Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8: Notebook langsam und eingeschränkt (https://www.trojaner-board.de/160207-windows-8-notebook-langsam-eingeschraenkt.html)

Iraklis 29.10.2014 14:57
Windows 8: Notebook langsam und eingeschränkt
 
Guten Tag,

Seit ca. 1 Woche funktioniert mein Asus Notebook (Windows 8) nicht wie gewohnt:

  • Das Notebook ist sehr langsam
  • Programme, Bilder, Video lassen sich nur öffnen, nur wenn man "als Administrator ausführen" drückt
  • Webbrowser langsam, voller Werbung und stürzt nach kurzer Zeit ab.

Ich bin der "Anleitung für Hilfesuchende bei Trojaner- und Virenbefall" gefolgt und einigen Tipps im Internet. Im Anhang findet Ihr die Logs.
ESET, Malwarebytes Anti-Malware, JRT und Combofix findet Ihr um Anhang.

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-29 14:34:06
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000035 Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Asus\AppData\Local\Temp\fxtcypow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\Explorer.exe[3216] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                      000007f822741532 4 bytes [74, 22, F8, 07]
.text  C:\Windows\Explorer.exe[3216] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                      000007f82274153a 4 bytes [74, 22, F8, 07]
.text  C:\Windows\Explorer.exe[3216] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                    000007f82274165a 4 bytes [74, 22, F8, 07]
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[608] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                000007f826921b32 4 bytes [92, 26, F8, 07]
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[608] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                000007f826921b3a 4 bytes [92, 26, F8, 07]
.text  C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[748] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306  000007f832fa177a 4 bytes [FA, 32, F8, 07]
.text  C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[748] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314  000007f832fa1782 4 bytes [FA, 32, F8, 07]
.text  C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[748] C:\Windows\SYSTEM32\msimg32.dll!GradientFill + 690            000007f822741532 4 bytes [74, 22, F8, 07]
.text  C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[748] C:\Windows\SYSTEM32\msimg32.dll!GradientFill + 698            000007f82274153a 4 bytes [74, 22, F8, 07]
.text  C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[748] C:\Windows\SYSTEM32\msimg32.dll!TransparentBlt + 246          000007f82274165a 4 bytes [74, 22, F8, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [552:576]                                                                                fffff960006655e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014
Ran by Asus (administrator) on SULAMISA on 29-10-2014 11:21:52
Running from F:\
Loaded Profile: Asus (Available profiles: Asus)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(DVDVideoSoft Ltd.) C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16455_none_624a7aa150f57306\TiWorker.exe
(Malwarebytes Corporation                                    ) F:\mbam-setup-2.0.3.1025.exe
() C:\Users\Asus\AppData\Local\temp\is-C1FEI.tmp\mbam-setup-2.0.3.1025.tmp
(Malwarebytes Corporation                                    ) F:\mbam-setup-2.0.3.1025.exe
() C:\Users\Asus\AppData\Local\temp\is-AO16D.tmp\mbam-setup-2.0.3.1025.tmp


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-09-14] ()
HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-480692169-2859508237-3514454044-1001\...\Run: [InetStat] => C:\Users\Asus\AppData\Roaming\InetStat\inetstat.exe [702478 2014-10-19] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe ()
Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Users\Asus\AppData\Local\StormWatch\StormWatch.exe (Weather Protector LLC)
Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
ShortcutTarget: StormWatchApp.lnk -> C:\Users\Asus\AppData\Local\StormWatch\StormWatchApp.exe (No File)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:13837;https=127.0.0.1:13837
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: ASUS Browser Extension x64 -> {78234974-0C4B-4111-BDEB-D9A104418772} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ASUS Browser Extension x86 -> {78234974-0C4B-4111-BDEB-D9A104418771} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Browsers+Apps+1.1 - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\Extensions\wrigtdamon@yahoo.com [2014-10-19]
FF Extension: Shopping Helper Smartbar - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\Extensions\{1a3e798c-998b-1943-0c7f-8fd69ced1164} [2014-10-26]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1413743725&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51139JDBGMHJDBGMHX
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Google Update) - C:\Users\Asus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-12]
CHR Extension: (YouTube) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03]
CHR Extension: (Google-Suche) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03]
CHR Extension: (Browsers+Apps+1.1) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago [2014-10-19]
CHR Extension: (Krab Web) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdijnalfcndckfbhkjakjoekpfojjilg [2014-10-19]
CHR Extension: (Google Wallet) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Google Mail) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]
S2 rcores; C:\Windows\rcore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [158968 2014-09-22] (ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 11:22 - 2014-10-29 11:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 11:21 - 2014-10-29 11:21 - 00000000 ____D () C:\FRST
2014-10-29 11:20 - 2014-10-29 11:20 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-29 11:20 - 2014-10-29 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 11:20 - 2014-10-29 11:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 11:20 - 2014-10-29 11:20 - 00000000 _____ () C:\Users\Asus\defogger_reenable
2014-10-29 11:20 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-29 11:20 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-29 11:20 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-28 23:59 - 2014-10-28 23:59 - 00001490 _____ () C:\Users\Asus\Desktop\Mozilla Firefox.lnk
2014-10-28 23:48 - 2014-10-28 23:48 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 23:48 - 2014-10-28 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-28 23:46 - 2014-10-29 10:51 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 23:46 - 2014-10-28 23:51 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 23:46 - 2014-10-28 23:46 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-28 23:46 - 2014-10-28 23:46 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-28 23:45 - 2014-10-28 23:47 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-28 23:44 - 2014-10-28 23:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-28 23:31 - 2014-10-28 23:47 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-28 23:31 - 2014-10-28 23:31 - 00001266 _____ () C:\Users\Asus\Desktop\Revo Uninstaller.lnk
2014-10-28 23:31 - 2014-10-28 23:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-28 22:22 - 2014-10-28 22:22 - 00000000 ____D () C:\Users\Asus\AppData\Local\ESET
2014-10-28 22:19 - 2014-10-28 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-10-28 22:19 - 2014-10-28 22:19 - 00000000 ____D () C:\ProgramData\ESET
2014-10-28 22:19 - 2014-10-28 22:19 - 00000000 ____D () C:\Program Files\ESET
2014-10-28 22:12 - 2014-10-28 22:12 - 02347384 _____ (ESET) C:\Users\Asus\Downloads\esetsmartinstaller_deu.exe
2014-10-28 21:52 - 2014-10-28 21:52 - 00000000 ____D () C:\Windows\ERUNT
2014-10-28 21:50 - 2014-10-28 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-28 21:46 - 2014-10-28 21:46 - 00033939 _____ () C:\ComboFix.txt
2014-10-28 21:38 - 2014-10-28 21:38 - 00003720 ____N () C:\bootsqm.dat
2014-10-28 21:19 - 2014-10-28 21:21 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-10-28 21:18 - 2014-10-28 21:46 - 00000000 ____D () C:\Qoobox
2014-10-28 21:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-28 21:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-28 21:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-28 21:17 - 2014-10-28 21:43 - 00000000 ____D () C:\Windows\erdnt
2014-10-28 19:41 - 2014-10-28 21:21 - 00003334 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-10-28 19:41 - 2014-10-28 21:21 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-28 19:41 - 2014-10-28 19:41 - 00000000 _____ () C:\autoexec.bat
2014-10-28 19:41 - 2012-06-22 12:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-10-28 19:40 - 2014-10-28 19:41 - 00000000 ____D () C:\sh4ldr
2014-10-28 19:40 - 2014-10-28 19:40 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-28 19:39 - 2014-10-28 19:41 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-26 16:51 - 2014-10-26 16:51 - 00002625 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-26 16:39 - 2014-10-26 16:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-20 15:53 - 2014-10-20 15:53 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Probit Software
2014-10-19 21:08 - 2014-10-19 21:08 - 00000000 __SHD () C:\Users\Asus\AppData\Roaming\AnyProtectEx
2014-10-19 19:48 - 2014-10-19 19:48 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-10-19 19:48 - 2014-10-19 19:48 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\InetStat
2014-10-19 19:48 - 2014-10-19 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-10-19 19:41 - 2014-10-26 17:06 - 00003240 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-10-19 19:38 - 2014-10-29 11:04 - 00001346 _____ () C:\Windows\Tasks\MQQ.job
2014-10-19 19:38 - 2014-10-19 19:38 - 00004350 _____ () C:\Windows\System32\Tasks\MQQ
2014-10-19 19:38 - 2014-10-19 19:38 - 00000000 ____D () C:\Users\Asus\AppData\Local\com
2014-10-19 19:37 - 2014-10-28 23:00 - 00001352 _____ () C:\Windows\Tasks\TSLPBY.job
2014-10-19 19:37 - 2014-10-26 16:39 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-19 19:37 - 2014-10-19 19:37 - 00004358 _____ () C:\Windows\System32\Tasks\TSLPBY
2014-10-19 19:36 - 2014-10-28 23:01 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-10-19 19:36 - 2014-10-19 19:36 - 00004024 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-10-19 19:35 - 2014-10-19 19:35 - 00001334 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
2014-10-19 19:35 - 2014-10-19 19:35 - 00001299 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hilfe.lnk
2014-10-19 19:35 - 2014-10-19 19:35 - 00001299 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Speed PC.lnk
2014-10-19 19:35 - 2014-10-19 19:35 - 00001284 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Speed PC on the Web.lnk
2014-10-19 19:34 - 2014-10-28 22:27 - 00000000 ____D () C:\Users\Asus\AppData\Local\StormWatch
2014-10-19 19:34 - 2014-10-28 21:29 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-10-19 19:34 - 2014-10-19 19:34 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2014-10-19 19:34 - 2014-10-19 19:34 - 00000000 ____D () C:\Users\Asus\AppData\Local\Weather_Protector_LLC
2014-10-19 19:34 - 2014-10-19 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-10-19 19:33 - 2014-10-19 19:33 - 01230800 _____ () C:\Users\Asus\Downloads\Player.exe
2014-10-19 17:19 - 2014-10-19 17:19 - 00308066 ____N () C:\Users\Asus\Desktop\steuer 1.zip
2014-10-19 16:49 - 2014-10-19 16:49 - 00308066 _____ () C:\Users\Asus\Documents\steuer 1.zip
2014-10-19 11:55 - 2014-10-19 11:55 - 00002216 _____ () C:\Users\Public\Desktop\t@x 2014.lnk
2014-10-19 11:52 - 2014-10-19 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\t@x 2014
2014-09-29 10:58 - 2014-09-29 10:58 - 00000338 _____ () C:\Users\Asus\Downloads\umsatz-5497________4837-20140929.csv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 11:21 - 2013-09-12 19:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-29 11:21 - 2013-05-24 18:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-29 11:21 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-29 11:20 - 2012-11-28 20:58 - 00000000 ____D () C:\Users\Asus
2014-10-29 11:08 - 2012-10-28 21:05 - 01545375 _____ () C:\Windows\WindowsUpdate.log
2014-10-29 11:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-29 11:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-10-29 10:56 - 2012-11-28 21:08 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-480692169-2859508237-3514454044-1001
2014-10-29 10:39 - 2012-12-03 21:18 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001UA.job
2014-10-29 00:12 - 2013-01-17 17:29 - 00000000 ____D () C:\Users\Asus\AppData\Local\CrashDumps
2014-10-28 23:45 - 2014-08-19 14:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-28 23:35 - 2013-01-18 10:47 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Mozilla
2014-10-28 23:26 - 2013-01-17 17:33 - 00000000 ____D () C:\Users\Asus\AppData\Local\Citrix
2014-10-28 23:23 - 2012-11-28 21:41 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Samsung
2014-10-28 23:23 - 2012-11-28 21:39 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-28 23:23 - 2012-10-28 20:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-28 23:07 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-10-28 23:07 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-10-28 23:07 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-28 22:59 - 2012-08-02 14:24 - 00110932 _____ () C:\Windows\PFRO.log
2014-10-28 22:59 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-28 22:14 - 2012-12-01 22:47 - 00445440 ___SH () C:\Users\Asus\Downloads\Thumbs.db
2014-10-28 21:46 - 2012-11-28 21:18 - 00060416 ___SH () C:\Users\Asus\Desktop\Thumbs.db
2014-10-28 21:46 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default
2014-10-28 21:44 - 2012-11-28 21:03 - 00000500 _____ () C:\Users\Asus\AppData\Roaming\sp_data.sys
2014-10-28 21:40 - 2012-07-26 06:26 - 00000215 _____ () C:\Windows\system.ini
2014-10-28 21:30 - 2012-07-26 06:26 - 73400320 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-28 21:30 - 2012-07-26 06:26 - 11796480 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-28 21:30 - 2012-07-26 06:26 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-28 21:30 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-28 21:30 - 2012-07-26 06:26 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-28 21:30 - 2012-07-26 06:26 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-10-28 19:38 - 2012-07-26 08:21 - 00040201 _____ () C:\Windows\setupact.log
2014-10-28 19:15 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-10-20 14:08 - 2012-07-26 06:26 - 00000322 _____ () C:\Windows\win.ini
2014-10-19 21:45 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-10-19 19:35 - 2012-11-28 21:02 - 00001678 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-19 15:55 - 2014-05-22 10:33 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-10-19 11:56 - 2014-05-22 10:37 - 00000086 _____ () C:\Windows\wiso.ini
2014-10-19 11:49 - 2014-05-22 10:33 - 00000000 ____D () C:\Program Files (x86)\Buhl finance
2014-10-06 20:53 - 2012-11-28 21:04 - 00000000 ____D () C:\Users\Asus\Documents\Bluetooth Folder
2014-09-29 09:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\Asus\AppData\Local\temp\InstHelper.exe
C:\Users\Asus\AppData\Local\temp\sqlite3.dll
C:\Users\Asus\AppData\Local\temp\TUUUninstallHelper.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 18:29

