-07-25 21:03 - 2014-07-25 21:03 - 02347384 _____ (ESET) C:\Users\chalu_000\Desktop\esetsmartinstaller_deu.exe
2014-07-25 21:01 - 2013-09-30 06:14 - 01860582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-25 21:01 - 2013-09-30 05:56 - 00801220 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-25 21:01 - 2013-09-30 05:56 - 00168920 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-25 20:53 - 2014-07-25 20:53 - 00000797 _____ () C:\WINDOWS\setupact.log
2014-07-25 20:53 - 2014-07-25 20:53 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-25 20:42 - 2014-07-25 20:42 - 00415232 _____ (Farbar) C:\Users\chalu_000\Desktop\FSS.exe
2014-07-25 20:26 - 2014-07-25 20:26 - 00000000 ___SH () C:\DkHyperbootSync
2014-07-25 19:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-25 19:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-07-25 18:36 - 2014-07-20 13:00 - 00791117 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-25 18:18 - 2013-10-24 19:40 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002Core.job
2014-07-25 18:16 - 2014-07-12 17:43 - 00000000 ____D () C:\Users\chalu_000\OneDrive
2014-07-25 18:16 - 2013-10-19 20:31 - 00001116 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-25 18:15 - 2014-01-12 14:44 - 00000472 ____H () C:\WINDOWS\Tasks\GS.Enabler-S-926685765.job
2014-07-25 17:37 - 2014-07-12 17:46 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ClassicShell
2014-07-25 06:08 - 2014-04-16 18:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 06:08 - 2014-04-16 18:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 06:08 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-24 20:53 - 2014-04-16 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 20:53 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-24 18:50 - 2014-07-24 18:49 - 05562147 _____ (Swearware) C:\Users\chalu_000\Desktop\ComboFix.exe
2014-07-24 18:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-24 06:16 - 2014-07-24 06:16 - 00001904 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-24 06:16 - 2014-07-24 06:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-24 06:16 - 2014-02-22 20:32 - 00000000 ____D () C:\ProgramData\Garmin
2014-07-24 06:16 - 2014-02-22 20:32 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-07-24 06:16 - 2013-10-19 14:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-23 19:01 - 2014-07-23 19:02 - 00000622 _____ () C:\Users\chalu_000\Desktop\JRT.txt
2014-07-23 19:01 - 2014-07-23 19:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ClassicShell
2014-07-23 19:00 - 2012-09-10 10:44 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-23 18:58 - 2014-07-23 18:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-07-23 18:57 - 2014-07-23 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Synaptics
2014-07-23 18:57 - 2014-07-23 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
2014-07-23 18:56 - 2014-07-23 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel
2014-07-23 18:10 - 2014-07-23 18:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-07-23 18:10 - 2014-07-23 17:38 - 00000000 ____D () C:\Users\Administrator
2014-07-23 18:05 - 2014-07-23 18:05 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-23 18:04 - 2014-07-23 18:04 - 01016261 _____ (Thisisu) C:\Users\chalu_000\Desktop\JRT.exe
2014-07-23 18:01 - 2013-10-24 20:52 - 00000000 ____D () C:\AdwCleaner
2014-07-23 17:44 - 2014-07-20 12:53 - 00008742 _____ () C:\WINDOWS\PFRO.log
2014-07-23 17:41 - 2014-07-23 17:41 - 00002601 _____ () C:\Users\chalu_000\Desktop\AdwCleaner[S13].txt
2014-07-23 17:38 - 2014-07-23 17:38 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-07-23 06:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-22 22:43 - 2013-10-19 15:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-22 18:37 - 2014-07-22 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 19:47 - 2014-07-12 13:57 - 00001278 _____ () C:\Users\Public\Desktop\Epson-Handbücher.lnk
2014-07-20 19:47 - 2014-07-12 13:57 - 00000123 _____ () C:\Users\Public\Desktop\Epson Connect Site.url
2014-07-20 19:46 - 2014-07-20 14:00 - 00000946 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-20 19:29 - 2013-11-28 22:18 - 00000000 ____D () C:\Users\Bodo
2014-07-20 19:16 - 2014-07-12 17:30 - 00000000 ____D () C:\Users\chalu_000
2014-07-20 18:38 - 2014-07-20 14:07 - 981652488 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-20 18:38 - 2014-07-12 14:15 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-20 17:29 - 2014-07-20 17:29 - 01354223 _____ () C:\Users\chalu_000\Desktop\adwcleaner_3.216.exe
2014-07-20 17:28 - 2014-07-20 17:28 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\IObit
2014-07-20 16:53 - 2014-07-20 16:51 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-20 16:52 - 2014-07-20 16:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ProductData
2014-07-20 16:52 - 2014-07-20 16:51 - 00000000 ____D () C:\ProgramData\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00001244 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-07-20 16:51 - 2014-07-20 16:51 - 00000290 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-20 16:37 - 2014-07-20 16:37 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\chalu_000\Desktop\WiNIOgOn64.exe
2014-07-20 14:07 - 2014-07-12 13:57 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-07-20 14:01 - 2014-07-20 14:01 - 00000000 ____D () C:\Program Files\EpsonNet
2014-07-20 14:01 - 2012-09-10 10:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-20 14:00 - 2014-07-12 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-20 14:00 - 2014-07-12 13:57 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-20 13:52 - 2014-07-20 13:52 - 06486416 _____ (SEIKO EPSON CORPORATION) C:\Users\chalu_000\Desktop\epson377970eu.EXE
2014-07-20 13:44 - 2014-07-12 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-07-20 13:44 - 2014-07-12 13:54 - 00000000 ____D () C:\ProgramData\Epson
2014-07-20 13:06 - 2014-07-20 13:06 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-20 13:06 - 2014-07-20 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 13:06 - 2014-07-20 13:05 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 13:06 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 13:06 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-20 13:05 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 13:04 - 2014-07-20 13:04 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-07-20 13:04 - 2014-03-23 18:13 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-07-20 13:03 - 2014-03-23 18:13 - 00001043 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-07-20 13:03 - 2014-03-23 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-07-20 13:01 - 2014-07-20 13:01 - 27843432 _____ (pdfforge ) C:\Users\Bodo\Downloads\PDFCreator-1_7_3_setup.exe
2014-07-20 13:00 - 2014-07-20 13:00 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apple
2014-07-20 12:53 - 2014-07-20 12:53 - 00377240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-20 12:26 - 2014-07-20 12:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\PDF24
2014-07-14 19:54 - 2014-07-14 19:54 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\HpUpdate
2014-07-13 18:05 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Packages
2014-07-13 14:05 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Deployment
2014-07-13 14:01 - 2014-07-13 14:01 - 00000346 _____ () C:\Users\chalu_000\Desktop\Zattoo Live TV.appref-ms
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Zattoo
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apps\2.0
2014-07-13 13:48 - 2014-07-13 13:48 - 00488160 _____ () C:\Users\chalu_000\Zattoo-5.0.1.exe
2014-07-13 13:39 - 2014-07-13 13:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\chalu_000\Zattoo - CHIP-Installer.exe
2014-07-13 13:31 - 2014-07-13 13:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\DivX
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ManyCam
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\ManyCam
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\system32\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\inetpub
2014-07-13 08:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv
2014-07-13 08:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-07-13 08:05 - 2014-06-11 16:31 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2014-07-13 08:05 - 2014-06-11 16:31 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2014-07-13 08:05 - 2014-06-11 16:31 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2014-07-12 20:20 - 2013-10-19 21:15 - 00015757 _____ () C:\ProgramData\hpzinstall.log
2014-07-12 20:19 - 2013-10-19 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-12 20:18 - 2013-10-19 21:16 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-12 20:18 - 2013-10-19 21:15 - 00000000 ____D () C:\ProgramData\HP
2014-07-12 20:11 - 2014-07-12 20:11 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Samsung
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\vlc
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\RapidSolution
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\CrashRpt
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Macromedia
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Macromedia
2014-07-12 18:25 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\MGTEK
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieUserList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieSiteList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Adobe
2014-07-12 18:20 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Adobe
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Epson
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 _____ () C:\Users\chalu_000\Sti_Trace.log
2014-07-12 18:15 - 2014-07-12 18:15 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215(1).exe
2014-07-12 18:13 - 2014-07-12 18:13 - 00000000 ____D () C:\ProgramData\UDL
2014-07-12 18:07 - 2014-07-12 18:07 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-12 17:52 - 2014-07-12 17:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Intel_Corporation
2014-07-12 17:46 - 2014-07-12 17:46 - 00000000 _____ () C:\Users\chalu_000\agent.log
2014-07-12 17:37 - 2014-07-12 17:37 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel Corporation
2014-07-12 17:36 - 2014-07-12 17:36 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Synaptics
2014-07-12 17:35 - 2014-07-12 17:35 - 00002374 _____ () C:\Users\chalu_000\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-12 17:31 - 2014-07-12 17:31 - 00001450 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-12 17:31 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\VirtualStore
2014-07-12 17:30 - 2014-07-12 17:30 - 00000020 ___SH () C:\Users\chalu_000\ntuser.ini
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Vorlagen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Startmenü
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Netzwerkumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Lokale Einstellungen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Eigene Dateien
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Druckumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Verlauf
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel
2014-07-12 17:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-07-12 17:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-07-12 17:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-07-12 17:21 - 2014-04-16 17:14 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-07-12 17:19 - 2014-07-12 17:19 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215.exe
2014-07-12 17:19 - 2014-06-11 16:33 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-12 17:17 - 2014-04-16 19:20 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\ClassicShell
2014-07-12 16:41 - 2014-04-16 18:28 - 00000000 __RDO () C:\Users\Bodo\OneDrive
2014-07-12 15:46 - 2014-07-12 15:46 - 03570024 _____ () C:\Users\Bodo\Downloads\EpsonConnect1_2_0.exe
2014-07-12 15:23 - 2013-10-24 17:19 - 00001962 _____ () C:\Users\Public\Desktop\SW Update.lnk
2014-07-12 15:23 - 2012-09-10 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-07-12 14:51 - 2014-07-12 14:50 - 00000000 ____D () C:\Users\Bodo\Downloads\hotfix
2014-07-12 14:48 - 2014-07-12 14:48 - 00319792 _____ () C:\Users\Bodo\Downloads\456121_intl_x64_zip.exe
2014-07-12 13:17 - 2013-10-21 22:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-12 13:14 - 2013-10-25 06:54 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-12 13:12 - 2014-07-12 13:12 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-11 20:14 - 2014-07-12 17:30 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 20:14 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-11 17:29 - 2014-07-11 17:29 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-10 06:16 - 2014-07-23 22:10 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-10 06:03 - 2014-07-23 22:10 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-10 05:33 - 2014-07-23 22:10 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-07 19:48 - 2014-05-01 19:54 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 19:34 - 2014-02-19 00:10 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\vlc
2014-07-07 19:25 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2014-07-01 00:45 - 2014-07-12 12:55 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-29 17:40 - 2014-06-29 17:40 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Zattoo
2014-06-28 09:48 - 2014-07-12 12:55 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 09:07 - 2014-07-12 12:55 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-27 16:41 - 2013-10-19 21:15 - 00249554 _____ () C:\WINDOWS\hpoins35.dat
2014-06-27 16:36 - 2012-07-26 07:26 - 00000127 _____ () C:\WINDOWS\win.ini
2014-06-27 16:26 - 2013-12-22 19:38 - 315085552 _____ () C:\Users\Bodo\Downloads\PS_AIO_05_C309a_Net_Full_Win_WW_140_408(1).exe
2014-06-27 16:13 - 2014-06-27 16:13 - 01063312 _____ () C:\Users\Bodo\Downloads\HP-Photosmart-Premium-Fax-C309a-Treiber-lnstall.exe
2014-06-26 22:55 - 2014-07-12 07:28 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2014-07-12 07:28 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\chalu_000\Zattoo - CHIP-Installer.exe
C:\Users\chalu_000\Zattoo-5.0.1.exe
C:\Users\EasySurvey\EasySurvey.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- --- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2014 Ran by chalu_000 at 2014-07-26 10:53:04 Running from C:\Users\chalu_000\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adblock IE 2.3 (HKLM\...\{58161756-037B-42CD-B575-AF804A2F0F47}) (Version: 2.3.1756 - MGTEK) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Amazon 1Button App (x32 Version: 1.0.6 - Amazon) Hidden ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Audials (HKLM-x32\...\{DA6EBFC9-8869-4B61-8D38-2668A395C5B0}) (Version: 11.0.54400.0 - Audials AG) Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Classic Shell (HKLM\...\{023F92C9-AB10-4C54-BF09-C550AEC37917}) (Version: 4.0.6 - IvoSoft) Elevated Installer (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version: - SEIKO EPSON Corporation) Epson-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) Garmin Express (HKLM-x32\...\{aece03a3-686f-4b3c-9931-9dafb71829b7}) (Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.) Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden IntelliMemory (HKLM\...\{E93403C5-8A91-4940-89DB-EED69DA6E82E}) (Version: 1.0.30.0 - Condusiv Technologies) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit) iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - ) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden NVIDIA Grafiktreiber 327.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.68 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA Systemsteuerung 327.68 (Version: 327.68 - NVIDIA Corporation) Hidden NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.) Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.10 - Samsung Electronics CO., LTD.) S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.) Schoener Fernsehen 0.0.0.1 (HKLM-x32\...\Schoener Fernsehen) (Version: 0.0.0.1 - © schoener-fernsehen.com) Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION) Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.) Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated) Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Zattoo Live TV (HKCU\...\6d7aa3e3bf931c56) (Version: 1.0.0.44 - Zattoo Europa AG) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ? Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job => ? Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job => ? Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ? Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ? Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002Core.job => ? Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002UA.job => ? Task: C:\WINDOWS\Tasks\GS.Enabler-S-926685765.job => ? <==== ATTENTION Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => ? Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => ? Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => ? ==================== Loaded Modules (whitelisted) ============= 2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-11-15 02:48 - 2013-11-15 02:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:AD022376 AlternateDataStreams: C:\Users\chalu_000\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: AudialsNotifier => C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R MSCONFIG\startupreg: Google Update => "C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: ManyCam => "C:/Program Files (x86)/ManyCam/ManyCam.exe" --silent MSCONFIG\startupreg: OMESupervisor => C:\Users\Bodo\AppData\Local\omesuperv.exe MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk" HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "CLVirtualDrive" HKLM\...\StartupApproved\Run32: => "KiesTrayAgent" HKLM\...\StartupApproved\Run32: => "BingDesktop" HKLM\...\StartupApproved\Run32: => "iTunesHelper" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/26/2014 07:35:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13112750 Error: (07/26/2014 07:35:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 13112750 Error: (07/26/2014 07:35:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/26/2014 03:57:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13079 Error: (07/26/2014 03:57:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 13079 Error: (07/26/2014 03:57:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/26/2014 03:57:16 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11735 Error: (07/26/2014 03:57:16 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11735 Error: (07/26/2014 03:57:16 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/26/2014 03:57:15 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10532 System errors: ============= Error: (07/25/2014 06:09:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/24/2014 06:24:14 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (07/24/2014 06:24:14 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (07/24/2014 06:15:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/23/2014 10:33:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/23/2014 06:56:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/23/2014 06:55:29 PM) (Source: DCOM) (EventID: 10010) (User: BodoLa) Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793} Error: (07/23/2014 06:55:29 PM) (Source: DCOM) (EventID: 10010) (User: BodoLa) Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 8079.37 MB Available physical RAM: 3968.59 MB Total Pagefile: 16271.38 MB Available Pagefile: 12406.04 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:904.12 GB) (Free:829.57 GB) NTFS Drive d: (LW D Daten) (Fixed) (Total:931.51 GB) (Free:829.99 GB) NTFS Drive f: (INTENSO) (Fixed) (Total:465.64 GB) (Free:439.92 GB) FAT32 Drive g: (BODO 1GHZ) (Removable) (Total:0.97 GB) (Free:0.52 GB) FAT ==================== MBR & Partition Table ================== ==================== End Of Log ============================