==================== End Of Log ============================
--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2014
Ran by Asus at 2014-10-29 11:25:06
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.32 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ESET NOD32 Antivirus (HKLM\...\{9EEE5827-F6A6-447E-9839-6AFAF6FCC442}) (Version: 8.0.304.4 - ESET, spol s r. o.)
Free YouTube to MP3 Converter version 3.12.10.812 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.10.812 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
InetStat (HKCU\...\InetStat) (Version: 0.5b - InetStat)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
t@x 2014 (HKLM-x32\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (08/27/2012 1.0.0.125) (HKLM\...\2BD897DEE9289F769D9176245811D5330A360B0B) (Version: 08/27/2012 1.0.0.125 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-480692169-2859508237-3514454044-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-480692169-2859508237-3514454044-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-480692169-2859508237-3514454044-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-480692169-2859508237-3514454044-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

28-10-2014 22:20:39 Removed Samsung Kies

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2014-10-28 21:40 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16E5B35A-9673-4EBA-AC90-F5C1AC37D25C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {198289B7-27B3-433F-A1AE-048EEB9446EF} - \ASP No Task File <==== ATTENTION
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1DB76B47-E148-42F2-9A24-56103C6A1E36} - System32\Tasks\TSLPBY => C:\Users\Asus\AppData\Roaming\TSLPBY.exe <==== ATTENTION
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {290F9B47-4D28-4ACE-B05D-65D91366D80B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {2AEB5209-E996-49B9-B969-283E0BEFCB5A} - System32\Tasks\MQQ => C:\Users\Asus\AppData\Roaming\MQQ.exe <==== ATTENTION
Task: {319D5422-1575-4C94-A9E1-E2BFD6DD8179} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4DB4AB46-84A8-4455-A412-E3ADE4562157} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {6683D72B-CB05-4A63-8E43-01E58C43C823} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {82C0FFFC-9BB3-413D-9992-64E9D3B76791} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {83635A10-A158-452F-8895-974DE7A6437E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {858D59E1-266D-460C-9E46-8CF60F77710F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {AED13FBC-9100-4FD8-96AF-DB95EEF51877} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001UA => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {B2800EDA-3D78-4BB3-AADC-AFFCFBABA640} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001Core1ce0d4ca69a01c8 => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {BECC9953-7B9D-46D7-80E9-3C624A30D1EE} - System32\Tasks\Google Updater and Installer => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C73C5D15-F828-427B-B98E-5DB5AFC6C104} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {D5825BB9-C269-4890-B2CE-B6B4000D3427} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {E1121F6C-B7B9-4B67-950E-2FE068AEFE7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {E55102B7-1977-408C-B9B8-B576429B1E11} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {E7294B90-9506-4D87-B3E6-9BADFE97F208} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F9E7068A-E805-4258-9A1F-0932E11DEEA2} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001Core1ce0d4ca69a01c8.job => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001UA.job => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MQQ.job => C:\Users\Asus\AppData\Roaming\MQQ.exe <==== ATTENTION
Task: C:\Windows\Tasks\TSLPBY.job => C:\Users\Asus\AppData\Roaming\TSLPBY.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-10-19 11:52 - 2013-10-30 16:45 - 00587856 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 09572944 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wgui14.dll
2014-10-19 11:49 - 2013-10-30 16:46 - 03674192 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wcore14.dll
2014-10-19 11:50 - 2013-10-30 16:45 - 00308816 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\rscorewinapi48.dll
2014-10-19 11:50 - 2013-10-30 16:45 - 00321616 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\rsguiwinapi48.dll
2014-10-19 11:50 - 2013-10-30 16:45 - 00034896 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\rsdcom48.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 02467408 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wfvie14.dll
2014-10-19 11:50 - 2013-10-30 16:37 - 01043456 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\clucene-core.dll
2014-10-19 11:50 - 2013-10-30 16:37 - 00250368 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\clucene-contribs-lib.dll
2014-10-19 11:50 - 2013-10-30 16:45 - 00136272 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\rsodbc48.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01855568 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wsteu14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01904208 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wreli14.dll
2014-10-19 11:50 - 2013-10-30 16:37 - 00094720 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\clucene-shared.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 04277840 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wauff14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01396816 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wmain14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 05019728 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wbae114.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01666128 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wbae214.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01786448 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wbae314.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01624144 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wbae414.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01125456 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\whau114.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01316944 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\whau214.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01278544 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wwerb14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 06818384 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wkont14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01266768 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wimp14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01322064 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wfabu14.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-10-28 20:47 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-08-16 23:22 - 2013-08-13 20:23 - 00233984 _____ () C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\DVDVideoSoft.Resources.dll
2013-08-16 23:22 - 2013-06-10 17:12 - 00032768 _____ () C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\de-DE\DVDVideoSoft.Resources.resources.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\Run: => "KiesPreload"
HKCU\...\StartupApproved\Run: => "KiesAirMessage"
HKCU\...\StartupApproved\Run: => "Google Update"
HKCU\...\StartupApproved\Run: => "NTRedirect"
HKCU\...\StartupApproved\Run: => ""
HKCU\...\StartupApproved\Run: => "Easy Speed PC"
HKCU\...\StartupApproved\Run: => "EasySpeedCheck"
HKCU\...\StartupApproved\Run: => "Browser Infrastructure Helper"

========================= Accounts: ==========================

Administrator (S-1-5-21-480692169-2859508237-3514454044-500 - Administrator - Disabled)
Asus (S-1-5-21-480692169-2859508237-3514454044-1001 - Administrator - Enabled) => C:\Users\Asus
Gast (S-1-5-21-480692169-2859508237-3514454044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-480692169-2859508237-3514454044-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2014 11:03:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a04

Startzeit: 01cff35f5f68ce34

Endzeit: 0

Anwendungspfad: C:\Windows\system32\wwahost.exe

Berichts-ID: cd09902e-5f52-11e4-beab-dc85de7829e6

Vollständiger Name des fehlerhaften Pakets: Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.ZuneVideo

Error: (10/29/2014 00:12:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x036b4e50
ID des fehlerhaften Prozesses: 0x1184
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5

Error: (10/28/2014 11:58:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x68a28482
ID des fehlerhaften Prozesses: 0x11f8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5

Error: (10/28/2014 11:58:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x011b4e50
ID des fehlerhaften Prozesses: 0x11f8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5

Error: (10/28/2014 11:58:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x68a28482
ID des fehlerhaften Prozesses: 0x548
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5

Error: (10/28/2014 11:58:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00ed4e50
ID des fehlerhaften Prozesses: 0x548
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5

Error: (10/28/2014 11:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x68a28482
ID des fehlerhaften Prozesses: 0xba0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5

Error: (10/28/2014 11:57:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00424e50
ID des fehlerhaften Prozesses: 0xba0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5

Error: (10/28/2014 11:57:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x68a28482
ID des fehlerhaften Prozesses: 0x2c4
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5

Error: (10/28/2014 11:57:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00ec4e50
ID des fehlerhaften Prozesses: 0x2c4
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5


System errors:
=============
Error: (10/29/2014 10:49:32 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (10/29/2014 10:48:32 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (10/29/2014 10:43:19 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (10/29/2014 00:19:48 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (10/28/2014 11:43:11 PM) (Source: DCOM) (EventID: 10010) (User: SulaMisa)
Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}

Error: (10/28/2014 11:36:29 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/28/2014 11:36:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/28/2014 11:36:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (10/28/2014 11:00:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "rcores" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/28/2014 10:28:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "rcores" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (10/29/2014 11:03:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.2.9200.16420a0401cff35f5f68ce340C:\Windows\system32\wwahost.execd09902e-5f52-11e4-beab-dc85de7829e6Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbweMicrosoft.ZuneVideo

Error: (10/29/2014 00:12:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c00001a5036b4e50118401cff304943e93b0C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknownd2e7dc1d-5ef7-11e4-beab-dc85de7829e6

Error: (10/28/2014 11:58:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c000000568a2848211f801cff302a4ba2fecC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknowne3388d81-5ef5-11e4-beab-dc85de7829e6

Error: (10/28/2014 11:58:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c00001a5011b4e5011f801cff302a4ba2fecC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknowne2776c7a-5ef5-11e4-beab-dc85de7829e6

Error: (10/28/2014 11:58:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c000000568a2848254801cff3029fc8cfa0C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknowndddac2a0-5ef5-11e4-beab-dc85de7829e6

Error: (10/28/2014 11:58:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c00001a500ed4e5054801cff3029fc8cfa0C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknowndd869c01-5ef5-11e4-beab-dc85de7829e6

Error: (10/28/2014 11:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c000000568a28482ba001cff3029d15ae7eC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknowndbb2877b-5ef5-11e4-beab-dc85de7829e6

Error: (10/28/2014 11:57:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c00001a500424e50ba001cff3029d15ae7eC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknowndad1dc74-5ef5-11e4-beab-dc85de7829e6

Error: (10/28/2014 11:57:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c000000568a284822c401cff3029c2a5a77C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknownda39a77a-5ef5-11e4-beab-dc85de7829e6

Error: (10/28/2014 11:57:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c00001a500ec4e502c401cff3029c2a5a77C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknownd9e3a1bc-5ef5-11e4-beab-dc85de7829e6


CodeIntegrity Errors:
===================================
  Date: 2014-10-28 21:29:36.381
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B970 @ 2.30GHz
Percentage of memory in use: 60%
Total physical RAM: 3979.81 MB
Available physical RAM: 1587.84 MB
Total Pagefile: 4683.81 MB
Available Pagefile: 2317.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:108.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:258.32 GB) NTFS
Drive e: (KING_OF_QUEENS_4_2) (CDROM) (Total:7.81 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 944CB54D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 41A39127)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)

==================== End Of Log ============================
--- --- ---


Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:21 on 29/10/2014 (Asus)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Vielen Dank für eure Hilfe.

cosinus 29.10.2014 15:28
Hi und :hallo:

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Iraklis 30.10.2014 09:30
Code:
ComboFix 14-10-27.01 - Asus 28.10.2014  21:20:54.1.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3980.2467 [GMT 1:00]
ausgeführt von:: F:\ComboFix.exe
AV: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Browsers+Apps+1.1\45a2385e-4baa-493c-ad51-c0df4833fd6c.dll
c:\program files (x86)\Browsers+Apps+1.1\cdc412ab-112e-4df3-b7b0-89539cc30d3b.dll
c:\program files (x86)\Easy Speed Check
c:\program files (x86)\Easy Speed Check\cwebpage.dll
c:\program files (x86)\Easy Speed Check\easyspeedcheck.exe
c:\program files (x86)\Easy Speed Check\esc.ico
c:\program files (x86)\Easy Speed Check\libcurl.dll
c:\program files (x86)\Easy Speed Check\libeay32.dll
c:\program files (x86)\Easy Speed Check\libgcc_s_dw2-1.dll
c:\program files (x86)\Easy Speed Check\libidn-11.dll
c:\program files (x86)\Easy Speed Check\libstdc++-6.dll
c:\program files (x86)\Easy Speed Check\ssleay32.dll
c:\program files (x86)\Easy Speed Check\uninstall.exe
c:\program files (x86)\Easy Speed Check\zlib1.dll
c:\program files (x86)\MyPC Backup
c:\program files (x86)\MyPC Backup\aff.conf
c:\program files (x86)\MyPC Backup\AlphaVSS.51.x86.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.52.x64.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.52.x86.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.60.x64.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.60.x86.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.Common.dll
c:\program files (x86)\MyPC Backup\AWSSDK.dll
c:\program files (x86)\MyPC Backup\BackupStack.exe
c:\program files (x86)\MyPC Backup\Configuration Updater.exe
c:\program files (x86)\MyPC Backup\Crypto32.dll
c:\program files (x86)\MyPC Backup\Crypto64.dll
c:\program files (x86)\MyPC Backup\Database\mpcb_backup_conf.db
c:\program files (x86)\MyPC Backup\Database\mpcb_file_cache.db
c:\program files (x86)\MyPC Backup\Database\mpcb_queues.db
c:\program files (x86)\MyPC Backup\Database\mpcb_settings.db
c:\program files (x86)\MyPC Backup\Database\mpcb_sig_cache.db
c:\program files (x86)\MyPC Backup\de_DE.mo
c:\program files (x86)\MyPC Backup\diffstack.dll
c:\program files (x86)\MyPC Backup\es_ES.mo
c:\program files (x86)\MyPC Backup\fr_FR.mo
c:\program files (x86)\MyPC Backup\GetText.dll
c:\program files (x86)\MyPC Backup\it_IT.mo
c:\program files (x86)\MyPC Backup\LinqBridge.dll
c:\program files (x86)\MyPC Backup\log\APPLICATION.log
c:\program files (x86)\MyPC Backup\log\WAIT_HANDLES.log
c:\program files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll
c:\program files (x86)\MyPC Backup\MPCBClient.dll
c:\program files (x86)\MyPC Backup\MPCBContextMenu.dll
c:\program files (x86)\MyPC Backup\MPCBIconOverlays.dll
c:\program files (x86)\MyPC Backup\MyPC Backup.exe
c:\program files (x86)\MyPC Backup\mypcbackup.ico
c:\program files (x86)\MyPC Backup\ObjectListView.dll
c:\program files (x86)\MyPC Backup\pt_PT.mo
c:\program files (x86)\MyPC Backup\RegisterExtensionDotNet20_x64.exe
c:\program files (x86)\MyPC Backup\RegisterExtensionDotNet20_x86.exe
c:\program files (x86)\MyPC Backup\RestartExplorer.exe
c:\program files (x86)\MyPC Backup\Service Start.exe
c:\program files (x86)\MyPC Backup\Shared Stack.dll
c:\program files (x86)\MyPC Backup\Signup Wizard.exe
c:\program files (x86)\MyPC Backup\syncicon.ico
c:\program files (x86)\MyPC Backup\syncing.ico
c:\program files (x86)\MyPC Backup\tick.ico
c:\program files (x86)\MyPC Backup\uninst.exe
c:\program files (x86)\MyPC Backup\UnRegisterExtensions.exe
c:\program files (x86)\MyPC Backup\Updater.exe
c:\program files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
c:\program files (x86)\MyPC Backup\x86\System.Data.SQLite.dll
c:\program files (x86)\Probit Software\Easy Speed PC
c:\program files (x86)\Probit Software\Easy Speed PC\EasySpeedPC.chm
c:\program files (x86)\Probit Software\Easy Speed PC\EasySpeedPC.exe
c:\program files (x86)\Probit Software\Easy Speed PC\esp.ico
c:\program files (x86)\Probit Software\Easy Speed PC\ESPCGuard.exe
c:\program files (x86)\Probit Software\Easy Speed PC\ESPCLauncher.exe
c:\program files (x86)\Probit Software\Easy Speed PC\ESPCReminder.exe
c:\program files (x86)\Probit Software\Easy Speed PC\ESPCSchedule.exe
c:\program files (x86)\Probit Software\Easy Speed PC\ESPCSmartScan.exe
c:\program files (x86)\Probit Software\Easy Speed PC\file_id.diz
c:\program files (x86)\Probit Software\Easy Speed PC\German.ini
c:\program files (x86)\Probit Software\Easy Speed PC\HomePage.url
c:\program files (x86)\Probit Software\Easy Speed PC\scan.gif
c:\program files (x86)\Probit Software\Easy Speed PC\sqlite3.dll
c:\program files (x86)\Probit Software\Easy Speed PC\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
c:\programdata\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY\MyBestOffersToday.lnk
c:\programdata\SetStretch.exe
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica129e.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica129f.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica1550.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica1551.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica18d3.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica18d4.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica1962.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica1963.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica273a.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica273b.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica2b76.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica2b77.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica4839.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica483a.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica8e32.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\ica8e33.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\icaa2f2.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\icaa2f3.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\icab9cd.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\icaf0f3.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\icaf41.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\icaf42.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\icaf78e.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\icaf78f.ica
c:\users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\icafa1d.ica
c:\users\Asus\AppData\Local\nsj5925.tmp
c:\users\Asus\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
-------\Legacy_BackupStack
-------\Legacy_BackupStack
-------\Service_BackupStack
-------\Service_BackupStack
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-09-28 bis 2014-10-28  ))))))))))))))))))))))))))))))
.
.
2014-10-28 20:30 . 2014-10-28 20:30        --------        d-----w-        c:\users\Asus\AppData\Local\temp
2014-10-28 20:30 . 2014-10-28 20:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-10-28 20:21 . 2014-10-28 20:21        --------        d-----w-        c:\program files (x86)\Enigma Software Group
2014-10-28 20:19 . 2014-10-28 20:21        --------        d-----w-        c:\windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-10-28 20:02 . 2014-08-07 08:59        11319200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EE56F4E-116F-46FB-840E-047D02189EF6}\mpengine.dll
2014-10-28 18:41 . 2012-06-22 11:01        22704        ----a-w-        c:\windows\system32\drivers\EsgScanner.sys
2014-10-28 18:40 . 2014-10-28 18:41        --------        d-----w-        C:\sh4ldr
2014-10-28 18:40 . 2014-10-28 18:40        --------        d-----w-        c:\program files\Enigma Software Group
2014-10-28 18:39 . 2014-10-28 18:41        --------        d-----w-        c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-28 18:39 . 2014-10-28 20:19        --------        d-----w-        c:\program files (x86)\Common Files\Wise Installation Wizard
2014-10-26 15:51 . 2014-10-28 20:09        --------        d-----w-        c:\users\Asus\AppData\Roaming\Systweak
2014-10-26 15:51 . 2014-08-05 18:14        20328        ----a-w-        c:\windows\system32\roboot64.exe
2014-10-26 15:50 . 2014-10-26 15:50        --------        d-----w-        c:\users\Asus\AppData\Local\LPT
2014-10-26 15:50 . 2014-10-26 15:50        --------        d-----w-        c:\users\Asus\AppData\Local\Smartbar
2014-10-20 14:53 . 2014-10-20 14:53        --------        d-----w-        c:\users\Asus\AppData\Roaming\Probit Software
2014-10-19 20:08 . 2014-10-19 20:08        --------        d-----w-        c:\program files (x86)\AnyProtectEx
2014-10-19 20:08 . 2014-10-19 20:08        --------        d-sh--w-        c:\users\Asus\AppData\Roaming\AnyProtectEx
2014-10-19 19:45 . 2014-10-19 05:20        48784        ----a-w-        c:\windows\system32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64.sys
2014-10-19 18:48 . 2014-10-19 18:48        --------        d-----w-        c:\users\Asus\AppData\Roaming\InetStat
2014-10-19 18:43 . 2014-10-20 13:09        --------        d-----w-        c:\program files (x86)\Krab Web
2014-10-19 18:41 . 2014-10-19 18:41        --------        d-----w-        c:\users\Asus\AppData\Roaming\Optimizer Pro
2014-10-19 18:38 . 2014-10-19 18:38        --------        d-----w-        c:\users\Asus\AppData\Local\com
2014-10-19 18:38 . 2014-10-19 18:38        1512848        ----a-w-        c:\users\Asus\AppData\Roaming\MQQ.exe
2014-10-19 18:37 . 2014-10-26 15:39        --------        d--h--w-        c:\users\Public\Temp
2014-10-19 18:37 . 2014-10-19 18:37        --------        d-----w-        c:\programdata\IePluginServices
2014-10-19 18:37 . 2014-10-19 18:37        --------        d-----w-        c:\program files (x86)\SupTab
2014-10-19 18:37 . 2014-10-19 18:37        --------        d-----w-        c:\users\Asus\AppData\Local\fastplayer
2014-10-19 18:37 . 2014-10-19 18:37        2001296        ----a-w-        c:\users\Asus\AppData\Roaming\TSLPBY.exe
2014-10-19 18:37 . 2014-10-19 18:37        --------        d-----w-        c:\programdata\WindowsMangerProtect
2014-10-19 18:36 . 2014-10-19 18:36        --------        d-----w-        c:\program files (x86)\globalUpdate
2014-10-19 18:36 . 2014-10-19 18:36        --------        d-----w-        c:\users\Asus\AppData\Local\globalUpdate
2014-10-19 18:36 . 2014-10-28 20:29        --------        d-----w-        c:\program files (x86)\Browsers+Apps+1.1
2014-10-19 18:36 . 2014-10-19 18:36        --------        d-----w-        c:\users\Asus\AppData\Roaming\omiga-plus
2014-10-19 18:35 . 2014-10-19 18:36        --------        d-----w-        c:\program files (x86)\FastPlayer
2014-10-19 18:35 . 2014-10-19 18:35        --------        d-----w-        c:\program files (x86)\Optimizer Pro
2014-10-19 18:35 . 2014-10-28 20:40        --------        d-----w-        c:\users\Asus\AppData\Local\mbot_de_176
2014-10-19 18:35 . 2014-10-19 18:35        --------        d-----w-        c:\program files (x86)\mbot_de_176
2014-10-19 18:35 . 2014-10-18 21:00        1318912        ----a-w-        c:\windows\rcore.exe
2014-10-19 18:34 . 2014-10-19 18:34        --------        d-----w-        c:\program files (x86)\ver1NewPlayer
2014-10-19 18:34 . 2014-10-19 18:34        --------        d-----w-        c:\users\Asus\AppData\Local\Weather_Protector_LLC
2014-10-19 18:34 . 2014-10-19 18:34        --------        d-----w-        c:\users\Asus\AppData\Roaming\VOPackage
2014-10-19 18:34 . 2014-10-28 20:29        --------        d-----w-        c:\program files (x86)\Probit Software
2014-10-19 18:34 . 2014-10-19 18:34        --------        d-----w-        c:\program files (x86)\PepperZip
2014-10-19 18:34 . 2014-10-19 18:34        --------        d-----w-        c:\users\Asus\AppData\Local\StormWatch
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-26 15:39 . 2012-11-28 20:03        500        ----a-w-        c:\users\Asus\AppData\Roaming\sp_data.sys
2014-09-21 19:56 . 2012-07-26 08:13        23256        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110611501155}]
2014-10-19 18:38        580496        ----a-w-        c:\program files (x86)\Browsers+Apps+1.1\Browsers+Apps+1.1-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2012-06-02 20:25        298568        ----a-w-        c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-10-19 18:37        515464        ----a-w-        c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-08-15 08:08        314264        ----a-w-        c:\program files (x86)\Delta\delta\1.8.24.5\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{feadf62f-aec2-46a1-a087-40149f311df9}]
2014-10-19 18:43        250096        ----a-w-        c:\program files (x86)\Krab Web\KrabWebbho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-11-12 968120]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-11-01 577536]
"InetStat"="c:\users\Asus\AppData\Roaming\InetStat\inetstat.exe" [2014-10-19 702478]
"Browser Infrastructure Helper"="c:\users\Asus\AppData\Local\Smartbar\Application\Smartbar.exe" [2014-08-27 28192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-12-18 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-16 5264016]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe" [2012-08-28 3417984]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-11-12 309688]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="C:\iTunesHelper.exe" [2013-11-01 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"mbot_de_176"="c:\program files (x86)\mbot_de_176\mbot_de_176.exe" [2014-10-17 3976616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"upmbot_de_176.exe"="c:\users\Asus\AppData\Local\mbot_de_176\upmbot_de_176.exe" [2014-10-17 3338720]
.
c:\users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
StormWatch.lnk - c:\users\Asus\AppData\Local\StormWatch\StormWatch.exe /restart [2014-8-21 160936]
StormWatchApp.lnk - c:\users\Asus\AppData\Local\StormWatch\StormWatchApp.exe [2014-9-29 1147416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-10-28 549040]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
t@x aktuell.lnk - c:\program files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe [2014-10-19 587856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
2;2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 RTL8168;Realtek 8168 NT-Treiber;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 {6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64;{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64;c:\windows\system32\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64.sys;c:\windows\SYSNATIVE\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 70e6ca8c;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 FastPlayerUpdaterService;FastPlayer Updater Service;c:\program files (x86)\FastPlayer\FastPlayerUpdaterService.exe;c:\program files (x86)\FastPlayer\FastPlayerUpdaterService.exe [x]
S2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NewPlayer;NewPlayer;c:\program files (x86)\ver1NewPlayer\a6Ff180.exe;c:\program files (x86)\ver1NewPlayer\a6Ff180.exe [x]
S2 rcores;rcores;c:\windows\rcore.exe;c:\windows\rcore.exe [x]
S2 servervo;VO Service component;c:\users\Asus\AppData\Roaming\VOPackage\VOsrv.exe;c:\users\Asus\AppData\Roaming\VOPackage\VOsrv.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 Update Krab Web;Update Krab Web;c:\program files (x86)\Krab Web\updateKrabWeb.exe;c:\program files (x86)\Krab Web\updateKrabWeb.exe [x]
S2 Util Krab Web;Util Krab Web;c:\program files (x86)\Krab Web\bin\utilKrabWeb.exe;c:\program files (x86)\Krab Web\bin\utilKrabWeb.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-28 c:\windows\Tasks\6d786e30-4981-463b-9e25-28967b78032e-1.job
- c:\program files (x86)\Browsers+Apps+1.1\Browsers+Apps+1.1-codedownloader.exe [2014-10-19 18:38]
.
2014-10-28 c:\windows\Tasks\6d786e30-4981-463b-9e25-28967b78032e-11.job
- c:\program files (x86)\Browsers+Apps+1.1\6d786e30-4981-463b-9e25-28967b78032e-11.exe [2014-10-19 18:37]
.
2014-10-28 c:\windows\Tasks\6d786e30-4981-463b-9e25-28967b78032e-2.job
- c:\program files (x86)\Browsers+Apps+1.1\6d786e30-4981-463b-9e25-28967b78032e-2.exe [2014-10-19 18:38]
.
2014-10-28 c:\windows\Tasks\6d786e30-4981-463b-9e25-28967b78032e-3.job
- c:\program files (x86)\Browsers+Apps+1.1\6d786e30-4981-463b-9e25-28967b78032e-3.exe [2014-10-19 18:36]
.
2014-10-28 c:\windows\Tasks\6d786e30-4981-463b-9e25-28967b78032e-4.job
- c:\program files (x86)\Browsers+Apps+1.1\6d786e30-4981-463b-9e25-28967b78032e-4.exe [2014-10-19 18:37]
.
2014-10-28 c:\windows\Tasks\6d786e30-4981-463b-9e25-28967b78032e-5.job
- c:\program files (x86)\Browsers+Apps+1.1\6d786e30-4981-463b-9e25-28967b78032e-5.exe [2014-10-19 18:38]
.
2014-10-28 c:\windows\Tasks\6d786e30-4981-463b-9e25-28967b78032e-5_user.job
- c:\program files (x86)\Browsers+Apps+1.1\6d786e30-4981-463b-9e25-28967b78032e-5.exe [2014-10-19 18:38]
.
2014-10-28 c:\windows\Tasks\6d786e30-4981-463b-9e25-28967b78032e-6.job
- c:\program files (x86)\Browsers+Apps+1.1\6d786e30-4981-463b-9e25-28967b78032e-6.exe [2014-10-19 18:37]
.
2014-10-28 c:\windows\Tasks\6d786e30-4981-463b-9e25-28967b78032e-7.job
- c:\program files (x86)\Browsers+Apps+1.1\6d786e30-4981-463b-9e25-28967b78032e-7.exe [2014-10-19 18:37]
.
2014-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-12 16:21]
.
2014-10-28 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-19 18:36]
.
2014-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001Core1ce0d4ca69a01c8.job
- c:\users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-03 20:18]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001UA.job
- c:\users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-03 20:18]
.
2014-10-28 c:\windows\Tasks\MQQ.job
- c:\users\Asus\AppData\Roaming\MQQ.exe [2014-10-19 18:38]
.
2014-10-28 c:\windows\Tasks\NewPlayer Update.job
- c:\program files (x86)\ver1NewPlayer\t0NewPlayerW38.exe [2014-10-19 18:34]
.
2014-10-28 c:\windows\Tasks\TSLPBY.job
- c:\users\Asus\AppData\Roaming\TSLPBY.exe [2014-10-19 18:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23        1500672        ----a-w-        c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23        1500672        ----a-w-        c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23        1500672        ----a-w-        c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 398656]
"BtPreLoad"="c:\program files (x86)\Bluetooth Suite\BtPreLoad.exe" [2012-09-14 64640]
"ASUSQuickGesture(x86)"="c:\program files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe" [2012-09-11 20352]
"ASUSTPLoader(x64)"="c:\program files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe" [2012-09-11 169856]
"ASUSQuickGesture(x64)"="c:\program files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe" [2012-09-11 22400]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-08-24 107192]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1413743725&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51139JDBGMHJDBGMHX&q={searchTerms}
mDefault_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1413743725&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51139JDBGMHJDBGMHX
mStart Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1413743725&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51139JDBGMHJDBGMHX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1413743725&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51139JDBGMHJDBGMHX&q={searchTerms}
uInternet Settings,ProxyServer = http=127.0.0.1:13837;https=127.0.0.1:13837
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_Xmy1jzOTjU3bh2prfgUVUg89mWqEo_izsgD9G5gZgHZ3xz3xamVKY4k88ocCFW1Hz75gPImXzxdzBgrBG0npbToyj6nR2zjGwMI0HuQ-I9yI7CmJPtDYiYQvOfxqFcUbROsQWuUs0KlSNfULqSBEA,,&q={searchTerms}
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_Xmy1jzOTjU3bh2prfgUVUg89mWqEo_izsgD9G5gZgHZ3xz3xamVKY4k88ocCFW1Hz75gPImXzxdzBgrBG0npbTkNfh76aYBltDownxJuQwt1TOHBdCuVnkWkN9Cj7JHXcqxx5uweIAQRUEv53BOEw,,
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_Xmy1jzOTjU3bh2prfgUVUg89mWqEo_izsgD9G5gZgHZ3xz3xamVKY4k88ocCFW1Hz75gPImXzxdzBgrBG0npbToyj6nR2zjGwMI0HuQ-I9yI7CmJPtDYiYQvOfxqFcUbROsQWuUs0KlSNfULqSBEw,,&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Easy Speed PC - c:\program files (x86)\Probit Software\Easy Speed PC\ESPCLauncher.exe
Wow6432Node-HKCU-Run-EasySpeedCheck - c:\program files (x86)\Easy Speed Check\easyspeedcheck.exe
c:\users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe
Toolbar-Locked - (no file)
AddRemove-Delta Chrome Toolbar - c:\users\Asus\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
AddRemove-Easy Speed Check - c:\program files (x86)\Easy Speed Check\uninstall.exe
AddRemove-Easy Speed PC - c:\program files (x86)\Probit Software\Easy Speed PC\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
c:\program files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
c:\program files (x86)\ver1NewPlayer\M7S.exe
c:\program files (x86)\SupTab\HpUI.exe
c:\program files (x86)\SupTab\Loader32.exe
c:\program files (x86)\Optimizer Pro\OptProSmartScan.exe
c:\program files (x86)\Optimizer Pro\OptProReminder.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\Citrix\Receiver\Receiver.exe
c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-10-28  21:46:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-10-28 20:46
.
Vor Suchlauf: 14 Verzeichnis(se), 121.144.606.720 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 124.979.265.536 Bytes frei
.
- - End Of File - - D3A86A29088209EF8CEE5C3374E032F5
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 8 x64
Ran by Asus on 28.10.2014 at 21:52:52,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] 70e6ca8c
Successfully deleted: [Service] 70e6ca8c
Successfully stopped: [Service] iepluginservices
Successfully deleted: [Service] iepluginservices
Successfully stopped: [Service] servervo
Successfully deleted: [Service] servervo
Successfully stopped: [Service] windowsmangerprotect
Successfully deleted: [Service] windowsmangerprotect