Alt 26.07.2014, 10:24   #10
Otto II
 
Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



Hallo Schrauber,
die log -datei war für den Versand zu lang. Ich werde die log-Datei separat versenden.

Code:
ATTFilter
Farbar Service Scanner Version: 21-07-2014
Ran by Administrator (administrator) on 26-07-2014 at 11:06:28
Running from "C:\Users\chalu_000\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.85  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
Windows Defender              
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 	14.0.0.145  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (31.0) 
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-07-2014
Ran by chalu_000 (ATTENTION: The logged in user is not administrator) on BODOLA on 26-07-2014 10:51:54
Running from C:\Users\chalu_000\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILGE.EXE
(Alexander Miehlke Softwareentwicklung) C:\Program Files (x86)\TraXEx\TraXEx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-05] (IvoSoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-07-01] (Garmin Ltd or its subsidiaries)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" 
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2358064 2014-04-29] (Samsung Electronics CO., LTD.)
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILGE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\MountPoints2: {82282e80-f638-11e3-becf-c48508d5caf9} - "F:\AutoRun.exe" 
HKU\S-1-5-21-885508780-3488564519-4253053766-1011\...\MountPoints2: {e6a1c99b-fa17-11e3-becf-c48508d5caf9} - "F:\AutoRun.exe" 
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-11-11] (NVIDIA Corporation)
AppInit_DLLs: , C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [157504 2014-02-22] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\\AmazonExtIE.dll [141120 2014-02-22] (Amazon Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 4.0.lnk
ShortcutTarget: TraXEx 4.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 6.0.lnk
ShortcutTarget: TraXEx 6.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
URLSearchHook: HKLM-x32 - (No Name) - {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} - No File
SearchScopes: HKLM - {4F372D31-F1E2-3862-3002-058E235F0208} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0DyD0C0A0FyCtD0AtByEtN0D0Tzu0CyCyDzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2Z2Y1N2Y1H1B1Q&cr=1025090899&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO-x32: No Name -> {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} ->  No File
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default\Extensions\toolbar@web.de [2014-07-13]
FF Extension: DownloadHelper - C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-07-13]
FF Extension: Adblock Plus - C:\Users\chalu_000\AppData\Roaming\Mozilla\Firefox\Profiles\meqldi59.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-13]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-10-19]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-10-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-19] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [372224 2014-07-13] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [437080 2014-07-01] (Garmin Ltd or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55120 2012-11-01] (Condusiv Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-07-20] (IObit)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-13] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-07-13] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
S2 Util webporpoise; "C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [28496 2012-11-01] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104272 2012-11-01] (Condusiv Technologies)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-12-19] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-19] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [52128 2013-11-27] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3346912 2013-10-31] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R1 RrNetCapFilterDriver; C:\Windows\system32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-14] (Audials AG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-09-24] (Windows (R) 2003 DDK 3790 provider)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R1 {572f484b-455f-44b0-9d6a-da3ad2071365}Gw64; C:\Windows\System32\drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}Gw64.sys [61120 2014-06-05] (StdLib)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
S3 SBIOSIO; \??\C:\Users\Bodo\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]
S3 XHCIPort; \SystemRoot\System32\drivers\XHCIPort.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 10:51 - 2014-07-26 10:52 - 00024289 _____ () C:\Users\chalu_000\Desktop\FRST.txt
2014-07-26 00:13 - 2014-07-26 00:13 - 00854390 _____ () C:\Users\chalu_000\Desktop\SecurityCheck.exe
2014-07-25 21:03 - 2014-07-25 21:03 - 02347384 _____ (ESET) C:\Users\chalu_000\Desktop\esetsmartinstaller_deu.exe
2014-07-25 20:53 - 2014-07-25 20:53 - 00000797 _____ () C:\WINDOWS\setupact.log
2014-07-25 20:53 - 2014-07-25 20:53 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-25 20:44 - 2014-07-26 00:30 - 00003237 _____ () C:\Users\chalu_000\Desktop\FSS.txt
2014-07-25 20:42 - 2014-07-25 20:42 - 00415232 _____ (Farbar) C:\Users\chalu_000\Desktop\FSS.exe
2014-07-25 20:26 - 2014-07-25 20:26 - 00000000 ___SH () C:\DkHyperbootSync
2014-07-24 18:49 - 2014-07-24 18:50 - 05562147 _____ (Swearware) C:\Users\chalu_000\Desktop\ComboFix.exe
2014-07-24 06:16 - 2014-07-24 06:16 - 00001904 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-24 06:16 - 2014-07-24 06:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-23 22:10 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-23 22:10 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-23 22:10 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-23 19:02 - 2014-07-23 19:01 - 00000622 _____ () C:\Users\chalu_000\Desktop\JRT.txt
2014-07-23 19:01 - 2014-07-23 19:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ClassicShell
2014-07-23 18:58 - 2014-07-23 18:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-07-23 18:57 - 2014-07-23 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Synaptics
2014-07-23 18:57 - 2014-07-23 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
2014-07-23 18:56 - 2014-07-23 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel
2014-07-23 18:10 - 2014-07-23 18:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-07-23 18:05 - 2014-07-23 18:05 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-23 18:04 - 2014-07-23 18:04 - 01016261 _____ (Thisisu) C:\Users\chalu_000\Desktop\JRT.exe
2014-07-23 17:41 - 2014-07-23 17:41 - 00002601 _____ () C:\Users\chalu_000\Desktop\AdwCleaner[S13].txt
2014-07-23 17:38 - 2014-07-23 18:10 - 00000000 ____D () C:\Users\Administrator
2014-07-23 17:38 - 2014-07-23 17:38 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-07-23 17:38 - 2014-06-12 08:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Garmin
2014-07-22 18:37 - 2014-07-22 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 19:46 - 2014-07-26 10:46 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-20 19:46 - 2014-07-26 10:46 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-20 19:46 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BLGE.DLL
2014-07-20 19:46 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2014-07-20 19:34 - 2013-09-12 05:22 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMBLGE.DLL
2014-07-20 17:52 - 2014-07-26 10:51 - 00000000 ____D () C:\FRST
2014-07-20 17:48 - 2014-07-26 00:15 - 02093568 _____ (Farbar) C:\Users\chalu_000\Desktop\FRST64.exe
2014-07-20 17:29 - 2014-07-20 17:29 - 01354223 _____ () C:\Users\chalu_000\Desktop\adwcleaner_3.216.exe
2014-07-20 17:28 - 2014-07-20 17:28 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\IObit
2014-07-20 16:52 - 2014-07-20 16:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ProductData
2014-07-20 16:51 - 2014-07-20 16:53 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-20 16:51 - 2014-07-20 16:52 - 00000000 ____D () C:\ProgramData\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00001244 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-07-20 16:51 - 2014-07-20 16:51 - 00000290 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-20 16:37 - 2014-07-20 16:37 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\chalu_000\Desktop\WiNIOgOn64.exe
2014-07-20 14:07 - 2014-07-20 18:38 - 981652488 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-20 14:01 - 2014-07-20 14:01 - 00000000 ____D () C:\Program Files\EpsonNet
2014-07-20 14:01 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppui.dll
2014-07-20 14:01 - 2012-11-12 20:41 - 00535552 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppui.dll
2014-07-20 14:01 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppmon.dll
2014-07-20 14:01 - 2012-11-12 15:15 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppmon.dll
2014-07-20 14:01 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enspres.dll
2014-07-20 14:01 - 2012-10-22 17:19 - 00219648 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enpres.dll
2014-07-20 14:00 - 2014-07-20 19:46 - 00000946 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-20 14:00 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2014-07-20 14:00 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2014-07-20 13:52 - 2014-07-20 13:52 - 06486416 _____ (SEIKO EPSON CORPORATION) C:\Users\chalu_000\Desktop\epson377970eu.EXE
2014-07-20 13:06 - 2014-07-20 13:06 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-20 13:06 - 2014-07-20 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 13:05 - 2014-07-20 13:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 13:05 - 2014-07-20 13:06 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 13:05 - 2014-07-20 13:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-20 13:05 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 13:04 - 2014-07-20 13:04 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-07-20 13:03 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2014-07-20 13:01 - 2014-07-20 13:01 - 27843432 _____ (pdfforge ) C:\Users\Bodo\Downloads\PDFCreator-1_7_3_setup.exe
2014-07-20 13:00 - 2014-07-25 18:36 - 00791117 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-20 13:00 - 2014-07-20 13:00 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apple
2014-07-20 12:53 - 2014-07-23 17:44 - 00008742 _____ () C:\WINDOWS\PFRO.log
2014-07-20 12:53 - 2014-07-20 12:53 - 00377240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-20 12:26 - 2014-07-20 12:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\PDF24
2014-07-14 19:54 - 2014-07-14 19:54 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\HpUpdate
2014-07-13 14:01 - 2014-07-13 14:05 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Deployment
2014-07-13 14:01 - 2014-07-13 14:01 - 00000346 _____ () C:\Users\chalu_000\Desktop\Zattoo Live TV.appref-ms
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Zattoo
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apps\2.0
2014-07-13 13:48 - 2014-07-13 13:48 - 00488160 _____ () C:\Users\chalu_000\Zattoo-5.0.1.exe
2014-07-13 13:39 - 2014-07-13 13:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\chalu_000\Zattoo - CHIP-Installer.exe
2014-07-13 13:31 - 2014-07-13 13:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\DivX
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ManyCam
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\ManyCam
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\system32\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\inetpub
2014-07-12 20:11 - 2014-07-12 20:11 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Samsung
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\vlc
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\RapidSolution
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\CrashRpt
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Macromedia
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Macromedia
2014-07-12 18:24 - 2014-07-12 18:25 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\MGTEK
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieUserList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieSiteList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Adobe
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Epson
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 _____ () C:\Users\chalu_000\Sti_Trace.log
2014-07-12 18:15 - 2014-07-12 18:15 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215(1).exe
2014-07-12 18:13 - 2014-07-12 18:13 - 00000000 ____D () C:\ProgramData\UDL
2014-07-12 18:07 - 2014-07-12 18:07 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-12 17:52 - 2014-07-12 17:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Intel_Corporation
2014-07-12 17:46 - 2014-07-25 17:37 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ClassicShell
2014-07-12 17:46 - 2014-07-12 17:46 - 00000000 _____ () C:\Users\chalu_000\agent.log
2014-07-12 17:43 - 2014-07-25 18:16 - 00000000 ____D () C:\Users\chalu_000\OneDrive
2014-07-12 17:37 - 2014-07-12 17:37 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel Corporation
2014-07-12 17:36 - 2014-07-12 17:36 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Synaptics
2014-07-12 17:35 - 2014-07-12 17:35 - 00002374 _____ () C:\Users\chalu_000\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-12 17:31 - 2014-07-13 18:05 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Packages
2014-07-12 17:31 - 2014-07-12 18:20 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Adobe
2014-07-12 17:31 - 2014-07-12 17:31 - 00001450 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-12 17:31 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\VirtualStore
2014-07-12 17:30 - 2014-07-20 19:16 - 00000000 ____D () C:\Users\chalu_000
2014-07-12 17:30 - 2014-07-12 17:30 - 00000020 ___SH () C:\Users\chalu_000\ntuser.ini
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Vorlagen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Startmenü
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Netzwerkumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Lokale Einstellungen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Eigene Dateien
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Druckumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Verlauf
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel
2014-07-12 17:30 - 2014-07-11 20:14 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 17:30 - 2014-06-12 08:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Garmin
2014-07-12 17:30 - 2014-05-15 23:50 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-12 17:30 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-12 17:30 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-12 17:30 - 2013-11-28 22:23 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Microsoft Help
2014-07-12 17:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-12 17:30 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-12 17:22 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-12 17:22 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-12 17:22 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-12 17:22 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-12 17:22 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-12 17:22 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-12 17:22 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-12 17:22 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-12 17:22 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-12 17:22 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-07-12 17:22 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-12 17:22 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-12 17:22 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-12 17:22 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-12 17:22 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-12 17:22 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-12 17:22 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-12 17:22 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-12 17:22 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-12 17:22 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-12 17:22 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-07-12 17:22 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-07-12 17:22 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-07-12 17:22 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-07-12 17:22 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-07-12 17:22 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-07-12 17:22 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-07-12 17:22 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-07-12 17:22 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-07-12 17:22 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-07-12 17:22 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-07-12 17:22 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-07-12 17:22 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-07-12 17:22 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-07-12 17:22 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-07-12 17:22 - 2014-05-03 05:30 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-07-12 17:22 - 2014-05-03 05:27 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-07-12 17:22 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-07-12 17:22 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-07-12 17:22 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-07-12 17:22 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-07-12 17:22 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-07-12 17:22 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-07-12 17:22 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-07-12 17:22 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-07-12 17:22 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-07-12 17:22 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-07-12 17:22 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-07-12 17:22 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-07-12 17:22 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-07-12 17:22 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-07-12 17:22 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-07-12 17:22 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-07-12 17:22 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-07-12 17:22 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-07-12 17:22 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-07-12 17:22 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-07-12 17:22 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-07-12 17:22 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-07-12 17:22 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-07-12 17:22 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-07-12 17:22 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-07-12 17:22 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-07-12 17:22 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-07-12 17:22 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-07-12 17:19 - 2014-07-12 17:19 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215.exe
2014-07-12 15:46 - 2014-07-12 15:46 - 03570024 _____ () C:\Users\Bodo\Downloads\EpsonConnect1_2_0.exe
2014-07-12 14:50 - 2014-07-12 14:51 - 00000000 ____D () C:\Users\Bodo\Downloads\hotfix
2014-07-12 14:49 - 2012-11-30 10:09 - 00194952 _____ () C:\Users\Bodo\Downloads\Windows8-RT-KB2789962-x64.msu
2014-07-12 14:48 - 2014-07-12 14:48 - 00319792 _____ () C:\Users\Bodo\Downloads\456121_intl_x64_zip.exe
2014-07-12 14:15 - 2014-07-20 18:38 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-12 13:57 - 2014-07-20 19:47 - 00001278 _____ () C:\Users\Public\Desktop\Epson-Handbücher.lnk
2014-07-12 13:57 - 2014-07-20 19:47 - 00000123 _____ () C:\Users\Public\Desktop\Epson Connect Site.url
2014-07-12 13:57 - 2014-07-20 14:07 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-07-12 13:57 - 2014-07-20 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-12 13:57 - 2014-07-20 14:00 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-12 13:57 - 2014-07-20 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-07-12 13:54 - 2014-07-20 13:44 - 00000000 ____D () C:\ProgramData\Epson
2014-07-12 13:14 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-12 13:12 - 2014-07-12 13:12 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 12:55 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-12 12:55 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-12 12:55 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-12 07:28 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-12 07:28 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-11 20:00 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-11 20:00 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-11 20:00 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-11 20:00 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-11 20:00 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-11 20:00 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-11 20:00 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-11 20:00 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-11 20:00 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-11 20:00 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-11 20:00 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-11 20:00 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-11 20:00 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-11 20:00 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-11 20:00 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-11 20:00 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-11 20:00 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-11 20:00 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-11 20:00 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-11 20:00 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-11 20:00 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-11 20:00 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-11 20:00 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-11 20:00 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-11 20:00 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-11 20:00 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-11 20:00 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-11 20:00 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-11 20:00 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-11 20:00 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-11 20:00 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-11 20:00 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-11 20:00 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-11 20:00 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-11 20:00 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-11 20:00 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-11 20:00 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-11 19:58 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-11 19:58 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-11 19:58 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-11 19:58 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-11 19:58 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-11 19:58 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-11 19:58 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 19:58 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-11 19:58 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-11 19:58 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 19:58 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-11 19:58 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-11 19:58 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-11 19:58 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-11 19:58 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-11 19:58 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-11 19:58 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-11 17:29 - 2014-07-11 17:29 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-29 17:40 - 2014-06-29 17:40 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Zattoo