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\browser infrastructure helper
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110611501155}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220622502255}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550655505555}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660666506655}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611501155}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220622502255}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550655505555}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660666506655}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550655505555}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660666506655}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550655505555}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660666506655}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611501155}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}



~~~ Files

Successfully deleted: [File] "C:\Users\Asus\appdata\local\google\chrome\user data\default\bprotector web data"
Successfully deleted: [File] "C:\Users\Asus\appdata\local\google\chrome\user data\default\bprotectorpreferences"
Successfully deleted: [File] "C:\Users\Asus\appdata\local\google\chrome\user data\default\local storage\http_static.betterdeals00.betterdeals.co_0.localstorage"
Successfully deleted: [File] "C:\Users\Asus\appdata\local\google\chrome\user data\default\local storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Asus\appdata\local\google\chrome\user data\default\local storage\http_www.golsearch.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Asus\appdata\local\google\chrome\user data\default\local storage\http_www.golsearch.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Asus\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Asus\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Asus\appdata\local\google\chrome\user data\default\local storage\http_www.triple-search.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Asus\appdata\local\google\chrome\user data\default\local storage\http_www.triple-search.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Asus\appdata\local\google\chrome\user data\default\local storage\http_www1.delta-search.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Asus\appdata\local\google\chrome\user data\default\local storage\http_www1.delta-search.com_0.localstorage-journal"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\iepluginservices"
Successfully deleted: [Folder] "C:\ProgramData\windowsmangerprotect"
Successfully deleted: [Folder] "C:\Users\Asus\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Asus\AppData\Roaming\delta"
Successfully deleted: [Folder] "C:\Users\Asus\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Asus\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Asus\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\Asus\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Asus\AppData\Roaming\vopackage"
Successfully deleted: [Folder] "C:\Users\Asus\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Asus\appdata\local\globalupdate"
Successfully deleted: [Folder] "C:\Users\Asus\appdata\local\lpt"
Successfully deleted: [Folder] "C:\Users\Asus\appdata\local\onlysearch"
Successfully deleted: [Folder] "C:\Users\Asus\appdata\local\smartbar"
Successfully deleted: [Folder] "C:\Users\Asus\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\Asus\appdata\locallow\smartbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\anyprotectex"
Successfully deleted: [Folder] "C:\Program Files (x86)\delta"
Failed to delete: [Folder] "C:\Program Files (x86)\globalupdate"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Failed to delete: [Folder] "C:\Program Files (x86)\suptab"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2"
Successfully deleted: [Folder] "C:\Users\Asus\AppData\Roaming\microsoft\windows\start menu\programs\anyprotect pc backup"
Successfully deleted: [Folder] "C:\Users\Asus\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"
Successfully deleted: [Folder] "C:\Users\Asus\AppData\Roaming\microsoft\windows\start menu\programs\vopackage"
Successfully deleted: [Folder] "C:\Users\Asus\documents\optimizer pro"



~~~ FireFox

Successfully deleted: [File] C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\g1duac04.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\g1duac04.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\g1duac04.default\searchplugins\web search.xml
Successfully deleted: [Folder] C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\g1duac04.default\extensions\faststartff@gmail.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\faststartff@gmail.com
Successfully deleted the following from C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\g1duac04.default\prefs.js

user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_Xmy1jzOTjU3bh2prfgUVUg89mWqEo_izsgD9G5gZgHZ3xz3xamVKY4k88ocCFW1Hz75gPIm
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.selectedEngine", "Web Search");
user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_Xmy1jzOTjU3bh2prfgUVUg89mWqEo_izsgD9G5gZgHZ3xz3xamVKY4k88ocCFW1Hz
user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22d
user_pref("extensions.crossrider.bic", "14929b63cf5313b1e9d55e600306196d");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "de");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "ac971a95000000000000dc85de7829e6");
user_pref("extensions.delta.instlDay", "15933");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.24.5");
user_pref("extensions.delta.vrsnTs", "1.8.24.522:49:07");
user_pref("extensions.delta.vrsni", "1.8.24.5");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4976");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\",\\\".search.yahoo.com\\\\\\/yhs\\\\\\/search?hspart=lk
user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_Xmy1jzOTjU3bh2prfgUVUg89mWqEo_izsgD9G5gZgHZ3xz3xamVKY4k88ocCFW1Hz75gPImXzxdzBg
Emptied folder: C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\g1duac04.default\minidumps [1 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Asus\appdata\local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Failed to delete: [Folder] C:\Users\Asus\appdata\local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.10.2014 at 21:59:33,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 29.10.2014
Suchlauf-Zeit: 11:23:17
Logdatei: Malwarebytes Anti-Malware.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.10.29.03
Rootkit Datenbank: v2014.10.22.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Asus

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 331825
Verstrichene Zeit: 56 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 4
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, , [ef8865b5c8b4eb4b504f80a232d1e020],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [651248d290ec38fe6040f82a649f29d7],
PUP.Optional.Score.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RCORES, , [9dda5ac0a0dcff37fd2e5a4006fe956b],
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-480692169-2859508237-3514454044-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp, , [492e1cfe106cf73f995528fb937029d7],

Registrierungswerte: 1
PUP.Optional.Score.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RCORES|ImagePath, C:\Windows\rcore.exe, , [9dda5ac0a0dcff37fd2e5a4006fe956b]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 32
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch, , [64137e9c720a6fc7f645c85d966d45bb],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch, , [4a2d8c8e4e2ee254f893f99f8b79eb15],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\userCode, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\icons, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\icons\actions, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\api, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\popupResource, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_hoidflomjnnnbiemmkjdjkkialmhbago_0, , [1067130776060c2a0245021c44bf23dd],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\defaults, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\defaults\preferences, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\userCode, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\locale, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\locale\en-US, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\Weather_Protector_LLC, , [d1a69d7d225a47ef9773a47c1fe4cb35],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\Weather_Protector_LLC\StormWatch.exe_Url_yxyfyjwhicejy2vn4ggzx12etuvuscrn, , [d1a69d7d225a47ef9773a47c1fe4cb35],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\Weather_Protector_LLC\StormWatch.exe_Url_yxyfyjwhicejy2vn4ggzx12etuvuscrn\1.5.0.0, , [d1a69d7d225a47ef9773a47c1fe4cb35],
PUP.Optional.KrabWeb.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdijnalfcndckfbhkjakjoekpfojjilg, , [66111802512be0567aeb041d748f3ac6],
PUP.Optional.KrabWeb.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdijnalfcndckfbhkjakjoekpfojjilg\1.0.1_0, , [66111802512be0567aeb041d748f3ac6],

Dateien: 199
PUP.Optional.DomaIQ, C:\Users\Asus\AppData\Local\temp\pyxKYXXz.exe.part, , [6b0cd04a423aec4a0f4c510a2cd49868],
PUP.Optional.DomaIQ, C:\Users\Asus\Downloads\Player.exe, , [d5a28d8da7d5c373e97c5801f9078878],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\StormUpdater.exe, , [b5c28298700ca690944dfbd5ba47dd23],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\StormWatch.exe, , [d99e4ecce29afc3aa5e496bfee129967],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\StormWatchappuninstall.exe, , [d6a1dc3e39439c9af693d283c83818e8],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk, , [e592b763d7a50a2c053528fd72918f71],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\StormWatch.exe.config, , [64137e9c720a6fc7f645c85d966d45bb],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\ICSharpCode.SharpZipLib.dll, , [64137e9c720a6fc7f645c85d966d45bb],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\StormUpdater.exe.config, , [64137e9c720a6fc7f645c85d966d45bb],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\StormWatchApp.dat, , [64137e9c720a6fc7f645c85d966d45bb],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\uninstall.exe, , [64137e9c720a6fc7f645c85d966d45bb],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk, , [d1a6cc4ef488da5ce2a856423ec6cc34],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch\Uninstall StormWatch.lnk, , [4a2d8c8e4e2ee254f893f99f8b79eb15],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch\StormWatch.lnk, , [4a2d8c8e4e2ee254f893f99f8b79eb15],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hoidflomjnnnbiemmkjdjkkialmhbago_0.localstorage, , [2552d347136992a4aa4a4157af5517e9],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hoidflomjnnnbiemmkjdjkkialmhbago_0.localstorage-journal, , [db9cd44690ec95a1c232bcdcc34102fe],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\background.html, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\chromeCoreFilesIndex.txt, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\manifest.json, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\popup.html, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\Settings.json, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\manifest.xml, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins.json, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\102.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\104.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\13.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\14.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\17.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\180.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\184.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\19.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\192.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\195.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\220.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\221.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\223.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\233.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\242.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\246.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\260.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\262.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\263.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\267.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\273.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\275.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\281.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\289.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\300.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\4.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\47.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\64.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\7.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\78.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\80.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\9.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\93.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\97.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\userCode\background.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\userCode\extension.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\icons\icon128.png, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\icons\icon16.png, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\icons\icon48.png, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\icons\actions\1.png, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\8c38b1867e7a37eb2684f1ff8c9e6f74.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\9849bad535bb0d405e7cd6bd6e642679.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\main.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\api\373b2b81a61dfc1707c7d3360da5cb7b.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\api\91d9e73e3608bbabdfdc5d2407460922.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\api\be843d0f3c49a76ff54544af0d380d5e.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\api\dab6a662633f5bedbd1992cc32995a33.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\api\e401a0135cedf4309c27e0331fcca8be.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\api\pageAction.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\1b773165715b8c7c195d7705997c01c2.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\2b317f6dbd559ee8ebd0aa114195a2c9.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\44f21bacb6ecdd692f5574eb37c36fd1.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\68196d985e8b168b43b13825b87f2129.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\9c39e0d976d8c35a221a00f999eea6ce.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\a5ca420d400d950dfb575b5290b97aa0.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\app_api.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\b71a2d619545ba9175802831e4bd97af.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\b75a2fe3e23126cfb5fdd73f0b67b0c0.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\ba6f62b0cf7f33d6dd0b67437c4f14aa.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\cfbf0f2dc714391170ec8e45b34217d9.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\f05a46c37b33f0a6d98e34d82fae3afa.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\f08519958e5bd4b96da840c5dccf0684.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\fadc6ffa5b59ea8a20242fc0a87ec1c6.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\ff9108979296864c705905ed5d2f2118.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\installer.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\popupResource\newPopup.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\popupResource\popup.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_hoidflomjnnnbiemmkjdjkkialmhbago_0\4, , [1067130776060c2a0245021c44bf23dd],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome.manifest, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\install.rdf, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\0717e7e0a4796065d2c6905204e074a2.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\50f49305954b10ced99018695c7ff2b1.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\5770a55e13ea7d3c118e8e70ecba3f46.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\77f17b8a0f525767928a7b22111456f2.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\b3414637c8ae06d3de06ff9547fd460c.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\background.html, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\browser.xul, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\dialog.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\f6471e91327a08e669aa0713d5495fde.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\ffCoreFilesIndex.txt, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\options.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\options.xul, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\search_dialog.xul, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\23730203d1e06c43d8947bbe9cf9e496.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\24e66c5d62cd16c5bf37eb4a58c81033.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\3b0e136ea10e2bef5876669b1ad4991f.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\4ce00da023f15c6e9fd132deb89c78eb.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\504a83c95c4afa9b4c4c135ff0183138.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\64aab36458ccb8adbd305c78d33e92ea.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\794ab3031bd0a865652a92678ffee1cc.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\798aed190c9e975c5a8bbc3d502be5b4.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\857cf623870264d7bc66aa595c4d4b9f.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\94490955d3d38d40db8155f4483b7ccb.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\94b4fed1e70ed9ecec19b6c309cb9e6c.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\9fac30a57e10a596d7b8e8f1faa38c48.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\b1de12d6c3093f68ba046f05ead5ac39.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\d3fef9606d1cfe1d163eb40acad99027.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\f00ea27489a8eb5338e8a23e139ba907.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\fe029e65268178e261f77a8aa295f913.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\b1cb63521b3deea71e7e64419816e830.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\0aa452f3df6f3d8208869a9c55194fb5.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\1f146b5b75dfc44d262c2f1b8970dfeb.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\2543acdf7fe53ff1feb1619504bd0366.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\27156196e35b51d938835ce5ff613969.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\3fade06b37c5310027e42b2a53cc7786.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\55e348ac48decf009fc2cce03697365b.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\6389bb6fdf1c88ef3258c954daebbd7a.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\8d7615d827e4b2d68752c08a54d1314a.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\a4f0a5b79d7cd7b9294b276f83b7190c.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\aa19dd938a9e2b28a6661ee2e4c02cc6.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\ac77d29787b71986e5b140f832f64e9f.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\b1ebdda8c1acb7f2419fa555e6a131eb.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\c09515fc181084f94d1bd333df5bc8b8.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\df059e6beb77b1583bd1ca505bc2b705.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\e4f65cca16838058829fe2d6d7fac60e.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\e9c14e7e40739124a7637689f27d9b34.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\f0b5e35f956c182a437dc3bd9255d447.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\fb6c37acfc7370a149570b6b43b91db8.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\ff1af9140ef17c25231407fc679112c9.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\installer.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\defaults\preferences\prefs.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\manifest.xml, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins.json, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\102.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\104.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\13.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\14.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\16.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\17.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\180.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\184.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\192.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\195.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\220.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\221.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\223.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\233.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\234.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\242.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\246.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\260.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\262.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\263.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\268.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\273.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\275.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\281.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\289.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\300.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\4.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\47.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\64.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\7.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\78.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\9.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\93.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\userCode\background.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\userCode\extension.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\locale\en-US\translations.dtd, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\button1.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\button2.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\button3.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\button4.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\button5.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\crossrider_statusbar.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\icon128.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\icon16.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\icon24.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\icon48.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\panelarrow-up.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\popup.html, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\skin.css, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\update.css, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\Weather_Protector_LLC\StormWatch.exe_Url_yxyfyjwhicejy2vn4ggzx12etuvuscrn\1.5.0.0\user.config, , [d1a69d7d225a47ef9773a47c1fe4cb35],
PUP.Optional.KrabWeb.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdijnalfcndckfbhkjakjoekpfojjilg\1.0.1_0\icon.png, , [66111802512be0567aeb041d748f3ac6],
PUP.Optional.KrabWeb.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdijnalfcndckfbhkjakjoekpfojjilg\1.0.1_0\manifest.json, , [66111802512be0567aeb041d748f3ac6],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
Teil 1

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 29.10.2014
Suchlauf-Zeit: 11:23:17
Logdatei: Malwarebytes Anti-Malware.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.10.29.03
Rootkit Datenbank: v2014.10.22.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Asus

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 331825
Verstrichene Zeit: 56 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 4
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, , [ef8865b5c8b4eb4b504f80a232d1e020],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [651248d290ec38fe6040f82a649f29d7],
PUP.Optional.Score.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RCORES, , [9dda5ac0a0dcff37fd2e5a4006fe956b],
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-480692169-2859508237-3514454044-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp, , [492e1cfe106cf73f995528fb937029d7],

Registrierungswerte: 1
PUP.Optional.Score.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RCORES|ImagePath, C:\Windows\rcore.exe, , [9dda5ac0a0dcff37fd2e5a4006fe956b]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 32
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch, , [64137e9c720a6fc7f645c85d966d45bb],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch, , [4a2d8c8e4e2ee254f893f99f8b79eb15],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\userCode, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\icons, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\icons\actions, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\api, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\popupResource, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_hoidflomjnnnbiemmkjdjkkialmhbago_0, , [1067130776060c2a0245021c44bf23dd],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\defaults, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\defaults\preferences, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\userCode, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\locale, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\locale\en-US, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\Weather_Protector_LLC, , [d1a69d7d225a47ef9773a47c1fe4cb35],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\Weather_Protector_LLC\StormWatch.exe_Url_yxyfyjwhicejy2vn4ggzx12etuvuscrn, , [d1a69d7d225a47ef9773a47c1fe4cb35],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\Weather_Protector_LLC\StormWatch.exe_Url_yxyfyjwhicejy2vn4ggzx12etuvuscrn\1.5.0.0, , [d1a69d7d225a47ef9773a47c1fe4cb35],
PUP.Optional.KrabWeb.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdijnalfcndckfbhkjakjoekpfojjilg, , [66111802512be0567aeb041d748f3ac6],
PUP.Optional.KrabWeb.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdijnalfcndckfbhkjakjoekpfojjilg\1.0.1_0, , [66111802512be0567aeb041d748f3ac6],