2014-06-27 16:13 - 2014-06-27 16:13 - 01063312 _____ () C:\Users\Bodo\Downloads\HP-Photosmart-Premium-Fax-C309a-Treiber-lnstall.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 10:52 - 2014-07-26 10:51 - 00024289 _____ () C:\Users\chalu_000\Desktop\FRST.txt
2014-07-26 10:51 - 2014-07-20 17:52 - 00000000 ____D () C:\FRST
2014-07-26 10:46 - 2014-07-20 19:46 - 00000933 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-26 10:46 - 2014-07-20 19:46 - 00000747 _____ () C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job
2014-07-26 10:37 - 2013-10-19 16:44 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-26 10:37 - 2012-09-10 10:37 - 00000360 _____ () C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2014-07-26 10:18 - 2013-10-24 19:40 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002UA.job
2014-07-26 10:04 - 2013-10-19 20:31 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-26 10:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-26 09:56 - 2013-10-19 17:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-26 00:30 - 2014-07-25 20:44 - 00003237 _____ () C:\Users\chalu_000\Desktop\FSS.txt
2014-07-26 00:15 - 2014-07-20 17:48 - 02093568 _____ (Farbar) C:\Users\chalu_000\Desktop\FRST64.exe
2014-07-26 00:13 - 2014-07-26 00:13 - 00854390 _____ () C:\Users\chalu_000\Desktop\SecurityCheck.exe
2014-07-25 21:03 - 2014-07-25 21:03 - 02347384 _____ (ESET) C:\Users\chalu_000\Desktop\esetsmartinstaller_deu.exe
2014-07-25 21:01 - 2013-09-30 06:14 - 01860582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-25 21:01 - 2013-09-30 05:56 - 00801220 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-25 21:01 - 2013-09-30 05:56 - 00168920 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-25 20:53 - 2014-07-25 20:53 - 00000797 _____ () C:\WINDOWS\setupact.log
2014-07-25 20:53 - 2014-07-25 20:53 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-25 20:42 - 2014-07-25 20:42 - 00415232 _____ (Farbar) C:\Users\chalu_000\Desktop\FSS.exe
2014-07-25 20:26 - 2014-07-25 20:26 - 00000000 ___SH () C:\DkHyperbootSync
2014-07-25 19:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-25 19:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-07-25 18:36 - 2014-07-20 13:00 - 00791117 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-25 18:18 - 2013-10-24 19:40 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002Core.job
2014-07-25 18:16 - 2014-07-12 17:43 - 00000000 ____D () C:\Users\chalu_000\OneDrive
2014-07-25 18:16 - 2013-10-19 20:31 - 00001116 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-25 18:15 - 2014-01-12 14:44 - 00000472 ____H () C:\WINDOWS\Tasks\GS.Enabler-S-926685765.job
2014-07-25 17:37 - 2014-07-12 17:46 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ClassicShell
2014-07-25 06:08 - 2014-04-16 18:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 06:08 - 2014-04-16 18:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 06:08 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-24 20:53 - 2014-04-16 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 20:53 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-24 18:50 - 2014-07-24 18:49 - 05562147 _____ (Swearware) C:\Users\chalu_000\Desktop\ComboFix.exe
2014-07-24 18:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-24 06:16 - 2014-07-24 06:16 - 00001904 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-24 06:16 - 2014-07-24 06:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-24 06:16 - 2014-02-22 20:32 - 00000000 ____D () C:\ProgramData\Garmin
2014-07-24 06:16 - 2014-02-22 20:32 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-07-24 06:16 - 2013-10-19 14:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-23 19:01 - 2014-07-23 19:02 - 00000622 _____ () C:\Users\chalu_000\Desktop\JRT.txt
2014-07-23 19:01 - 2014-07-23 19:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ClassicShell
2014-07-23 19:00 - 2012-09-10 10:44 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-23 18:58 - 2014-07-23 18:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-07-23 18:57 - 2014-07-23 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Synaptics
2014-07-23 18:57 - 2014-07-23 18:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
2014-07-23 18:56 - 2014-07-23 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel
2014-07-23 18:10 - 2014-07-23 18:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-07-23 18:10 - 2014-07-23 17:38 - 00000000 ____D () C:\Users\Administrator
2014-07-23 18:05 - 2014-07-23 18:05 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-23 18:04 - 2014-07-23 18:04 - 01016261 _____ (Thisisu) C:\Users\chalu_000\Desktop\JRT.exe
2014-07-23 18:01 - 2013-10-24 20:52 - 00000000 ____D () C:\AdwCleaner
2014-07-23 17:44 - 2014-07-20 12:53 - 00008742 _____ () C:\WINDOWS\PFRO.log
2014-07-23 17:41 - 2014-07-23 17:41 - 00002601 _____ () C:\Users\chalu_000\Desktop\AdwCleaner[S13].txt
2014-07-23 17:38 - 2014-07-23 17:38 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-07-23 17:38 - 2014-07-23 17:38 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-07-23 06:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-22 22:43 - 2013-10-19 15:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-22 18:37 - 2014-07-22 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 19:47 - 2014-07-12 13:57 - 00001278 _____ () C:\Users\Public\Desktop\Epson-Handbücher.lnk
2014-07-20 19:47 - 2014-07-12 13:57 - 00000123 _____ () C:\Users\Public\Desktop\Epson Connect Site.url
2014-07-20 19:46 - 2014-07-20 14:00 - 00000946 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-20 19:29 - 2013-11-28 22:18 - 00000000 ____D () C:\Users\Bodo
2014-07-20 19:16 - 2014-07-12 17:30 - 00000000 ____D () C:\Users\chalu_000
2014-07-20 18:38 - 2014-07-20 14:07 - 981652488 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-20 18:38 - 2014-07-12 14:15 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-20 17:29 - 2014-07-20 17:29 - 01354223 _____ () C:\Users\chalu_000\Desktop\adwcleaner_3.216.exe
2014-07-20 17:28 - 2014-07-20 17:28 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\IObit
2014-07-20 16:53 - 2014-07-20 16:51 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-20 16:52 - 2014-07-20 16:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ProductData
2014-07-20 16:52 - 2014-07-20 16:51 - 00000000 ____D () C:\ProgramData\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00001244 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-07-20 16:51 - 2014-07-20 16:51 - 00000290 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\IObit
2014-07-20 16:51 - 2014-07-20 16:51 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-20 16:37 - 2014-07-20 16:37 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\chalu_000\Desktop\WiNIOgOn64.exe
2014-07-20 14:07 - 2014-07-12 13:57 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-07-20 14:01 - 2014-07-20 14:01 - 00000000 ____D () C:\Program Files\EpsonNet
2014-07-20 14:01 - 2012-09-10 10:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-20 14:00 - 2014-07-12 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-20 14:00 - 2014-07-12 13:57 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-20 13:52 - 2014-07-20 13:52 - 06486416 _____ (SEIKO EPSON CORPORATION) C:\Users\chalu_000\Desktop\epson377970eu.EXE
2014-07-20 13:44 - 2014-07-12 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-07-20 13:44 - 2014-07-12 13:54 - 00000000 ____D () C:\ProgramData\Epson
2014-07-20 13:06 - 2014-07-20 13:06 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-20 13:06 - 2014-07-20 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 13:06 - 2014-07-20 13:05 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 13:06 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 13:06 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-20 13:05 - 2014-07-20 13:05 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 13:04 - 2014-07-20 13:04 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-07-20 13:04 - 2014-03-23 18:13 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-07-20 13:03 - 2014-03-23 18:13 - 00001043 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-07-20 13:03 - 2014-03-23 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-07-20 13:01 - 2014-07-20 13:01 - 27843432 _____ (pdfforge ) C:\Users\Bodo\Downloads\PDFCreator-1_7_3_setup.exe
2014-07-20 13:00 - 2014-07-20 13:00 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apple
2014-07-20 12:53 - 2014-07-20 12:53 - 00377240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-20 12:26 - 2014-07-20 12:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\PDF24
2014-07-14 19:54 - 2014-07-14 19:54 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\HpUpdate
2014-07-13 18:05 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Packages
2014-07-13 14:05 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Deployment
2014-07-13 14:01 - 2014-07-13 14:01 - 00000346 _____ () C:\Users\chalu_000\Desktop\Zattoo Live TV.appref-ms
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Zattoo
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo Europa AG
2014-07-13 14:01 - 2014-07-13 14:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Apps\2.0
2014-07-13 13:48 - 2014-07-13 13:48 - 00488160 _____ () C:\Users\chalu_000\Zattoo-5.0.1.exe
2014-07-13 13:39 - 2014-07-13 13:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\chalu_000\Zattoo - CHIP-Installer.exe
2014-07-13 13:31 - 2014-07-13 13:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\DivX
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\ManyCam
2014-07-13 13:26 - 2014-07-13 13:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\ManyCam
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\WINDOWS\system32\BestPractices
2014-07-13 08:06 - 2014-07-13 08:06 - 00000000 ____D () C:\inetpub
2014-07-13 08:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv
2014-07-13 08:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-07-13 08:05 - 2014-06-11 16:31 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2014-07-13 08:05 - 2014-06-11 16:31 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2014-07-13 08:05 - 2014-06-11 16:31 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2014-07-13 08:05 - 2014-06-11 16:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2014-07-12 20:20 - 2013-10-19 21:15 - 00015757 _____ () C:\ProgramData\hpzinstall.log
2014-07-12 20:19 - 2013-10-19 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-12 20:18 - 2013-10-19 21:16 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-12 20:18 - 2013-10-19 21:15 - 00000000 ____D () C:\ProgramData\HP
2014-07-12 20:11 - 2014-07-12 20:11 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Samsung
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\vlc
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\RapidSolution
2014-07-12 20:01 - 2014-07-12 20:01 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\CrashRpt
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Macromedia
2014-07-12 18:26 - 2014-07-12 18:26 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Macromedia
2014-07-12 18:25 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Mozilla
2014-07-12 18:24 - 2014-07-12 18:24 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\MGTEK
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieUserList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 __SHD () C:\Users\chalu_000\AppData\Local\EmieSiteList
2014-07-12 18:20 - 2014-07-12 18:20 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Adobe
2014-07-12 18:20 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Adobe
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Epson
2014-07-12 18:19 - 2014-07-12 18:19 - 00000000 _____ () C:\Users\chalu_000\Sti_Trace.log
2014-07-12 18:15 - 2014-07-12 18:15 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215(1).exe
2014-07-12 18:13 - 2014-07-12 18:13 - 00000000 ____D () C:\ProgramData\UDL
2014-07-12 18:07 - 2014-07-12 18:07 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-12 17:52 - 2014-07-12 17:52 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\Intel_Corporation
2014-07-12 17:46 - 2014-07-12 17:46 - 00000000 _____ () C:\Users\chalu_000\agent.log
2014-07-12 17:37 - 2014-07-12 17:37 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel Corporation
2014-07-12 17:36 - 2014-07-12 17:36 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Synaptics
2014-07-12 17:35 - 2014-07-12 17:35 - 00002374 _____ () C:\Users\chalu_000\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-12 17:31 - 2014-07-12 17:31 - 00001450 _____ () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-12 17:31 - 2014-07-12 17:31 - 00000000 ____D () C:\Users\chalu_000\AppData\Local\VirtualStore
2014-07-12 17:30 - 2014-07-12 17:30 - 00000020 ___SH () C:\Users\chalu_000\ntuser.ini
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Vorlagen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Startmenü
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Netzwerkumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Lokale Einstellungen
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Eigene Dateien
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Druckumgebung
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Verlauf
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\AppData\Local\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 _SHDL () C:\Users\chalu_000\Anwendungsdaten
2014-07-12 17:30 - 2014-07-12 17:30 - 00000000 ____D () C:\Users\chalu_000\AppData\Roaming\Intel
2014-07-12 17:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-07-12 17:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-07-12 17:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-07-12 17:21 - 2014-04-16 17:14 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-07-12 17:19 - 2014-07-12 17:19 - 01348263 _____ () C:\Users\Bodo\Downloads\adwcleaner_3.215.exe
2014-07-12 17:19 - 2014-06-11 16:33 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-12 17:17 - 2014-04-16 19:20 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\ClassicShell
2014-07-12 16:41 - 2014-04-16 18:28 - 00000000 __RDO () C:\Users\Bodo\OneDrive
2014-07-12 15:46 - 2014-07-12 15:46 - 03570024 _____ () C:\Users\Bodo\Downloads\EpsonConnect1_2_0.exe
2014-07-12 15:23 - 2013-10-24 17:19 - 00001962 _____ () C:\Users\Public\Desktop\SW Update.lnk
2014-07-12 15:23 - 2012-09-10 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-07-12 14:51 - 2014-07-12 14:50 - 00000000 ____D () C:\Users\Bodo\Downloads\hotfix
2014-07-12 14:48 - 2014-07-12 14:48 - 00319792 _____ () C:\Users\Bodo\Downloads\456121_intl_x64_zip.exe
2014-07-12 13:17 - 2013-10-21 22:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-12 13:14 - 2013-10-25 06:54 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-12 13:12 - 2014-07-12 13:12 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-11 20:14 - 2014-07-12 17:30 - 00000000 ___RD () C:\Users\chalu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 20:14 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 20:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-11 17:29 - 2014-07-11 17:29 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-10 06:16 - 2014-07-23 22:10 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-10 06:03 - 2014-07-23 22:10 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-10 05:33 - 2014-07-23 22:10 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-07 19:48 - 2014-05-01 19:54 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 19:34 - 2014-02-19 00:10 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\vlc
2014-07-07 19:25 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2014-07-01 00:45 - 2014-07-12 12:55 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-29 17:40 - 2014-06-29 17:40 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Zattoo
2014-06-28 09:48 - 2014-07-12 12:55 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 09:07 - 2014-07-12 12:55 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-27 16:41 - 2013-10-19 21:15 - 00249554 _____ () C:\WINDOWS\hpoins35.dat
2014-06-27 16:36 - 2012-07-26 07:26 - 00000127 _____ () C:\WINDOWS\win.ini
2014-06-27 16:26 - 2013-12-22 19:38 - 315085552 _____ () C:\Users\Bodo\Downloads\PS_AIO_05_C309a_Net_Full_Win_WW_140_408(1).exe
2014-06-27 16:13 - 2014-06-27 16:13 - 01063312 _____ () C:\Users\Bodo\Downloads\HP-Photosmart-Premium-Fax-C309a-Treiber-lnstall.exe
2014-06-26 22:55 - 2014-07-12 07:28 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2014-07-12 07:28 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\chalu_000\Zattoo - CHIP-Installer.exe
C:\Users\chalu_000\Zattoo-5.0.1.exe
C:\Users\EasySurvey\EasySurvey.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- --- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2014 Ran by chalu_000 at 2014-07-26 10:53:04 Running from C:\Users\chalu_000\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adblock IE 2.3 (HKLM\...\{58161756-037B-42CD-B575-AF804A2F0F47}) (Version: 2.3.1756 - MGTEK) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Amazon 1Button App (x32 Version: 1.0.6 - Amazon) Hidden ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Audials (HKLM-x32\...\{DA6EBFC9-8869-4B61-8D38-2668A395C5B0}) (Version: 11.0.54400.0 - Audials AG) Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Classic Shell (HKLM\...\{023F92C9-AB10-4C54-BF09-C550AEC37917}) (Version: 4.0.6 - IvoSoft) Elevated Installer (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version: - SEIKO EPSON Corporation) Epson-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) Garmin Express (HKLM-x32\...\{aece03a3-686f-4b3c-9931-9dafb71829b7}) (Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.) Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden IntelliMemory (HKLM\...\{E93403C5-8A91-4940-89DB-EED69DA6E82E}) (Version: 1.0.30.0 - Condusiv Technologies) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit) iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - ) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden NVIDIA Grafiktreiber 327.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.68 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA Systemsteuerung 327.68 (Version: 327.68 - NVIDIA Corporation) Hidden NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.) Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.10 - Samsung Electronics CO., LTD.) S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.) Schoener Fernsehen 0.0.0.1 (HKLM-x32\...\Schoener Fernsehen) (Version: 0.0.0.1 - © schoener-fernsehen.com) Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION) Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.) Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated) Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Zattoo Live TV (HKCU\...\6d7aa3e3bf931c56) (Version: 1.0.0.44 - Zattoo Europa AG) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ? Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job => ? Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job => ? Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ? Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ? Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002Core.job => ? Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002UA.job => ? Task: C:\WINDOWS\Tasks\GS.Enabler-S-926685765.job => ? <==== ATTENTION Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => ? Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => ? Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => ? ==================== Loaded Modules (whitelisted) ============= 2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-11-15 02:48 - 2013-11-15 02:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:AD022376 AlternateDataStreams: C:\Users\chalu_000\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: AudialsNotifier => C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R MSCONFIG\startupreg: Google Update => "C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: ManyCam => "C:/Program Files (x86)/ManyCam/ManyCam.exe" --silent MSCONFIG\startupreg: OMESupervisor => C:\Users\Bodo\AppData\Local\omesuperv.exe MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk" HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "CLVirtualDrive" HKLM\...\StartupApproved\Run32: => "KiesTrayAgent" HKLM\...\StartupApproved\Run32: => "BingDesktop" HKLM\...\StartupApproved\Run32: => "iTunesHelper" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/26/2014 07:35:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13112750 Error: (07/26/2014 07:35:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 13112750 Error: (07/26/2014 07:35:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/26/2014 03:57:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13079 Error: (07/26/2014 03:57:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 13079 Error: (07/26/2014 03:57:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/26/2014 03:57:16 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11735 Error: (07/26/2014 03:57:16 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11735 Error: (07/26/2014 03:57:16 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/26/2014 03:57:15 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10532 System errors: ============= Error: (07/25/2014 06:09:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/24/2014 06:24:14 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (07/24/2014 06:24:14 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (07/24/2014 06:15:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Garmin Core Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/23/2014 10:33:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/23/2014 06:56:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/23/2014 06:55:29 PM) (Source: DCOM) (EventID: 10010) (User: BodoLa) Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793} Error: (07/23/2014 06:55:29 PM) (Source: DCOM) (EventID: 10010) (User: BodoLa) Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 8079.37 MB Available physical RAM: 3968.59 MB Total Pagefile: 16271.38 MB Available Pagefile: 12406.04 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:904.12 GB) (Free:829.57 GB) NTFS Drive d: (LW D Daten) (Fixed) (Total:931.51 GB) (Free:829.99 GB) NTFS Drive f: (INTENSO) (Fixed) (Total:465.64 GB) (Free:439.92 GB) FAT32 Drive g: (BODO 1GHZ) (Removable) (Total:0.97 GB) (Free:0.52 GB) FAT ==================== MBR & Partition Table ================== ==================== End Of Log ============================

Alt 26.07.2014, 10:25   #11
Otto II
 
Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



Hallo Schrauber
anbei Teil zwei die log-Datei
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3837c7733763044b8e6083a992bf0262
# engine=19355
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-26 07:36:47
# local_time=2014-07-26 09:36:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 6169572 31241500 0 0
# scanned=292643
# found=276
# cleaned=0
# scan_time=32431
sh=BE40C0251D66829CF63FD4341CACA785CAF5CD73 ft=1 fh=afd5085e605741b5 vn="Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\appbarioDE_1\hk64tbappb.dll.vir"
sh=0F7B6B96202643D88E6428C62CA0BADC6D38D140 ft=1 fh=3507b93dfe419462 vn="Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\appbarioDE_1\hktbappb.dll.vir"
sh=547EF42FB35708E8C39FE6D04DBF3DEDD91E73DB ft=1 fh=99fdcb8395eefb1c vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\appbarioDE_1\ldrtbappb.dll.vir"
sh=31819C285AD68587D8DABEC74FD7F447FF439CA5 ft=1 fh=20c4afc2b350ab06 vn="Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\appbarioDE_1\prxtbappb.dll.vir"
sh=6C02BC376864DF0440DE70DED3A65938D6295795 ft=1 fh=965e2f365cb21a83 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\appbarioDE_1\tbappb.dll.vir"
sh=738A06CFA5916F0E65BE9B34269464112F13F64D ft=1 fh=02170ed71572fbfe vn="Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3297265\plugins\TBVerifier.dll.vir"
sh=C0C362DC9304C406094429EFB14D721D2EF048AF ft=1 fh=4f6a0f1869746e8c vn="Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3312329\plugins\TBVerifier.dll.vir"
sh=5F1274BB228892131502528652B6D1A10CBE90F5 ft=0 fh=0000000000000000 vn="Win32/DealPly.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPly.crx.vir"
sh=AC5FF20D276340CF87044B6A9D603BE9B6520460 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPly.xpi.vir"
sh=143416AAC4F6000C3A3235EB4EC955B4D0B6955E ft=1 fh=b68409d87b15670c vn="Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdateVer.exe.vir"
sh=7A52DF513B30DF6005AD32C6C73ABAE1A24E85C1 ft=1 fh=c560ba7721d0f626 vn="Variante von Win32/ELEX.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Desk 365\deskplusdl.exe.vir"
sh=0AE8817153C6AEE1A34D3129768A2113D8EE6E7E ft=1 fh=b792b04101ccd434 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Desk 365\deskSvc.exe.vir"
sh=4C2440593148C5029D110F5A345A64E02C79CB86 ft=1 fh=c9a9ea926dcb51e2 vn="Variante von Win32/ELEX.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Desk 365\WinZipperdl.exe.vir"
sh=ECAAC2B22C5DF388FA3847749C931AEF458384B8 ft=1 fh=2876dfec7d92aded vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DivX_Browser_Bar_DE\hk64tbDivX.dll.vir"
sh=C325F9A28C049D03E23060686A70B398531CDB05 ft=1 fh=742ed93f69aeb6e1 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DivX_Browser_Bar_DE\hktbDivX.dll.vir"
sh=EFB534D515903744B9755391A417051902C16DE2 ft=1 fh=e331f9a91891a78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DivX_Browser_Bar_DE\ldrtbDivX.dll.vir"
sh=1CAAAB0EDE5FDF753F0DFBA5B395A2840CD0A76C ft=1 fh=ed0fde6c6c7e3f9e vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DivX_Browser_Bar_DE\prxtbDivX.dll.vir"
sh=19C0679FA65F480C9A0BC5C43396D2ADEC8BCAF9 ft=1 fh=bca908a16a338e6a vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DivX_Browser_Bar_DE\tbDivX.dll.vir"
sh=BBF909152FBDB37D06C72D6742376D47D4B013F4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\44158.crx.vir"
sh=A736252B5BE454E5D0DD7369AA8EBCBA92BE019D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\44158.xpi.vir"
sh=31C721AA6F816E0F6239F5D0BC96CD670129BE1E ft=1 fh=c71c0011413e1501 vn="Win32/Toolbar.CrossRider.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-buttonutil.dll.vir"
sh=C3E3C376DC98277202D7C7D9EE0FE78327315F91 ft=1 fh=c71c0011011d0150 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-buttonutil64.dll.vir"
sh=39EB2CD807362FF0040243850DFD7D07A76E2B92 ft=1 fh=dd0853a7e653dfda vn="Win32/Toolbar.CrossRider.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-helper.exe.vir"
sh=7F787B8EF7BD3CDBC3C99B6D889D806044602E2F ft=1 fh=9891a2776f98d184 vn="möglicherweise Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil.dll.vir"
sh=882B92FCB66CD8B330DA270B855CE8E48DFD52A1 ft=1 fh=19be6987e35107f3 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-buttonutil64.dll.vir"
sh=6DDB0DFCBA9DECF89A8925A503795B06530E81CC ft=1 fh=29286da3c2008607 vn="Variante von Win32/AdWare.AddLyrics.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe.vir"
sh=1D0446D6A97276430B525B852644F2D97758DBD5 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaltarSmart\chdboodilddefglllfoimeceomkpmkbi.crx.vir"
sh=6DBC1E68E2849A5373465216AD1BCC8928A4CB61 ft=1 fh=7adbaf5a0a569b14 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaltarSmart\SaltarSmartUninstall.exe.vir"
sh=00D969AFD707C6DA836BE55385FF15E1E92B21C3 ft=1 fh=f04c1cb62c8c998f vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaltarSmart\bin\plugins\SaltarSmart.GCUpdate.dll.vir"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\ffprotect\application.js.vir"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\ffprotect\nsprotector.js.vir"
sh=7642981A780B6FC87A9F606A0362A06FFD210323 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-16\44162.crx.vir"
sh=F8140CB76E5867F29014EDF1A1D55776404375A6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-16\44162.xpi.vir"
sh=04197798927D00964F4067C57C207D793134C76D ft=1 fh=3a4703d38f6d53eb vn="Win32/Toolbar.CrossRider.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-bg.exe.vir"
sh=94887EC756C90A1DC30EA2F8AFE1047E87B2AA55 ft=1 fh=df4f98114232a833 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-bho64.dll.vir"
sh=127DC67980E7B5C3409D90C02EB3BB361D4CDDD5 ft=1 fh=c71c0011413e1501 vn="Win32/Toolbar.CrossRider.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-buttonutil.dll.vir"
sh=BD0CC2C47EF094358001E7E6834503D82F50E727 ft=1 fh=3d74ec2944c4b549 vn="Win32/Toolbar.CrossRider.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-buttonutil.exe.vir"
sh=E343893DF68D3F233553CB9F7263B74F0BD1C384 ft=1 fh=c71c0011011d0150 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-buttonutil64.dll.vir"
sh=DBB0A0DA3FC0B3699E4C99DA0BA73AB1740F0E14 ft=1 fh=3d74ec292e46fdca vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-buttonutil64.exe.vir"
sh=A275B9513381C67912C66534D2058D2BEF45C8BC ft=1 fh=6136fe9c1fde959f vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-codedownloader.exe.vir"
sh=DB146732E6FE59D078300F794FB6D837CF7FFCF4 ft=1 fh=660ed7543dad86be vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-enabler.exe.vir"
sh=AAEFB6C51E8CBF67105BE1B9DE1B918B6F519BF9 ft=1 fh=dd0853a7e653dfda vn="Win32/Toolbar.CrossRider.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-helper.exe.vir"
sh=4AFB5143CF990C0F50E6F782F17A7D3A1D7E0131 ft=1 fh=7bf0ce3f2d90683e vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-16\SuperLyrics-16-updater.exe.vir"
sh=63E1A02BBE577FE8D8C9460A9DB8DD5616EDCE68 ft=1 fh=4f9d283d7bc74912 vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe.vir"
sh=D86451022DDD8348105C1D52FBFD2ADB1E2DCC30 ft=1 fh=d3e706a6307522ba vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir"
sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir"
sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=B55D50D764A685BB861DF36AF5EA8F4C5396FEE1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=D2E7147DB4EEF002AB0C2954C8B6E2B74C2A7CC8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=5925EABD04108D9E7E0BF8A0ECBAEC38DE8BFFEC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=83049A36E01F304F22C9A582B5826457E2B8BF0F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=FAD5F9E3F4DA8ED3ACC760906893EC897A53D622 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\92_superfish_m.js.vir"
sh=5CFBC7AED79FF8B602282A33D42FC9102DA53294 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.6_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=4985D8D94E4E77D900706D8B7BA3C4742939D23A ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdboodilddefglllfoimeceomkpmkbi\1.0.0_0\background.js.vir"
sh=0909028DDA29E560E30646786E5261C06EC07212 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdboodilddefglllfoimeceomkpmkbi\1.0.0_0\content.js.vir"
sh=4985D8D94E4E77D900706D8B7BA3C4742939D23A ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdboodilddefglllfoimeceomkpmkbi\1.0.0_1\background.js.vir"
sh=0909028DDA29E560E30646786E5261C06EC07212 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdboodilddefglllfoimeceomkpmkbi\1.0.0_1\content.js.vir"
sh=4F7228340F6D6AF77E12D431330776C96E3538A0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\91.js.vir"
sh=693584092F8B0CFE16BF29602DDCB12BFADB2EFA ft=1 fh=ca5e11cf0957c1ea vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoahcaobjbihehldfimhblmhgalcipm\10.21.1.507_1\plugins\ConduitChromeApiPlugin.dll.vir"
sh=738A06CFA5916F0E65BE9B34269464112F13F64D ft=1 fh=02170ed71572fbfe vn="Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoahcaobjbihehldfimhblmhgalcipm\10.21.1.507_1\plugins\TBVerifier.dll.vir"
sh=693584092F8B0CFE16BF29602DDCB12BFADB2EFA ft=1 fh=ca5e11cf0957c1ea vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoahcaobjbihehldfimhblmhgalcipm\10.21.1.7_0\plugins\ConduitChromeApiPlugin.dll.vir"
sh=738A06CFA5916F0E65BE9B34269464112F13F64D ft=1 fh=02170ed71572fbfe vn="Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoahcaobjbihehldfimhblmhgalcipm\10.21.1.7_0\plugins\TBVerifier.dll.vir"
sh=693584092F8B0CFE16BF29602DDCB12BFADB2EFA ft=1 fh=ca5e11cf0957c1ea vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoahcaobjbihehldfimhblmhgalcipm\10.21.1.7_2\plugins\ConduitChromeApiPlugin.dll.vir"
sh=738A06CFA5916F0E65BE9B34269464112F13F64D ft=1 fh=02170ed71572fbfe vn="Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkoahcaobjbihehldfimhblmhgalcipm\10.21.1.7_2\plugins\TBVerifier.dll.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=B55D50D764A685BB861DF36AF5EA8F4C5396FEE1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=D2E7147DB4EEF002AB0C2954C8B6E2B74C2A7CC8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=5925EABD04108D9E7E0BF8A0ECBAEC38DE8BFFEC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=83049A36E01F304F22C9A582B5826457E2B8BF0F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=FAD5F9E3F4DA8ED3ACC760906893EC897A53D622 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\92_superfish_m.js.vir"
sh=5CFBC7AED79FF8B602282A33D42FC9102DA53294 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.7_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=CE87EDC0C5583B0B982AD7C423695AB0A58EFD85 ft=0 fh=0000000000000000 vn="Win32/DealPly.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn\3.5.0.0_0\background.html.vir"
sh=6DFAB3734D5B80E06F6A2F98B6ACB9A1BFECAF05 ft=1 fh=f75e8985667dc1a6 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pickdmmkcajdddggmoaommkkoafandof\10.20.3.20_1\plugins\ConduitChromeApiPlugin.dll.vir"
sh=C0C362DC9304C406094429EFB14D721D2EF048AF ft=1 fh=4f6a0f1869746e8c vn="Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pickdmmkcajdddggmoaommkkoafandof\10.20.3.20_1\plugins\TBVerifier.dll.vir"
sh=693584092F8B0CFE16BF29602DDCB12BFADB2EFA ft=1 fh=ca5e11cf0957c1ea vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pickdmmkcajdddggmoaommkkoafandof\10.21.1.507_0\plugins\ConduitChromeApiPlugin.dll.vir"
sh=738A06CFA5916F0E65BE9B34269464112F13F64D ft=1 fh=02170ed71572fbfe vn="Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pickdmmkcajdddggmoaommkkoafandof\10.21.1.507_0\plugins\TBVerifier.dll.vir"
sh=01680ED534526733FA30CE7B56C760008918CE76 ft=1 fh=29bb0f96003936cd vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\LPT\srbu.dll.vir"
sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\NativeMessaging\CT3297265\1_0_0_6\TBMessagingHost.exe.vir"
sh=83368D2FF9CFEA2DF0E792525998A2DD85A1B38B ft=1 fh=32a6b3de4329839d vn="Variante von Win32/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\QuickShare.exe.vir"
sh=780EF9F6CA5DBC71F742FB02AC81D1346DB8219F ft=1 fh=78598b05d976cbbf vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll.vir"
sh=D60D75A15F4EF7E76A3EA22A9B7FBB59B3963215 ft=1 fh=80a88f2bc2f27150 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll.vir"
sh=9C4603FB1A0FB5AD6244DD9E58BC990483B03465 ft=1 fh=b9b3adb6bafe9252 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.Base.dll.vir"
sh=7A4B49DD863E52CD524A4546C9F397BC407AE60D ft=1 fh=0e2e3a8c4814e669 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.DefaultBrowser.dll.vir"
sh=362082F80251FD43B401F309C907792BD2BD6EBC ft=1 fh=984a159b068a635a vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ShareManagerLocalPlugin.dll.vir"
sh=53E354E11365243A4142A3648887FFCBFD930CC1 ft=1 fh=a0d27892009582b5 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessEntities.dll.vir"