Dateien: 199
PUP.Optional.DomaIQ, C:\Users\Asus\AppData\Local\temp\pyxKYXXz.exe.part, , [6b0cd04a423aec4a0f4c510a2cd49868],
PUP.Optional.DomaIQ, C:\Users\Asus\Downloads\Player.exe, , [d5a28d8da7d5c373e97c5801f9078878],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\StormUpdater.exe, , [b5c28298700ca690944dfbd5ba47dd23],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\StormWatch.exe, , [d99e4ecce29afc3aa5e496bfee129967],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\StormWatchappuninstall.exe, , [d6a1dc3e39439c9af693d283c83818e8],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk, , [e592b763d7a50a2c053528fd72918f71],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\StormWatch.exe.config, , [64137e9c720a6fc7f645c85d966d45bb],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\ICSharpCode.SharpZipLib.dll, , [64137e9c720a6fc7f645c85d966d45bb],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\StormUpdater.exe.config, , [64137e9c720a6fc7f645c85d966d45bb],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\StormWatchApp.dat, , [64137e9c720a6fc7f645c85d966d45bb],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\StormWatch\uninstall.exe, , [64137e9c720a6fc7f645c85d966d45bb],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk, , [d1a6cc4ef488da5ce2a856423ec6cc34],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch\Uninstall StormWatch.lnk, , [4a2d8c8e4e2ee254f893f99f8b79eb15],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch\StormWatch.lnk, , [4a2d8c8e4e2ee254f893f99f8b79eb15],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hoidflomjnnnbiemmkjdjkkialmhbago_0.localstorage, , [2552d347136992a4aa4a4157af5517e9],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hoidflomjnnnbiemmkjdjkkialmhbago_0.localstorage-journal, , [db9cd44690ec95a1c232bcdcc34102fe],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\background.html, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\chromeCoreFilesIndex.txt, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\manifest.json, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\popup.html, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\Settings.json, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\manifest.xml, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins.json, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\102.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\104.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\13.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\14.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\17.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\180.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\184.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\19.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\192.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\195.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\220.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\221.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\223.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\233.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\242.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\246.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\260.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\262.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\263.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\267.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\273.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\275.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\281.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\289.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\300.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\4.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\47.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\64.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\7.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\78.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\80.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\9.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\93.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\plugins\97.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\userCode\background.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\extensionData\userCode\extension.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\icons\icon128.png, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\icons\icon16.png, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\icons\icon48.png, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\icons\actions\1.png, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\8c38b1867e7a37eb2684f1ff8c9e6f74.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\9849bad535bb0d405e7cd6bd6e642679.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\main.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\api\373b2b81a61dfc1707c7d3360da5cb7b.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\api\91d9e73e3608bbabdfdc5d2407460922.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\api\be843d0f3c49a76ff54544af0d380d5e.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\api\dab6a662633f5bedbd1992cc32995a33.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\api\e401a0135cedf4309c27e0331fcca8be.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\api\pageAction.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\1b773165715b8c7c195d7705997c01c2.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\2b317f6dbd559ee8ebd0aa114195a2c9.js, , [5c1b2ded106c91a565e0af6f61a2a55b],

Iraklis 30.10.2014 09:31
Code:
Teil 2

PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\44f21bacb6ecdd692f5574eb37c36fd1.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\68196d985e8b168b43b13825b87f2129.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\9c39e0d976d8c35a221a00f999eea6ce.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\a5ca420d400d950dfb575b5290b97aa0.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\app_api.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\b71a2d619545ba9175802831e4bd97af.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\b75a2fe3e23126cfb5fdd73f0b67b0c0.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\ba6f62b0cf7f33d6dd0b67437c4f14aa.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\cfbf0f2dc714391170ec8e45b34217d9.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\f05a46c37b33f0a6d98e34d82fae3afa.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\f08519958e5bd4b96da840c5dccf0684.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\fadc6ffa5b59ea8a20242fc0a87ec1c6.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\ff9108979296864c705905ed5d2f2118.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\installer.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\popupResource\newPopup.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago\1.26.12_0\js\lib\popupResource\popup.js, , [5c1b2ded106c91a565e0af6f61a2a55b],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_hoidflomjnnnbiemmkjdjkkialmhbago_0\4, , [1067130776060c2a0245021c44bf23dd],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome.manifest, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\install.rdf, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\0717e7e0a4796065d2c6905204e074a2.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\50f49305954b10ced99018695c7ff2b1.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\5770a55e13ea7d3c118e8e70ecba3f46.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\77f17b8a0f525767928a7b22111456f2.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\b3414637c8ae06d3de06ff9547fd460c.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\background.html, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\browser.xul, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\dialog.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\f6471e91327a08e669aa0713d5495fde.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\ffCoreFilesIndex.txt, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\options.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\options.xul, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\search_dialog.xul, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\23730203d1e06c43d8947bbe9cf9e496.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\24e66c5d62cd16c5bf37eb4a58c81033.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\3b0e136ea10e2bef5876669b1ad4991f.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\4ce00da023f15c6e9fd132deb89c78eb.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\504a83c95c4afa9b4c4c135ff0183138.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\64aab36458ccb8adbd305c78d33e92ea.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\794ab3031bd0a865652a92678ffee1cc.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\798aed190c9e975c5a8bbc3d502be5b4.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\857cf623870264d7bc66aa595c4d4b9f.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\94490955d3d38d40db8155f4483b7ccb.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\94b4fed1e70ed9ecec19b6c309cb9e6c.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\9fac30a57e10a596d7b8e8f1faa38c48.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\b1de12d6c3093f68ba046f05ead5ac39.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\d3fef9606d1cfe1d163eb40acad99027.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\f00ea27489a8eb5338e8a23e139ba907.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\api\fe029e65268178e261f77a8aa295f913.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\b1cb63521b3deea71e7e64419816e830.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\0aa452f3df6f3d8208869a9c55194fb5.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\1f146b5b75dfc44d262c2f1b8970dfeb.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\2543acdf7fe53ff1feb1619504bd0366.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\27156196e35b51d938835ce5ff613969.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\3fade06b37c5310027e42b2a53cc7786.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\55e348ac48decf009fc2cce03697365b.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\6389bb6fdf1c88ef3258c954daebbd7a.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\8d7615d827e4b2d68752c08a54d1314a.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\a4f0a5b79d7cd7b9294b276f83b7190c.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\aa19dd938a9e2b28a6661ee2e4c02cc6.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\ac77d29787b71986e5b140f832f64e9f.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\b1ebdda8c1acb7f2419fa555e6a131eb.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\c09515fc181084f94d1bd333df5bc8b8.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\df059e6beb77b1583bd1ca505bc2b705.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\e4f65cca16838058829fe2d6d7fac60e.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\e9c14e7e40739124a7637689f27d9b34.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\f0b5e35f956c182a437dc3bd9255d447.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\fb6c37acfc7370a149570b6b43b91db8.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\ff1af9140ef17c25231407fc679112c9.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\chrome\content\core\installer.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\defaults\preferences\prefs.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\manifest.xml, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins.json, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\102.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\104.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\13.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\14.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\16.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\17.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\180.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\184.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\192.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\195.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\220.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\221.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\223.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\233.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\234.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\242.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\246.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\260.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\262.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\263.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\268.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\273.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\275.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\281.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\289.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\300.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\4.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\47.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\64.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\7.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\78.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\9.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\plugins\93.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\userCode\background.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\extensionData\userCode\extension.js, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\locale\en-US\translations.dtd, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\button1.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\button2.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\button3.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\button4.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\button5.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\crossrider_statusbar.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\icon128.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\icon16.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\icon24.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\icon48.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\panelarrow-up.png, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\popup.html, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\skin.css, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.CrossRider.A, C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com\skin\update.css, , [84f3eb2f96e6a1951236de4014ef9e62],
PUP.Optional.StormWatch.A, C:\Users\Asus\AppData\Local\Weather_Protector_LLC\StormWatch.exe_Url_yxyfyjwhicejy2vn4ggzx12etuvuscrn\1.5.0.0\user.config, , [d1a69d7d225a47ef9773a47c1fe4cb35],
PUP.Optional.KrabWeb.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdijnalfcndckfbhkjakjoekpfojjilg\1.0.1_0\icon.png, , [66111802512be0567aeb041d748f3ac6],
PUP.Optional.KrabWeb.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdijnalfcndckfbhkjakjoekpfojjilg\1.0.1_0\manifest.json, , [66111802512be0567aeb041d748f3ac6],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

cosinus 30.10.2014 09:32
Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen aus den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Iraklis 30.10.2014 11:09
Code:
# AdwCleaner v4.002 - Bericht erstellt am 30/10/2014 um 10:01:43
# DB v
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Asus - SULAMISA
# Gestartet von : C:\Users\Asus\Desktop\AdwCleaner_4.002.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\google.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v33.0.2 (x86 de)