sh=7F01274B00A68FD3590272FFD41AA710982678A9 ft=1 fh=3c34d6949d637278 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll.vir"
sh=960D33262852F0BB48B4FE5D9720086E19BE517B ft=1 fh=5e5f1e7fafac422d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Personalization.Settings.PersonalizationSettingsManager.dll.vir"
sh=3BAD62457AF052958FBE3552B1A70B2877109EB5 ft=1 fh=4e64f94acbd82fcb vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Personalization.Settings.UserSettingsManager.dll.vir"
sh=D0B9227D17D3AC6565B85830E06F90086C74A90E ft=1 fh=f8b3f79be7f32ea4 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll.vir"
sh=4E663172F2681C849AE00EF78962A38A3E647161 ft=1 fh=fce336c33ebdd04a vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.BrowserHelperUtils.dll.vir"
sh=B8C6E5B609776A5765F6792758AD6699414EC9E7 ft=1 fh=51497be658a81f8f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.GeneralUtilities.dll.vir"
sh=A3AFC8BC10F21BBE4B9CFC8FC253949A4D53609F ft=1 fh=4b5ad4bd22cb7456 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll.vir"
sh=EEA7D1782F9B44249649F8E489120B8B9D1BCCD3 ft=1 fh=d273f44f931acea5 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll.vir"
sh=B5F576B34314C99CC5C633553391FC15A23609D6 ft=1 fh=3c0606d3af26a30d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.ProductsRemovalLibary.dll.vir"
sh=8021F738B9D995E0FC9DBD517155262511BD78CC ft=1 fh=89fb660a9a8d3c91 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.ProductUninstaller.dll.vir"
sh=77951B4E50A54982D070095D6D904CEA374D24D4 ft=1 fh=db85cbcdff16c6a2 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll.vir"
sh=5AA7A83F7A15374C5E3EA3711828C93E5B392751 ft=1 fh=15d06687de4293fd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettingsAutoUpdater.dll.vir"
sh=DC5566EA969F480EC3016D43FDA848EB3DA9B215 ft=1 fh=1a251bf0673202f6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.ShortcutsLibrary.dll.vir"
sh=FEDBFA43C336C063B5F04D13C2B33C9A30E79BC0 ft=1 fh=29a0d9b1f7890e9c vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll.vir"
sh=93D3F7B6363B1EDDC247EA165C7896EBFED1079D ft=1 fh=86ee0c4e428a1bc7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.UninstallScreen.dll.vir"
sh=40F6148946556813F283E6B8D29489C878957B33 ft=1 fh=540ae92a48b542b9 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.UrlHistorySupplier.dll.vir"
sh=70B8101C2BA362813F6CED82C13C22AEDB3349D4 ft=1 fh=adcaa960300b7083 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll.vir"
sh=45A00CBBE698665BCC1D163926EBA65E7BD32AC3 ft=1 fh=d540c0af311fbf80 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=5E4D66EB65189FD9CBD7BB0A28851AE135C9787C ft=1 fh=46d6b0a21d02f63c vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=20E69E37AC8C04AE910C1D292770CD68163C4409 ft=1 fh=3155f889dd0dbf9a vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=757C09AA2C0B2B5862CFA908BBC7EC7BCB0033EF ft=1 fh=7915550c5e7b7234 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=01680ED534526733FA30CE7B56C760008918CE76 ft=1 fh=29bb0f96003936cd vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=1E5DB8057720A153D3E851B8FC37F8EC980EE8E7 ft=1 fh=a65556fe5bee8b10 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_16.dll.vir"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_17.dll.vir"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_18.dll.vir"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_19.dll.vir"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_20.dll.vir"
sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_21.dll.vir"
sh=7C15DA5A80F24F0383C992CFB03CF68E95A464B1 ft=1 fh=be427aaf403ae2ff vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_22.dll.vir"
sh=95544372D9D68E8AFAE5E9DA8B07C14CE5406ABB ft=1 fh=dd489ec711c15129 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_23.dll.vir"
sh=506CF74F58DEE1A450C9840FDB8F93490FA23BFD ft=1 fh=47e454377749b8d6 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_24.dll.vir"
sh=04F888260E1E0DF879B2C63693EA9C746D6F938E ft=1 fh=c0789a66bf16a7a5 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir"
sh=4B298F597E719B98DBEAE306E363719AFA1CD074 ft=1 fh=1a0789ee68cbf649 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=C4229E29B0D547CCA2EC493C9359F7FCE27CB5E2 ft=1 fh=353735db63e62932 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=4651567B6F6C117C61B452373FA19E9C0FE0E814 ft=1 fh=9d26a6a798748e85 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=A430BD4F7C79FB7C27DC0DC7ADEA629BB707F96A ft=1 fh=01b69ef96ed28c0c vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=29CD2DAE8B9F43738A19010E7F51E269E2382783 ft=1 fh=b97fbb3dcf988a93 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.UninstallProductsPlugin.dll.vir"
sh=972DB9071C719922142BE77CF935C208B66F8DE2 ft=1 fh=c50a95d882970223 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=BA6226961FC15A3D0EBE1EAC2F2E1DFCC5792D9C ft=1 fh=71b9d2967a72b532 vn="Win32/InstallMonetizer.AN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\cf34429219beab817e70e97d20f3daec\SchoenerFernsehen_0.0.0.1.exe.vir"
sh=BE40C0251D66829CF63FD4341CACA785CAF5CD73 ft=1 fh=afd5085e605741b5 vn="Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\LocalLow\appbarioDE_1\hk64tbappb.dll.vir"
sh=0F7B6B96202643D88E6428C62CA0BADC6D38D140 ft=1 fh=3507b93dfe419462 vn="Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\LocalLow\appbarioDE_1\hktbappb.dll.vir"
sh=547EF42FB35708E8C39FE6D04DBF3DEDD91E73DB ft=1 fh=99fdcb8395eefb1c vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\LocalLow\appbarioDE_1\ldrtbappb.dll.vir"
sh=6C02BC376864DF0440DE70DED3A65938D6295795 ft=1 fh=965e2f365cb21a83 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\LocalLow\appbarioDE_1\tbappb.dll.vir"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\LocalLow\appbarioDE_1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"
sh=ECAAC2B22C5DF388FA3847749C931AEF458384B8 ft=1 fh=2876dfec7d92aded vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\LocalLow\DivX_Browser_Bar_DE\hk64tbDivX.dll.vir"
sh=C325F9A28C049D03E23060686A70B398531CDB05 ft=1 fh=742ed93f69aeb6e1 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\LocalLow\DivX_Browser_Bar_DE\hktbDivX.dll.vir"
sh=EFB534D515903744B9755391A417051902C16DE2 ft=1 fh=e331f9a91891a78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\LocalLow\DivX_Browser_Bar_DE\ldrtbDivX.dll.vir"
sh=19C0679FA65F480C9A0BC5C43396D2ADEC8BCAF9 ft=1 fh=bca908a16a338e6a vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\LocalLow\DivX_Browser_Bar_DE\tbDivX.dll.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\0F1F1C2Y1H1P1C0I0T\Adblock Plus Packages\uninstaller.exe.vir"
sh=143416AAC4F6000C3A3235EB4EC955B4D0B6955E ft=1 fh=b68409d87b15670c vn="Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=B55D50D764A685BB861DF36AF5EA8F4C5396FEE1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=DB20E734B5C972AB6EBB25CE301370607FE6AF74 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=5925EABD04108D9E7E0BF8A0ECBAEC38DE8BFFEC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=83049A36E01F304F22C9A582B5826457E2B8BF0F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=FAD5F9E3F4DA8ED3ACC760906893EC897A53D622 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=7FA1F70DC4D115E8332782563357A35C5E6445A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\92_superfish_m.js.vir"
sh=D628ECC839BB1AC5640113BF5884D0B708A56984 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=78EF5981C3519DFCC18D1E4513235A5FD9834677 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\addon@dealplyshopping.com\chrome\content\dealplyshopping.xul.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=B55D50D764A685BB861DF36AF5EA8F4C5396FEE1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=DB20E734B5C972AB6EBB25CE301370607FE6AF74 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=5925EABD04108D9E7E0BF8A0ECBAEC38DE8BFFEC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=83049A36E01F304F22C9A582B5826457E2B8BF0F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=FAD5F9E3F4DA8ED3ACC760906893EC897A53D622 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=7FA1F70DC4D115E8332782563357A35C5E6445A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\92_superfish_m.js.vir"
sh=5CFBC7AED79FF8B602282A33D42FC9102DA53294 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=CFD9A58BFAEB023C1D0511DB17326BA6F1A584D7 ft=1 fh=9d3b7446a48a973a vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\{66b103a7-d772-4fcd-ace4-16f79a9056e0}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=A6B0985ABC1E2C02B26045E46506CAAC737DA137 ft=1 fh=121662fb9c8fa164 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\1118r15d.default\Extensions\{6dad39c6-f4ac-4984-8e9b-f666269b9eb1}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Searchprotect\ffprotect\application.js.vir"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\Searchprotect\ffprotect\nsprotector.js.vir"
sh=F15AFE814D3BA2594E2BE8170BFB5550F357C459 ft=1 fh=0c867f665f22562c vn="Win32/VOPackage.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\VOPackage\runasu.exe.vir"
sh=009AE3F4BA4A1ABAAD89E27E445FAC3F7A252AB1 ft=1 fh=85a62be12fc374bc vn="Win32/VOPackage.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=9E508F027C59B7EA78B1CAE4BF85538DC7EE041A ft=1 fh=cc6c97433451e212 vn="Variante von Win32/VOPackage.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bodo\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=737D351C09E3D7A06BEB8D3BBE720749A8B7F4C0 ft=1 fh=abbd31e3078fdcf3 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bodo\AppData\Local\nseB1B9.tmp"
sh=3F57F10CCB34740ACC63775DAF17ACE584B751B6 ft=1 fh=4a025439b30cc9b9 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bodo\AppData\Local\nskDA54.tmp"
sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bodo\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\Extensions\hkoahcaobjbihehldfimhblmhgalcipm\10.23.0.722_0\nativeMessaging\TBMessagingHost.exe"
sh=B1C5D9DC9A6493C66CD50B3767157CCFC4B4985E ft=1 fh=da713123607f778d vn="Variante von Win32/Toolbar.Conduit.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bodo\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\Extensions\hkoahcaobjbihehldfimhblmhgalcipm\10.23.0.722_0\TBHostSupport\TBHostSupport.dll"
sh=D4D640E4A04D91DEF41DAD844D1EC046FA1D5F3E ft=1 fh=f32a1de57c3d142e vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bodo\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\Extensions\hkoahcaobjbihehldfimhblmhgalcipm\10.24.3.503_0\nativeMessaging\TBMessagingHost.exe"
sh=03CE8E6F06759DE22B493200724F503F7EC180AD ft=1 fh=c71c0011e8464a4f vn="Variante von Win32/InstallCore.JW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bodo\Downloads\COMPUTER_BILD-Download-Manager_fuer_ManyCamSetup.exe"
sh=05CB84D2B8465F3E5F96C828DC0C172BC4565F77 ft=1 fh=c71c0011e48792bc vn="Win32/InstallCore.MF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bodo\Downloads\COMPUTER_BILD-Download-Manager_fuer_mbam-setup-2.0.1.1004.exe"
sh=27CAE1819DC883DDF88CA43C2BAC2ADCB73FED2A ft=1 fh=b6907812d3c95b67 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bodo\Downloads\HP-Photosmart-Premium-Fax-C309a-Treiber-lnstall.exe"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bodo\Downloads\PDFCreator-1_7_1_setup.exe"
sh=FBBE31F08E493A8B0702FE72F3ABA6DF996E20C6 ft=1 fh=1055b3d0ea15ac02 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bodo\Downloads\PDFCreator-1_7_2_setup.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bodo\Downloads\PDFCreator-1_7_3_setup.exe"
sh=6F860D058BD05EFD60D9EEB77B37143DF5B1B376 ft=1 fh=ba9ce29a190beae7 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bodo\Downloads\Schoener Fernsehen - CHIP-Installer(1).exe"
sh=73569D09A6D50AB01156B7AF973B046A8533C5AA ft=1 fh=8e3cfbe7ff4d5806 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bodo\Downloads\Schoener Fernsehen - CHIP-Installer.exe"
sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Bodo\Downloads\wzmp_8.exe"
sh=D762CAACD61C62EAF97E826E7097DC1216E250D0 ft=1 fh=b27f5b0a4ee3361c vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\chalu_000\Zattoo - CHIP-Installer.exe"
sh=FD9F5CB8CF3CDC41487345A737F72386DA9FC090 ft=1 fh=d53322917bd5f2e9 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIEDF0.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=E73EE051A0B653BE087A12CBF31000A763469566 ft=1 fh=04c163740a8804a0 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIEDF0.tmp-\srbs.dll"
sh=D47A9CE0DC6766B3FF7A2B2821688613F23FBFD9 ft=1 fh=31e28f805d0d2407 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIEDF0.tmp-\srbu.dll"
sh=F2C0058BDF0D4F4674ADFFF3C3D265A7C5290D87 ft=0 fh=0000000000000000 vn="Win32/Joke.EuroPrint.A potenziell unsichere Anwendung" ac=I fn="D:\Bodo-Daten\Bodo\Bodo-Anlagen_Mails\europrinter.zip"
         

Alt 26.07.2014, 18:49   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



  • Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
  • Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
  • Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
  • Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
  • Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
  • Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.



Frisches FRST LOg bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.07.2014, 07:57   #13
Otto II
 
Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



Hallo Schrauber,
Die Reparatur von Window habe ich durchgeführt. Ich hoffe, dass damit nun alle Plagegeister , Viren gelöscht wurden und mein System wieder clean ist.
Anbei die Protokolle
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2014
Ran by Administrator at 2014-07-27 08:29:20
Running from C:\Users\chalu_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adblock IE 2.3 (HKLM\...\{58161756-037B-42CD-B575-AF804A2F0F47}) (Version: 2.3.1756 - MGTEK)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon 1Button App (x32 Version: 1.0.6 - Amazon) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Audials (HKLM-x32\...\{DA6EBFC9-8869-4B61-8D38-2668A395C5B0}) (Version: 11.0.54400.0 - Audials AG)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Classic Shell (HKLM\...\{023F92C9-AB10-4C54-BF09-C550AEC37917}) (Version: 4.0.6 - IvoSoft)
Elevated Installer (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version:  - SEIKO EPSON Corporation)
Epson-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Garmin Express (HKLM-x32\...\{aece03a3-686f-4b3c-9931-9dafb71829b7}) (Version: 3.2.9.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
IntelliMemory (HKLM\...\{E93403C5-8A91-4940-89DB-EED69DA6E82E}) (Version: 1.0.30.0 - Condusiv Technologies)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
NVIDIA Grafiktreiber 327.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.68 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.68 (Version: 327.68 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.10 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Schoener Fernsehen 0.0.0.1 (HKLM-x32\...\Schoener Fernsehen) (Version: 0.0.0.1 - © schoener-fernsehen.com)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.3 - Tweaking.com)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-07-2014 18:28:03 Windows Modules Installer
20-07-2014 11:40:40 Removed Epson Connect Printer Setup
24-07-2014 04:13:53 Garmin Express