[g1duac04.default] - Zeile gelöscht : # Mozilla User Preferences
[g1duac04.default] - Zeile gelöscht :
[g1duac04.default] - Zeile gelöscht : /* Do not edit this file.
[g1duac04.default] - Zeile gelöscht :  *
[g1duac04.default] - Zeile gelöscht :  * If you make changes to this file while the application is running,
[g1duac04.default] - Zeile gelöscht :  * the changes will be overwritten when the application exits.
[g1duac04.default] - Zeile gelöscht :  *
[g1duac04.default] - Zeile gelöscht :  * To make a manual change to preferences, you can visit the URL about:config
[g1duac04.default] - Zeile gelöscht :  */
[g1duac04.default] - Zeile gelöscht :
[g1duac04.default] - Zeile gelöscht : user_pref("accessibility.typeaheadfind.flashBar", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1414530260);
[g1duac04.default] - Zeile gelöscht : user_pref("app.update.lastUpdateTime.background-update-timer", 1414530786);
[g1duac04.default] - Zeile gelöscht : user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1414530140);
[g1duac04.default] - Zeile gelöscht : user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1414536550);
[g1duac04.default] - Zeile gelöscht : user_pref("app.update.lastUpdateTime.experiments-update-timer", 1414530380);
[g1duac04.default] - Zeile gelöscht : user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1414530660);
[g1duac04.default] - Zeile gelöscht : user_pref("app.update.migrated.updateDir", true);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.bookmarks.restore_default_bookmarks", false);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.cache.disk.capacity", 358400);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.cache.disk.smart_size.first_run", false);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.cache.disk.smart_size.use_old_max", false);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.cache.disk.smart_size_cached_value", 358400);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.cache.frecency_experiment", 2);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.download.importedFromSqlite", true);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.download.manager.alertOnEXEOpen", true);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.download.panel.firstSessionCompleted", true);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.download.panel.shown", true);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.keywordURLPromptDeclined", 1);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.migration.version", 22);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.newtabpage.enhanced", true);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.newtabpage.storageVersion", 1);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.pagethumbnails.storage_version", 3);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.places.smartBookmarksVersion", 7);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.preferences.advanced.selectedTabIndex", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.rights.3.shown", true);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.search.defaultengine", "Yahoo! (Avast)");
[g1duac04.default] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "Yahoo! (Avast)");
[g1duac04.default] - Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "Yahoo! (Avast)");
[g1duac04.default] - Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxps://de.search.yahoo.com/yhs/search");
[g1duac04.default] - Zeile gelöscht : user_pref("browser.search.order.1", "Yahoo! (Avast)");
[g1duac04.default] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Yahoo! (Avast)");
[g1duac04.default] - Zeile gelöscht : user_pref("browser.sessionstore.enabled", true);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20140716183446");
[g1duac04.default] - Zeile gelöscht : user_pref("browser.shell.checkDefaultBrowser", false);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.slowStartup.averageTime", 16239);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.slowStartup.samples", 1);
[g1duac04.default] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxps://de.yahoo.com/?fr=hp-avast&type=avastbcl");
[g1duac04.default] - Zeile gelöscht : user_pref("browser.startup.homepage_override.buildID", "20141027150301");
[g1duac04.default] - Zeile gelöscht : user_pref("browser.startup.homepage_override.mstone", "33.0.2");
[g1duac04.default] - Zeile gelöscht : user_pref("browser.taskbar.lastgroupid", "E7CF176E110C211B");
[g1duac04.default] - Zeile gelöscht : user_pref("browser.uitour.whitelist.add.260", "");
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.healthreport.lastDataSubmissionFailureTime", "1411979055703");
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.healthreport.lastDataSubmissionRequestedTime", "1414530085049");
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.healthreport.lastDataSubmissionSuccessfulTime", "1414530166785");
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.healthreport.nextDataSubmissionTime", "1414616566785");
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.healthreport.service.firstRun", true);
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.policy.dataSubmissionPolicyAccepted", true);
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 1);
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1365708331457");
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.policy.dataSubmissionPolicyResponseTime", "1365710274409");
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.policy.dataSubmissionPolicyResponseType", "accepted-info-bar-dismissed");
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.policy.firstRunTime", "1365225474145");
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.sessions.current.activeTicks", 32);
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.sessions.current.clean", true);
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.sessions.current.firstPaint", 14307);
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.sessions.current.main", 4594);
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.sessions.current.sessionRestored", 16326);
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.sessions.current.startTime", "1414537548075");
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.sessions.current.totalTime", 376);
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.sessions.currentIndex", 287);
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.sessions.previous.285", "{\"s\":1414531142853,\"a\":36,\"t\":351,\"c\":true,\"m\":4440,\"fp\":9889,\"sr\":10261}");
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.sessions.previous.286", "{\"s\":1414536426349,\"a\":28,\"t\":667,\"c\":true,\"m\":658,\"fp\":2271,\"sr\":20672}");
[g1duac04.default] - Zeile gelöscht : user_pref("datareporting.sessions.prunedIndex", 282);
[g1duac04.default] - Zeile gelöscht : user_pref("dom.mozApps.used", true);
[g1duac04.default] - Zeile gelöscht : user_pref("dom.w3c_touch_events.expose", false);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.Krab Web.asul", "1414530033794");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.Krab Web.aul", "1414530022236");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.Krab Web.irl", true);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.Krab Web.is", "mnmp1de");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.Krab Web.ug", "C78ABC59-C37F-4122-BE67-98B35BCDF63D");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.autoDisableScopes", 14);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.InstallationThankYouPage", false);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.InstallationTime", 1413743757);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.active", true);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.addressbar", "NA");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.addressbarenhanced", "");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.asyncdb.was_copied", "true");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.asyncinternaldb.was_copied", "true");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.backgroundver", 1);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.certdomaininstaller", "");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.changeprevious", false);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.cookie.InstallationTime.value", "%221413743757%22");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22002143%22%2C%22sub_id%22%3A%22verticals-%22%2C%22uzid%22%3A%220%22%7D");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.description", "Enhancing browsing experience");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.domain", "");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.enablesearch", false);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.homepage", "");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.iframe", false);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%226922C6E0172F4794B73A90184002265CIE%22%2C%22installer_verifier%22%3A%229bac84c4[...]
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22002143%22%2C%22sub_id%22%3A%22verticals-%22%2C%22uzid%22%3A%220%22%7D");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22002143%22%2C%22sub_id%22%3A%22verticals-%22%2C%22uzid%22%3A%220%22%7D");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%226922C6E0172F4794B73A90184002265CIE%22%2C%22installer_verifier%22%3A%2[...]
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_appVer.value", "18");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_lastVersion.value", "2");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_meta.value", "%7B%7D");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_nextCheck.expiration", "Wed Oct 29 2014 04:00:26 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_nextCheck.value", "true");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.Resources_queue.value", "%7B%7D");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__blacklist_domain.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anthropologie.com[...]
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__global_rules.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__global_rules.value", "%5B%7B%22rules%22%3A%7B%22delay_between_ads_in_seconds%22%3A240%2C%22initial_day_delay_in_seconds%22%3[...]
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__global_rules_verion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__global_rules_verion.value", "7");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__last_daily_visit.expiration", "Wed Oct 29 2014 05:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__last_daily_visit.value", "1414537085799");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__marketing_rules.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__marketing_rules.value", "%7B%22rules%22%3A%5B%7B%22ad_type%22%3A%22siteunder%22%2C%22percent%22%3A0%2C%22size%22%3A%5B%7B%22[...]
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__marketing_rules_verion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__marketing_rules_verion.value", "56");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__pages_visited_count.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__pages_visited_count.value", "2");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__pagevies_count_29.9.2014.expiration", "Sat Nov 08 2014 05:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__pagevies_count_29.9.2014.value", "2");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__verions_data.expiration", "Wed Oct 29 2014 05:58:05 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__ICM_LITE__verions_data.value", "%7B%22global_rules_version%22%3A7%2C%22marketing_rules_version%22%3A56%2C%22next_check_in_seconds%22%3[...]
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.__defualt_browser__.value", "%22ch%22");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%226922C6E0172F4794B73A90184002265CIE%22%2C%22installer_veri[...]
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%22urls%[...]
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_bundledWithHash.value", "null");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_last_executable_request.expiration", "Wed Oct 29 2014 10:12:21 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//download.eset.com/special/eos/esetsmartinstaller_deu.exe%22");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.lastDailyReport", "1414530025554");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.lastUpdate", "1414530025486");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.manifesturl", "");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.name", "Browser_Apps_Pro");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.newtab", "");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.opensearch", "");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.pluginsurl", "hxxp://js.newgenstatsnet.com/plugin/apps/65055/plugins/na/ff/plugins.json");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.pluginsversion", 13);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.publisher", "Freeven");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.searchstatus", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.setnewtab", false);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.thankyou", "");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.updateinterval", 360);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.ver", 18);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.wrigtdamon@yahoo.comasyncdb_dbWasSet", true);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.wrigtdamon@yahoo.comasyncdb_dbWasSet_FF25_FIX", true);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.wrigtdamon@yahoo.comasyncinternaldb_dbWasSet", true);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.wrigtdamon@yahoo.comasyncinternaldb_dbWasSet_FF25_FIX", true);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.wrigtdamon@yahoo.comawrigtdamonyahoocom65055_dbWasSet", true);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.65055.wrigtdamon@yahoo.comawrigtdamonyahoocom65055_dbWasSet_FF25_FIX", true);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.apps", "65055");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.bic", "14929b63cf5313b1e9d55e600306196d");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.cid", 65055);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.firstrun", false);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.hadappinstalled", true);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.installationdate", 1413744049);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.modetype", "production");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.reportInstall", true);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.awrigtdamonyahoocom65055.statsDailyCounter", 3);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.blocklist.pingCountTotal", 210);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.blocklist.pingCountVersion", -1);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.blocklist.url", "hxxp://google.com");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.databaseSchema", 16);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.enabledAddons", "wrigtdamon%40yahoo.com:0.95.12,%7B1a3e798c-998b-1943-0c7f-8fd69ced1164%7D:1.1,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.2");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.getAddons.cache.lastUpdate", 1414536430);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.getAddons.databaseSchema", 5);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 26);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1414162279445");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "150872");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "ob_256");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "false");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.installationid", "1a3e798c-998b-1943-0c7f-8fd69ced1164");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.installdate", "26/10/2014");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.iswinxp", "false");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1414338670");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1414530045246");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.helperbar.publisher", "shoppinghelper");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.hotfix.lastVersion", "20140527.01.3");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.lastAppVersion", "33.0.2");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.lastPlatformVersion", "33.0.2");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.pendingOperations", false);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.shownSelectionUI", true);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.ui.dictionary.hidden", true);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.ui.experiment.hidden", true);
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.ui.lastCategory", "addons://discover/");
[g1duac04.default] - Zeile gelöscht : user_pref("extensions.ui.locale.hidden", true);
[g1duac04.default] - Zeile gelöscht : user_pref("font.internaluseonly.changed", true);
[g1duac04.default] - Zeile gelöscht : user_pref("gecko.buildID", "20141027150301");
[g1duac04.default] - Zeile gelöscht : user_pref("gecko.mstone", "33.0.2");
[g1duac04.default] - Zeile gelöscht : user_pref("gfx.direct3d.last_used_feature_level_idx", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("gfx.direct3d.prefer_10_1", true);
[g1duac04.default] - Zeile gelöscht : user_pref("idle.lastDailyNotification", 1414339621);
[g1duac04.default] - Zeile gelöscht : user_pref("intl.charsetmenu.browser.cache", "UTF-8, windows-1250, ISO-8859-15, ISO-8859-7, windows-1252");
[g1duac04.default] - Zeile gelöscht : user_pref("keyword.URL", "hxxps://de.search.yahoo.com/yhs/search");
[g1duac04.default] - Zeile gelöscht : user_pref("media.gmp-gmpopenh264.lastUpdate", 1414536509);
[g1duac04.default] - Zeile gelöscht : user_pref("media.gmp-gmpopenh264.version", "1.1");
[g1duac04.default] - Zeile gelöscht : user_pref("media.gmp-manager.lastCheck", 1414536508);
[g1duac04.default] - Zeile gelöscht : user_pref("network.cookie.lifetimePolicy", 2);
[g1duac04.default] - Zeile gelöscht : user_pref("network.cookie.prefsMigrated", true);
[g1duac04.default] - Zeile gelöscht : user_pref("pdfjs.migrationVersion", 2);
[g1duac04.default] - Zeile gelöscht : user_pref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
[g1duac04.default] - Zeile gelöscht : user_pref("places.database.lastMaintenance", 1414530163);
[g1duac04.default] - Zeile gelöscht : user_pref("places.history.expiration.transient_current_max_pages", 104329);
[g1duac04.default] - Zeile gelöscht : user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf");
[g1duac04.default] - Zeile gelöscht : user_pref("plugin.importedState", true);
[g1duac04.default] - Zeile gelöscht : user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
[g1duac04.default] - Zeile gelöscht : user_pref("pref.browser.homepage.disable_button.current_page", false);
[g1duac04.default] - Zeile gelöscht : user_pref("pref.browser.homepage.disable_button.restore_default", false);
[g1duac04.default] - Zeile gelöscht : user_pref("print_printer", "HP4050DD (HP Officejet 4500 G510n-z)");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_bgcolor", false);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_bgimages", false);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_colorspace", "");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_command", "");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_downloadfonts", false);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_duplex", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_edge_bottom", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_edge_left", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_edge_right", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_edge_top", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_evenpages", true);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_footercenter", "");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_footerleft", "&PT");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_footerright", "&D");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_headercenter", "");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_headerleft", "&T");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_headerright", "&U");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_in_color", true);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_margin_bottom", "0.5");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_margin_left", "0.5");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_margin_right", "0.5");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_margin_top", "0.5");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_oddpages", true);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_orientation", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_page_delay", 50);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_paper_data", 9);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_paper_height", " 11,00");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_paper_name", "");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_paper_size_type", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_paper_size_unit", 1);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_paper_width", "  8,50");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_plex_name", "");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_resolution", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_resolution_name", "");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_reversed", false);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_scaling", "  1,00");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_shrink_to_fit", true);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_to_file", false);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_to_filename", "");
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_unwriteable_margin_bottom", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_unwriteable_margin_left", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_unwriteable_margin_right", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("printer_HP4050DD_(HP_Officejet_4500_G510n-z).print_unwriteable_margin_top", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("privacy.sanitize.didShutdownSanitize", true);
[g1duac04.default] - Zeile gelöscht : user_pref("privacy.sanitize.migrateFx3Prefs", true);
[g1duac04.default] - Zeile gelöscht : user_pref("privacy.sanitize.sanitizeOnShutdown", true);
[g1duac04.default] - Zeile gelöscht : user_pref("privacy.sanitize.timeSpan", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("security.warn_viewing_mixed", false);
[g1duac04.default] - Zeile gelöscht : user_pref("services.sync.clients.lastSync", "0");
[g1duac04.default] - Zeile gelöscht : user_pref("services.sync.clients.lastSyncLocal", "0");
[g1duac04.default] - Zeile gelöscht : user_pref("services.sync.declinedEngines", "");
[g1duac04.default] - Zeile gelöscht : user_pref("services.sync.globalScore", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("services.sync.lastversion", "1.24.0");
[g1duac04.default] - Zeile gelöscht : user_pref("services.sync.migrated", true);
[g1duac04.default] - Zeile gelöscht : user_pref("services.sync.nextSync", 0);
[g1duac04.default] - Zeile gelöscht : user_pref("services.sync.tabs.lastSync", "0");
[g1duac04.default] - Zeile gelöscht : user_pref("services.sync.tabs.lastSyncLocal", "0");
[g1duac04.default] - Zeile gelöscht : user_pref("signon.importedFromSqlite", true);
[g1duac04.default] - Zeile gelöscht : user_pref("storage.vacuum.last.index", 1);
[g1duac04.default] - Zeile gelöscht : user_pref("storage.vacuum.last.places.sqlite", 1411922060);
[g1duac04.default] - Zeile gelöscht : user_pref("toolkit.startup.last_success", 1414537552);
[g1duac04.default] - Zeile gelöscht : user_pref("toolkit.telemetry.previousBuildID", "20141027150301");
[g1duac04.default] - Zeile gelöscht : user_pref("toolkit.telemetry.prompted", 2);
[g1duac04.default] - Zeile gelöscht : user_pref("toolkit.telemetry.rejected", true);
[g1duac04.default] - Zeile gelöscht : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1402576624);
[g1duac04.default] - Zeile gelöscht : user_pref("xpinstall.whitelist.add", "");
[g1duac04.default] - Zeile gelöscht : user_pref("xpinstall.whitelist.add.180", "");
[g1duac04.default] - Zeile gelöscht : user_pref("xpinstall.whitelist.add.36", "");