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-07-26 23:06 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {006425DB-5B51-4B6C-B8AA-A1E4CFB6BFAC} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {03199A00-7820-4A48-8223-98BF4B54FCBD} - \LyricsSay-16-enabler No Task File <==== ATTENTION
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0FB5E383-E7A3-44D6-AB08-3C8B1E28A63B} - \SuperLyrics-16-updater No Task File <==== ATTENTION
Task: {0FEC8C22-EB47-4E13-B62B-8F0183C8BF4B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002Core => C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
Task: {1AEA6B3A-4D06-4531-91AC-3DF1AACE4019} - \LyricsSay-16-updater No Task File <==== ATTENTION
Task: {1DDF39B9-7542-4576-A5D1-6D3E9AA12DEE} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {265A54A5-EE3E-4BE5-8F9B-9C89167CCDD8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002UA => C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
Task: {29FC5DE7-7152-4711-BD33-4E54B23A485D} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {2BE7AFB0-F39C-42EA-A361-C6D6A77BBDB4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {32C84E47-237F-4951-88D7-17D11ED1F03F} - \LyricsSay-16-chromeinstaller No Task File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {42B64C91-20D7-4A1F-BA88-837CFC0993A8} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-07-20] (IObit)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {49ECFB78-3464-42B5-A113-8713D9065A27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-19] (Google Inc.)
Task: {511F60F0-AA64-4730-9938-2151632EFB97} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {5AAD02D0-BCAE-4D2F-86B2-B41FEEEDCFC2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {6285A475-CFE7-4411-B607-B32370C9534A} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {653CC1D7-4638-4DA1-B3AF-74C5188BA9AB} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)
Task: {687D19A4-FCFA-429A-9794-34325E00C363} - \DealPly No Task File <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6B2725A6-F626-416D-A4C5-3853AF804B06} - \LyricsSay-16-firefoxinstaller No Task File <==== ATTENTION
Task: {6D8CB9D3-B420-4347-8C0E-972036339A1A} - \SuperLyrics-16-enabler No Task File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6E95863C-874F-4DC7-8328-5737E5D19515} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {743D1D12-2DC1-478F-AFB4-DBED4D122C55} - System32\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7A87875B-CBEE-4986-9E4C-05EBD9B37C2E} - \d8196673-3ed8-4a48-a051-70eb7ce8fdf0-2 No Task File <==== ATTENTION
Task: {8325AD8F-FF1A-4616-B617-D738AFEFB313} - \d8196673-3ed8-4a48-a051-70eb7ce8fdf0-3 No Task File <==== ATTENTION
Task: {8519767A-19C4-4DD2-854B-43212FB1FAAA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8AEF9D29-F702-465E-BF39-29C551BE30FF} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9495029F-BB49-4089-87C0-FF66734C1C3C} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {9892AEC1-E056-450C-AF9E-D1588355490D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {98E32370-9469-4A6E-8724-CB47D7457060} - \d8196673-3ed8-4a48-a051-70eb7ce8fdf0-1 No Task File <==== ATTENTION
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A063F511-9675-436F-B483-4920ADFAA13E} - System32\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A2397A80-085E-4A4F-BFAB-7C5A3983DF41} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {A29F379A-C877-45C1-8CDB-BEBE5D16A1B1} - \GS.Enabler-S-926685765 No Task File <==== ATTENTION
Task: {AE2531E5-E6D5-4ED8-81FB-EA0F7FF0EAA0} - \LyricsSay-16-codedownloader No Task File <==== ATTENTION
Task: {BA80C40D-8AF8-48B0-9C51-384B98B3BF96} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION
Task: {BCA9EA7D-2D28-4E07-B845-5949E042FCB8} - \Re-markit Update No Task File <==== ATTENTION
Task: {BCFBE945-7857-436D-BCCF-BAF0621B1B90} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {C11E1C09-62F6-45C3-B03D-E08BD45CCA77} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D1748FE1-6362-4253-8679-BDDA62E04F48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-19] (Google Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCBF1AF5-8F07-41AC-846B-ADFD42D186B5} - \Browser Updater\Browser Updater No Task File <==== ATTENTION
Task: {DE5D0EB2-5962-4889-A1E9-8690421008B6} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {E01B37C4-DC66-4891-8ADA-0345717C29C3} - \d8196673-3ed8-4a48-a051-70eb7ce8fdf0-4 No Task File <==== ATTENTION
Task: {E2F64592-3402-41A7-837D-8CEA54C8FA01} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {E370A746-D5B2-4991-A749-E76724EA1540} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2014-03-21] (SEC)
Task: {E6906670-3FBE-4A79-96DC-FAF5CCD9CC69} - \MySearchDial No Task File <==== ATTENTION
Task: {E69A9069-CA2F-4AF4-89E0-A80950C7C058} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E80AAB2A-6C66-430D-8929-3BD35162472F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-13] (Adobe Systems Incorporated)
Task: {E8F4C848-A4FC-472A-83FC-FAED01752288} - \SuperLyrics-16-codedownloader No Task File <==== ATTENTION
Task: {F1A2055F-4195-4BCC-99B0-785D4534FD2E} - \LaunchApp No Task File <==== ATTENTION
Task: {F24ED9CE-BE08-4A05-9B0F-DB79214B1CD2} - \Re-markit_wd No Task File <==== ATTENTION
Task: {F98DD335-8F0C-43FE-9124-B80B657BB66A} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-01] ()
Task: {FA9C1462-853C-4475-BBC2-BF87C340D79B} - \d8196673-3ed8-4a48-a051-70eb7ce8fdf0-5 No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002Core.job => C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002UA.job => C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GS.Enabler-S-926685765.job => c:\programdata\softwarehouse\gs.enabler\GS.Enabler.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2014-02-19 00:21 - 2013-11-11 05:27 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-04-05 08:22 - 2013-04-07 13:37 - 00081920 _____ () C:\Program Files (x86)\TraXEx\Integration\CppShellExtContextMenuHandler.dll
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-15 02:48 - 2013-11-15 02:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-11-30 01:20 - 2013-09-16 13:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-05-31 19:39 - 2014-05-31 19:39 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c95c4deae76420a882bef7161a449d72\Windows.UI.ni.dll
2014-05-31 19:39 - 2014-05-31 19:39 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cf021988965369c551bb0987fe019862\Windows.Foundation.ni.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-11-04 18:54 - 2011-01-31 09:45 - 00559244 _____ () C:\Program Files (x86)\TraXEx\sqlite3.dll
2013-11-15 02:49 - 2013-11-15 02:49 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-07-22 18:37 - 2014-07-22 18:37 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\Users\Bodo\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Bodo\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\chalu_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AudialsNotifier => C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: Google Update => "C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ManyCam => "C:/Program Files (x86)/ManyCam/ManyCam.exe" --silent
MSCONFIG\startupreg: OMESupervisor => C:\Users\Bodo\AppData\Local\omesuperv.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/27/2014 03:23:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12469

Error: (07/27/2014 03:23:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12469

Error: (07/27/2014 03:23:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2014 11:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 2.1.25.4, Zeitstempel: 0x533e60a9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1780
Startzeit der fehlerhaften Anwendung: 0xSWMAgent.exe0
Pfad der fehlerhaften Anwendung: SWMAgent.exe1
Pfad des fehlerhaften Moduls: SWMAgent.exe2
Berichtskennung: SWMAgent.exe3
Vollständiger Name des fehlerhaften Pakets: SWMAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SWMAgent.exe5

Error: (07/26/2014 11:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EasyLauncher.exe, Version: 2.0.0.10, Zeitstempel: 0x52e7528a
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x93c
Startzeit der fehlerhaften Anwendung: 0xEasyLauncher.exe0
Pfad der fehlerhaften Anwendung: EasyLauncher.exe1
Pfad des fehlerhaften Moduls: EasyLauncher.exe2
Berichtskennung: EasyLauncher.exe3
Vollständiger Name des fehlerhaften Pakets: EasyLauncher.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: EasyLauncher.exe5

Error: (07/26/2014 11:45:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EasySettingsCmdServer.exe, Version: 0.0.0.0, Zeitstempel: 0x52e75292
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.30319.460, Zeitstempel: 0x4db13576
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008cb95
ID des fehlerhaften Prozesses: 0x1c08
Startzeit der fehlerhaften Anwendung: 0xEasySettingsCmdServer.exe0
Pfad der fehlerhaften Anwendung: EasySettingsCmdServer.exe1
Pfad des fehlerhaften Moduls: EasySettingsCmdServer.exe2
Berichtskennung: EasySettingsCmdServer.exe3
Vollständiger Name des fehlerhaften Pakets: EasySettingsCmdServer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: EasySettingsCmdServer.exe5

Error: (07/26/2014 11:45:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Repair_Windows.exe, Version: 2.8.0.3, Zeitstempel: 0x53cd57cb
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000041d
Fehleroffset: 0x77681a91
ID des fehlerhaften Prozesses: 0x1bac
Startzeit der fehlerhaften Anwendung: 0xRepair_Windows.exe0
Pfad der fehlerhaften Anwendung: Repair_Windows.exe1
Pfad des fehlerhaften Moduls: Repair_Windows.exe2
Berichtskennung: Repair_Windows.exe3
Vollständiger Name des fehlerhaften Pakets: Repair_Windows.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Repair_Windows.exe5

Error: (07/26/2014 11:45:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Repair_Windows.exe, Version: 2.8.0.3, Zeitstempel: 0x53cd57cb
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1bac
Startzeit der fehlerhaften Anwendung: 0xRepair_Windows.exe0
Pfad der fehlerhaften Anwendung: Repair_Windows.exe1
Pfad des fehlerhaften Moduls: Repair_Windows.exe2
Berichtskennung: Repair_Windows.exe3
Vollständiger Name des fehlerhaften Pakets: Repair_Windows.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Repair_Windows.exe5

Error: (07/26/2014 11:04:04 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageModificationEvent" zu registrieren, deren Zielklasse "MSFT_StorageModificationEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (07/26/2014 11:04:04 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageDepartureEvent" zu registrieren, deren Zielklasse "MSFT_StorageDepartureEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.


System errors:
=============
Error: (07/26/2014 11:47:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (07/26/2014 11:47:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/26/2014 11:44:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2014 11:44:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2014 11:09:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2014 11:09:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2014 11:09:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2014 11:09:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2014 11:09:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2014 11:09:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-26 23:47:58.924
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 8079.37 MB
Available physical RAM: 5887.62 MB
Total Pagefile: 16271.38 MB
Available Pagefile: 13900.91 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:904.12 GB) (Free:829.31 GB) NTFS
Drive d: (LW D Daten) (Fixed) (Total:931.51 GB) (Free:829.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: D6ABA6F2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 92CDA70E)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Hallo Schrauber,

anbei die addition Datei
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2014
Ran by Administrator at 2014-07-27 08:29:20
Running from C:\Users\chalu_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adblock IE 2.3 (HKLM\...\{58161756-037B-42CD-B575-AF804A2F0F47}) (Version: 2.3.1756 - MGTEK)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon 1Button App (x32 Version: 1.0.6 - Amazon) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Audials (HKLM-x32\...\{DA6EBFC9-8869-4B61-8D38-2668A395C5B0}) (Version: 11.0.54400.0 - Audials AG)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Classic Shell (HKLM\...\{023F92C9-AB10-4C54-BF09-C550AEC37917}) (Version: 4.0.6 - IvoSoft)
Elevated Installer (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version:  - SEIKO EPSON Corporation)
Epson-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Garmin Express (HKLM-x32\...\{aece03a3-686f-4b3c-9931-9dafb71829b7}) (Version: 3.2.9.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.6.0.0128 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
IntelliMemory (HKLM\...\{E93403C5-8A91-4940-89DB-EED69DA6E82E}) (Version: 1.0.30.0 - Condusiv Technologies)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
NVIDIA Grafiktreiber 327.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.68 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.68 (Version: 327.68 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.10 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Schoener Fernsehen 0.0.0.1 (HKLM-x32\...\Schoener Fernsehen) (Version: 0.0.0.1 - © schoener-fernsehen.com)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.3 - Tweaking.com)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-07-2014 18:28:03 Windows Modules Installer
20-07-2014 11:40:40 Removed Epson Connect Printer Setup
24-07-2014 04:13:53 Garmin Express

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-07-26 23:06 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {006425DB-5B51-4B6C-B8AA-A1E4CFB6BFAC} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {03199A00-7820-4A48-8223-98BF4B54FCBD} - \LyricsSay-16-enabler No Task File <==== ATTENTION
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0FB5E383-E7A3-44D6-AB08-3C8B1E28A63B} - \SuperLyrics-16-updater No Task File <==== ATTENTION
Task: {0FEC8C22-EB47-4E13-B62B-8F0183C8BF4B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002Core => C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
Task: {1AEA6B3A-4D06-4531-91AC-3DF1AACE4019} - \LyricsSay-16-updater No Task File <==== ATTENTION
Task: {1DDF39B9-7542-4576-A5D1-6D3E9AA12DEE} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {265A54A5-EE3E-4BE5-8F9B-9C89167CCDD8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002UA => C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
Task: {29FC5DE7-7152-4711-BD33-4E54B23A485D} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {2BE7AFB0-F39C-42EA-A361-C6D6A77BBDB4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {32C84E47-237F-4951-88D7-17D11ED1F03F} - \LyricsSay-16-chromeinstaller No Task File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {42B64C91-20D7-4A1F-BA88-837CFC0993A8} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-07-20] (IObit)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {49ECFB78-3464-42B5-A113-8713D9065A27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-19] (Google Inc.)
Task: {511F60F0-AA64-4730-9938-2151632EFB97} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {5AAD02D0-BCAE-4D2F-86B2-B41FEEEDCFC2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {6285A475-CFE7-4411-B607-B32370C9534A} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {653CC1D7-4638-4DA1-B3AF-74C5188BA9AB} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)
Task: {687D19A4-FCFA-429A-9794-34325E00C363} - \DealPly No Task File <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6B2725A6-F626-416D-A4C5-3853AF804B06} - \LyricsSay-16-firefoxinstaller No Task File <==== ATTENTION
Task: {6D8CB9D3-B420-4347-8C0E-972036339A1A} - \SuperLyrics-16-enabler No Task File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6E95863C-874F-4DC7-8328-5737E5D19515} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {743D1D12-2DC1-478F-AFB4-DBED4D122C55} - System32\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7A87875B-CBEE-4986-9E4C-05EBD9B37C2E} - \d8196673-3ed8-4a48-a051-70eb7ce8fdf0-2 No Task File <==== ATTENTION
Task: {8325AD8F-FF1A-4616-B617-D738AFEFB313} - \d8196673-3ed8-4a48-a051-70eb7ce8fdf0-3 No Task File <==== ATTENTION
Task: {8519767A-19C4-4DD2-854B-43212FB1FAAA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8AEF9D29-F702-465E-BF39-29C551BE30FF} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9495029F-BB49-4089-87C0-FF66734C1C3C} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {9892AEC1-E056-450C-AF9E-D1588355490D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {98E32370-9469-4A6E-8724-CB47D7457060} - \d8196673-3ed8-4a48-a051-70eb7ce8fdf0-1 No Task File <==== ATTENTION
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A063F511-9675-436F-B483-4920ADFAA13E} - System32\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A2397A80-085E-4A4F-BFAB-7C5A3983DF41} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {A29F379A-C877-45C1-8CDB-BEBE5D16A1B1} - \GS.Enabler-S-926685765 No Task File <==== ATTENTION
Task: {AE2531E5-E6D5-4ED8-81FB-EA0F7FF0EAA0} - \LyricsSay-16-codedownloader No Task File <==== ATTENTION
Task: {BA80C40D-8AF8-48B0-9C51-384B98B3BF96} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION
Task: {BCA9EA7D-2D28-4E07-B845-5949E042FCB8} - \Re-markit Update No Task File <==== ATTENTION
Task: {BCFBE945-7857-436D-BCCF-BAF0621B1B90} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {C11E1C09-62F6-45C3-B03D-E08BD45CCA77} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D1748FE1-6362-4253-8679-BDDA62E04F48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-19] (Google Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCBF1AF5-8F07-41AC-846B-ADFD42D186B5} - \Browser Updater\Browser Updater No Task File <==== ATTENTION
Task: {DE5D0EB2-5962-4889-A1E9-8690421008B6} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {E01B37C4-DC66-4891-8ADA-0345717C29C3} - \d8196673-3ed8-4a48-a051-70eb7ce8fdf0-4 No Task File <==== ATTENTION
Task: {E2F64592-3402-41A7-837D-8CEA54C8FA01} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {E370A746-D5B2-4991-A749-E76724EA1540} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2014-03-21] (SEC)
Task: {E6906670-3FBE-4A79-96DC-FAF5CCD9CC69} - \MySearchDial No Task File <==== ATTENTION
Task: {E69A9069-CA2F-4AF4-89E0-A80950C7C058} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E80AAB2A-6C66-430D-8929-3BD35162472F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-13] (Adobe Systems Incorporated)
Task: {E8F4C848-A4FC-472A-83FC-FAED01752288} - \SuperLyrics-16-codedownloader No Task File <==== ATTENTION
Task: {F1A2055F-4195-4BCC-99B0-785D4534FD2E} - \LaunchApp No Task File <==== ATTENTION
Task: {F24ED9CE-BE08-4A05-9B0F-DB79214B1CD2} - \Re-markit_wd No Task File <==== ATTENTION
Task: {F98DD335-8F0C-43FE-9124-B80B657BB66A} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-01] ()
Task: {FA9C1462-853C-4475-BBC2-BF87C340D79B} - \d8196673-3ed8-4a48-a051-70eb7ce8fdf0-5 No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {3DA0DC70-36AC-4C0C-AAF8-C5D7026B1C94}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002Core.job => C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-885508780-3488564519-4253053766-1002UA.job => C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GS.Enabler-S-926685765.job => c:\programdata\softwarehouse\gs.enabler\GS.Enabler.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2014-02-19 00:21 - 2013-11-11 05:27 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-04-05 08:22 - 2013-04-07 13:37 - 00081920 _____ () C:\Program Files (x86)\TraXEx\Integration\CppShellExtContextMenuHandler.dll
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-15 02:48 - 2013-11-15 02:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-11-30 01:20 - 2013-09-16 13:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-05-31 19:39 - 2014-05-31 19:39 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c95c4deae76420a882bef7161a449d72\Windows.UI.ni.dll
2014-05-31 19:39 - 2014-05-31 19:39 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cf021988965369c551bb0987fe019862\Windows.Foundation.ni.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-11-04 18:54 - 2011-01-31 09:45 - 00559244 _____ () C:\Program Files (x86)\TraXEx\sqlite3.dll
2013-11-15 02:49 - 2013-11-15 02:49 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-07-22 18:37 - 2014-07-22 18:37 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\Users\Bodo\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Bodo\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\chalu_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AudialsNotifier => C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: Google Update => "C:\Users\Bodo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ManyCam => "C:/Program Files (x86)/ManyCam/ManyCam.exe" --silent
MSCONFIG\startupreg: OMESupervisor => C:\Users\Bodo\AppData\Local\omesuperv.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/27/2014 03:23:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12469

Error: (07/27/2014 03:23:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12469

Error: (07/27/2014 03:23:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2014 11:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 2.1.25.4, Zeitstempel: 0x533e60a9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1780
Startzeit der fehlerhaften Anwendung: 0xSWMAgent.exe0
Pfad der fehlerhaften Anwendung: SWMAgent.exe1
Pfad des fehlerhaften Moduls: SWMAgent.exe2
Berichtskennung: SWMAgent.exe3
Vollständiger Name des fehlerhaften Pakets: SWMAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SWMAgent.exe5

Error: (07/26/2014 11:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EasyLauncher.exe, Version: 2.0.0.10, Zeitstempel: 0x52e7528a
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x93c
Startzeit der fehlerhaften Anwendung: 0xEasyLauncher.exe0
Pfad der fehlerhaften Anwendung: EasyLauncher.exe1
Pfad des fehlerhaften Moduls: EasyLauncher.exe2
Berichtskennung: EasyLauncher.exe3
Vollständiger Name des fehlerhaften Pakets: EasyLauncher.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: EasyLauncher.exe5

Error: (07/26/2014 11:45:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EasySettingsCmdServer.exe, Version: 0.0.0.0, Zeitstempel: 0x52e75292
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.30319.460, Zeitstempel: 0x4db13576
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008cb95
ID des fehlerhaften Prozesses: 0x1c08
Startzeit der fehlerhaften Anwendung: 0xEasySettingsCmdServer.exe0
Pfad der fehlerhaften Anwendung: EasySettingsCmdServer.exe1
Pfad des fehlerhaften Moduls: EasySettingsCmdServer.exe2
Berichtskennung: EasySettingsCmdServer.exe3
Vollständiger Name des fehlerhaften Pakets: EasySettingsCmdServer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: EasySettingsCmdServer.exe5

Error: (07/26/2014 11:45:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Repair_Windows.exe, Version: 2.8.0.3, Zeitstempel: 0x53cd57cb
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000041d
Fehleroffset: 0x77681a91
ID des fehlerhaften Prozesses: 0x1bac
Startzeit der fehlerhaften Anwendung: 0xRepair_Windows.exe0
Pfad der fehlerhaften Anwendung: Repair_Windows.exe1
Pfad des fehlerhaften Moduls: Repair_Windows.exe2
Berichtskennung: Repair_Windows.exe3
Vollständiger Name des fehlerhaften Pakets: Repair_Windows.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Repair_Windows.exe5

Error: (07/26/2014 11:45:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Repair_Windows.exe, Version: 2.8.0.3, Zeitstempel: 0x53cd57cb
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1bac
Startzeit der fehlerhaften Anwendung: 0xRepair_Windows.exe0
Pfad der fehlerhaften Anwendung: Repair_Windows.exe1
Pfad des fehlerhaften Moduls: Repair_Windows.exe2
Berichtskennung: Repair_Windows.exe3
Vollständiger Name des fehlerhaften Pakets: Repair_Windows.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Repair_Windows.exe5

Error: (07/26/2014 11:04:04 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageModificationEvent" zu registrieren, deren Zielklasse "MSFT_StorageModificationEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (07/26/2014 11:04:04 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "StorageWMI" wurde versucht, die Abfrage "select * from MSFT_StorageDepartureEvent" zu registrieren, deren Zielklasse "MSFT_StorageDepartureEvent" im Namespace "//./root/Microsoft/Windows/Storage" nicht vorhanden ist. Die Abfrage wird ignoriert.


System errors:
=============
Error: (07/26/2014 11:47:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (07/26/2014 11:47:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util webporpoise" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/26/2014 11:44:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2014 11:44:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2014 11:09:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2014 11:09:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2014 11:09:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2014 11:09:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2014 11:09:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/26/2014 11:09:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Tweaking Run As System Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-26 23:47:58.924
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 8079.37 MB
Available physical RAM: 5887.62 MB
Total Pagefile: 16271.38 MB
Available Pagefile: 13900.91 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:904.12 GB) (Free:829.31 GB) NTFS
Drive d: (LW D Daten) (Fixed) (Total:931.51 GB) (Free:829.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: D6ABA6F2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 92CDA70E)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 27.07.2014, 13:46   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



gibt es denn noch Probleme? Poste bitte noch ein frisches FSS Logfile.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.07.2014, 21:26   #15
Otto II
 
Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Standard

Window 8.1, Virus "PUP.Otional.Sanbreel.A"



Hallo Schrauber,
ich dachte ich hätte dir schon ein akt. FSS gepostet. War mein Fehler hatte ich wohl doch nicht getan.
Probleme: Ich habe mit Mailwarebytes den Rechner überprüft. Lt Programm w´sind die Viren noch vorhanden.
Soll ich das System neu aufsetzen ????
anbei wie gewünscht das FSS
Viele Grüße Otto
Code:
ATTFilter
Farbar Service Scanner Version: 21-07-2014
Ran by chalu_000 (ATTENTION: The logged in user is not administrator) on 28-07-2014 at 22:04:16
Running from "C:\Users\chalu_000\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
         
Als Info
Ich habe das System mit Mailwarebytes überprüft
Gruß Otto

Antwort

Themen zu Window 8.1, Virus "PUP.Otional.Sanbreel.A"
js/toolbar.crossrider.b, msil/browsefox.g, pup.optional.hometab.a, pup.optional.sanbreel.a, win32/adware.addlyrics.aj, win32/browsefox.b, win32/browsefox.c, win32/conduit.searchprotect.a, win32/dealply.b, win32/dealply.e, win32/dealply.j, win32/elex.q, win32/elex.y, win32/toolbar.conduit.ac, win32/toolbar.conduit.p, win32/toolbar.conduit.x, win32/toolbar.crossrider.h, win32/toolbar.crossrider.j, win32/toolbar.crossrider.k, win32/toolbar.crossrider.l, win32/toolbar.crossrider.m, win32/toolbar.crossrider.n, win32/toolbar.crossrider.p, win64/toolbar.conduit.b, win64/toolbar.crossrider.a



Ähnliche Themen: Window 8.1, Virus "PUP.Otional.Sanbreel.A"


  1. "Suspicious.Cloud.9" (Trojaner) und "SAPE.DnwldSponsor.2" (Virus?, vielleicht False Positive)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2015 (23)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. Windows 7: verzögertes Herunterfahren, Meldung "Task Host Window"
    Log-Analyse und Auswertung - 14.12.2014 (37)
  4. "Window Web" entfernen
    Anleitungen, FAQs & Links - 24.08.2014 (2)
  5. Win7: Nach Neustart erscheint RunDLL-Window mit "Problem beim Starten von C:\Program Files (x86)\HomeTab\TBUpdater.dll"
    Plagegeister aller Art und deren Bekämpfung - 17.12.2013 (8)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. Win7: Nach Neustart erscheint RunDLL-Window mit "Problem beim Starten von C:\Program Files (x86)\HomeTab\TBUpdater.dll"
    Log-Analyse und Auswertung - 04.11.2013 (7)
  8. Sicherheitscenter deaktiviert und Virus "ADWARE/InstallCo.HA" "ADWARE/bProtect.D" "TR/Mevade.A.95" gefunden
    Log-Analyse und Auswertung - 10.09.2013 (10)
  9. Diverse "Buren" "Lamar" sowie ein Exploit Virus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (13)
  10. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  11. "Falsche" E-Mail von Freund mit Link ins Netz -> Virus oder nur "Werbung"?
    Log-Analyse und Auswertung - 30.07.2012 (1)
  12. Neuer Erpressungstrojaner von "Window Sicherheitscenter"
    Log-Analyse und Auswertung - 28.05.2012 (15)
  13. Verspätetes "Xmas-geschenk": 50€-Virus mit Text "System wird aus sicherheitsgründen blockiert"
    Log-Analyse und Auswertung - 02.01.2012 (5)
  14. GDI+ Window: Explorer.EXE - Fehler in Anwendung: Die Anweisung in "0x4ebb83bd"
    Plagegeister aller Art und deren Bekämpfung - 16.05.2010 (0)
  15. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  16. Was ist das? - "City Face.exe" bzw. "Admin Window"
    Plagegeister aller Art und deren Bekämpfung - 08.05.2005 (14)
  17. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)

Zum Thema Window 8.1, Virus "PUP.Otional.Sanbreel.A" - Hallo zusammen, ich habe seit einigen Tagen folgendes Problem Mein Program Maiwarebytes erkennt folgende Trojaner - Pup.Optional.Sanbreel.A - Pup.Optional.HomeTab.A Ich kann die Plagegeister in Quarantäne schicken, aber am nächsten Tag - Window 8.1, Virus "PUP.Otional.Sanbreel.A"...
Archiv
Du betrachtest: Window 8.1, Virus "PUP.Otional.Sanbreel.A" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.