-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [37690 octets] - [30/10/2014 09:46:37]
AdwCleaner[S0].txt - [37602 octets] - [30/10/2014 10:01:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [37663 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 8 x64
Ran by Asus on 30.10.2014 at 10:36:05,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\globalupdate"



~~~ FireFox

Emptied folder: C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\g1duac04.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.10.2014 at 10:39:03,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Iraklis 30.10.2014 11:10
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014
Ran by Asus at 2014-10-30 10:50:21
Running from C:\Users\Asus\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.32 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ESET NOD32 Antivirus (HKLM\...\{9EEE5827-F6A6-447E-9839-6AFAF6FCC442}) (Version: 8.0.304.4 - ESET, spol s r. o.)
Free YouTube to MP3 Converter version 3.12.10.812 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.10.812 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
InetStat (HKCU\...\InetStat) (Version: 0.5b - InetStat)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
t@x 2014 (HKLM-x32\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (08/27/2012 1.0.0.125) (HKLM\...\2BD897DEE9289F769D9176245811D5330A360B0B) (Version: 08/27/2012 1.0.0.125 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-480692169-2859508237-3514454044-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-480692169-2859508237-3514454044-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-480692169-2859508237-3514454044-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-480692169-2859508237-3514454044-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

28-10-2014 22:20:39 Removed Samsung Kies
30-10-2014 08:45:00 Removed SpyHunter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2014-10-28 21:40 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1249AE20-A7BC-4DBF-A776-7555CBE4024E} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {16E5B35A-9673-4EBA-AC90-F5C1AC37D25C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {198289B7-27B3-433F-A1AE-048EEB9446EF} - \ASP No Task File <==== ATTENTION
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1DB76B47-E148-42F2-9A24-56103C6A1E36} - System32\Tasks\TSLPBY => C:\Users\Asus\AppData\Roaming\TSLPBY.exe <==== ATTENTION
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {290F9B47-4D28-4ACE-B05D-65D91366D80B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {2AEB5209-E996-49B9-B969-283E0BEFCB5A} - System32\Tasks\MQQ => C:\Users\Asus\AppData\Roaming\MQQ.exe <==== ATTENTION
Task: {319D5422-1575-4C94-A9E1-E2BFD6DD8179} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4A7F8593-A92B-4708-BF08-8D60EEDC70CF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-03] (Microsoft Corporation)
Task: {4DB4AB46-84A8-4455-A412-E3ADE4562157} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {6683D72B-CB05-4A63-8E43-01E58C43C823} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {82C0FFFC-9BB3-413D-9992-64E9D3B76791} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {83635A10-A158-452F-8895-974DE7A6437E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {858D59E1-266D-460C-9E46-8CF60F77710F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AED13FBC-9100-4FD8-96AF-DB95EEF51877} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001UA => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {B2800EDA-3D78-4BB3-AADC-AFFCFBABA640} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001Core1ce0d4ca69a01c8 => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {BECC9953-7B9D-46D7-80E9-3C624A30D1EE} - System32\Tasks\Google Updater and Installer => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C73C5D15-F828-427B-B98E-5DB5AFC6C104} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {D5825BB9-C269-4890-B2CE-B6B4000D3427} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {E1121F6C-B7B9-4B67-950E-2FE068AEFE7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {E55102B7-1977-408C-B9B8-B576429B1E11} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {E7294B90-9506-4D87-B3E6-9BADFE97F208} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F9E7068A-E805-4258-9A1F-0932E11DEEA2} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001Core1ce0d4ca69a01c8.job => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001UA.job => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MQQ.job => C:\Users\Asus\AppData\Roaming\MQQ.exe <==== ATTENTION
Task: C:\Windows\Tasks\TSLPBY.job => C:\Users\Asus\AppData\Roaming\TSLPBY.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-10-19 11:52 - 2013-10-30 16:45 - 00587856 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
2012-10-28 20:49 - 2012-08-16 11:04 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-10-28 20:49 - 2012-08-16 11:04 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-28 20:47 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-08-24 18:17 - 2012-08-24 18:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 09572944 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wgui14.dll
2014-10-19 11:49 - 2013-10-30 16:46 - 03674192 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wcore14.dll
2014-10-19 11:50 - 2013-10-30 16:45 - 00308816 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\rscorewinapi48.dll
2014-10-19 11:50 - 2013-10-30 16:45 - 00321616 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\rsguiwinapi48.dll
2014-10-19 11:50 - 2013-10-30 16:45 - 00034896 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\rsdcom48.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 02467408 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wfvie14.dll
2014-10-19 11:50 - 2013-10-30 16:37 - 01043456 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\clucene-core.dll
2014-10-19 11:50 - 2013-10-30 16:37 - 00250368 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\clucene-contribs-lib.dll
2014-10-19 11:50 - 2013-10-30 16:45 - 00136272 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\rsodbc48.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01855568 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wsteu14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01904208 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wreli14.dll
2014-10-19 11:50 - 2013-10-30 16:37 - 00094720 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\clucene-shared.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 04277840 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wauff14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01396816 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wmain14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 05019728 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wbae114.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01666128 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wbae214.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01786448 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wbae314.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01624144 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wbae414.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01125456 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\whau114.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01316944 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\whau214.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01278544 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wwerb14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 06818384 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wkont14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01266768 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wimp14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01322064 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wfabu14.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\Run: => "KiesPreload"
HKCU\...\StartupApproved\Run: => "KiesAirMessage"
HKCU\...\StartupApproved\Run: => "Google Update"
HKCU\...\StartupApproved\Run: => "NTRedirect"
HKCU\...\StartupApproved\Run: => ""
HKCU\...\StartupApproved\Run: => "Easy Speed PC"
HKCU\...\StartupApproved\Run: => "EasySpeedCheck"
HKCU\...\StartupApproved\Run: => "Browser Infrastructure Helper"

========================= Accounts: ==========================

Administrator (S-1-5-21-480692169-2859508237-3514454044-500 - Administrator - Disabled)
Asus (S-1-5-21-480692169-2859508237-3514454044-1001 - Administrator - Enabled) => C:\Users\Asus
Gast (S-1-5-21-480692169-2859508237-3514454044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-480692169-2859508237-3514454044-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-28 21:29:36.381
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B970 @ 2.30GHz
Percentage of memory in use: 26%
Total physical RAM: 3979.81 MB
Available physical RAM: 2909.11 MB
Total Pagefile: 8075.81 MB
Available Pagefile: 6928.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:100.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:258.32 GB) NTFS
Drive e: (KING_OF_QUEENS_4_2) (CDROM) (Total:7.81 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 944CB54D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 41A39127)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)

==================== End Of Log ============================

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014
Ran by Asus (administrator) on SULAMISA on 30-10-2014 10:48:32
Running from C:\Users\Asus\Desktop
Loaded Profile: Asus (Available profiles: Asus)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Farbar) C:\Users\Asus\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-09-14] ()
HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-480692169-2859508237-3514454044-1001\...\Run: [InetStat] => C:\Users\Asus\AppData\Roaming\InetStat\inetstat.exe [702478 2014-10-19] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:13837;https=127.0.0.1:13837
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: ASUS Browser Extension x64 -> {78234974-0C4B-4111-BDEB-D9A104418772} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ASUS Browser Extension x86 -> {78234974-0C4B-4111-BDEB-D9A104418771} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Shopping Helper Smartbar - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\Extensions\{1a3e798c-998b-1943-0c7f-8fd69ced1164} [2014-10-26]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: No Name - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com [Not Found]
FF Extension: No Name - wrigtdamon@yahoo.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1413743725&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51139JDBGMHJDBGMHX
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Google Update) - C:\Users\Asus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-12]
CHR Extension: (YouTube) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03]
CHR Extension: (Google-Suche) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03]
CHR Extension: (Google Wallet) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Google Mail) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [158968 2014-09-22] (ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 10:48 - 2014-10-30 10:48 - 00020401 _____ () C:\Users\Asus\Desktop\FRST.txt
2014-10-30 10:39 - 2014-10-30 10:39 - 00000947 _____ () C:\Users\Asus\Desktop\JRT.txt
2014-10-30 09:46 - 2014-10-30 10:01 - 00000000 ____D () C:\AdwCleaner
2014-10-30 09:46 - 2014-10-30 09:38 - 02113536 _____ (Farbar) C:\Users\Asus\Desktop\FRST64 (1).exe
2014-10-30 09:46 - 2014-10-30 09:38 - 01998336 _____ () C:\Users\Asus\Desktop\AdwCleaner_4.002.exe
2014-10-30 09:46 - 2014-10-30 09:38 - 01706144 _____ (Thisisu) C:\Users\Asus\Desktop\JRT.exe
2014-10-29 14:21 - 2014-10-29 14:22 - 00423008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-29 14:19 - 2014-09-29 23:49 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-29 14:19 - 2014-09-29 23:49 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-29 14:07 - 2014-10-29 14:07 - 00284056 _____ () C:\Windows\Minidump\102914-78031-01.dmp
2014-10-29 14:07 - 2014-10-29 14:07 - 00000000 ____D () C:\Windows\Minidump
2014-10-29 14:06 - 2014-10-29 14:06 - 467518369 _____ () C:\Windows\MEMORY.DMP
2014-10-29 12:38 - 2014-07-15 23:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-10-29 11:41 - 2014-10-29 12:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-29 11:30 - 2014-10-29 11:30 - 00000355 _____ () C:\Users\Asus\Desktop\Computer.lnk
2014-10-29 11:27 - 2014-10-29 11:29 - 00000000 ____D () C:\Users\Asus\Desktop\Neuer Ordner
2014-10-29 11:21 - 2014-10-30 10:48 - 00000000 ____D () C:\FRST
2014-10-29 11:20 - 2014-10-29 11:20 - 00000000 _____ () C:\Users\Asus\defogger_reenable
2014-10-29 11:18 - 2014-06-10 23:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-29 11:18 - 2014-06-10 23:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-29 10:56 - 2013-06-16 23:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-10-29 10:56 - 2013-06-01 12:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-10-29 10:56 - 2013-06-01 12:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-10-29 10:56 - 2013-06-01 12:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-10-29 10:56 - 2013-06-01 12:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-10-29 10:56 - 2013-06-01 11:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-10-29 10:56 - 2013-06-01 10:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2014-10-29 10:56 - 2013-06-01 10:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-10-29 10:56 - 2013-06-01 10:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2014-10-29 10:56 - 2013-06-01 10:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2014-10-29 10:56 - 2013-06-01 10:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-10-29 10:56 - 2013-06-01 10:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2014-10-29 10:56 - 2013-06-01 10:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-10-29 10:56 - 2013-06-01 10:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2014-10-29 10:56 - 2013-06-01 10:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2014-10-29 10:56 - 2013-06-01 10:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-10-29 10:56 - 2013-06-01 10:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2014-10-29 10:56 - 2013-06-01 10:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-10-29 10:56 - 2013-06-01 10:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-10-29 10:56 - 2013-06-01 10:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2014-10-29 10:56 - 2013-06-01 10:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2014-10-29 10:56 - 2013-06-01 10:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-29 10:56 - 2013-06-01 10:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2014-10-29 10:56 - 2013-06-01 04:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2014-10-29 10:56 - 2013-05-24 23:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-29 10:56 - 2013-05-24 23:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-29 10:56 - 2013-05-24 23:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-29 10:56 - 2013-05-24 23:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-29 10:54 - 2014-02-04 00:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-10-29 10:54 - 2014-02-04 00:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-10-29 10:54 - 2014-01-31 01:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-10-29 10:54 - 2014-01-31 01:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-10-29 10:54 - 2014-01-27 04:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-10-29 10:54 - 2014-01-27 01:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-29 10:54 - 2014-01-27 01:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-29 10:54 - 2014-01-16 00:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-10-29 10:54 - 2014-01-11 07:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-29 10:54 - 2014-01-11 06:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-29 10:54 - 2014-01-03 00:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-10-29 10:54 - 2014-01-03 00:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-10-29 10:53 - 2014-08-28 12:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-29 10:53 - 2014-08-28 07:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-29 10:53 - 2014-08-28 07:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-29 10:53 - 2014-08-28 07:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-29 10:53 - 2014-08-28 07:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-29 10:53 - 2014-08-28 07:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-29 10:53 - 2014-08-28 07:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-29 10:53 - 2014-08-28 07:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-29 10:53 - 2014-08-28 07:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-29 10:53 - 2014-08-28 07:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-29 10:53 - 2014-08-28 07:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-10-29 10:53 - 2014-08-28 07:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-29 10:53 - 2014-08-28 07:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-29 10:53 - 2014-08-28 07:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-10-29 10:53 - 2014-08-01 00:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-10-29 10:53 - 2014-06-13 02:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-29 10:53 - 2014-06-13 02:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-10-29 10:53 - 2014-04-19 10:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-10-29 00:15 - 2014-06-02 23:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-10-29 00:12 - 2014-05-03 07:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-29 00:12 - 2014-05-03 07:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-29 00:12 - 2014-05-03 05:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-29 00:12 - 2014-05-01 23:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-29 00:12 - 2014-04-29 23:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-10-29 00:12 - 2014-04-29 23:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-10-29 00:12 - 2014-04-24 00:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-29 00:12 - 2014-04-24 00:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-29 00:12 - 2014-04-24 00:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-29 00:12 - 2014-04-24 00:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-29 00:12 - 2014-01-31 01:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-10-29 00:12 - 2013-08-16 06:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-10-29 00:12 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-10-29 00:12 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-10-29 00:12 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-10-29 00:12 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-10-29 00:11 - 2014-04-12 10:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-29 00:11 - 2014-04-12 10:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-29 00:11 - 2014-04-12 10:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-10-29 00:11 - 2014-04-12 10:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-10-29 00:11 - 2014-04-12 10:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-29 00:11 - 2014-04-12 10:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-29 00:11 - 2014-04-12 10:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-29 00:11 - 2014-04-12 10:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-29 00:11 - 2014-04-12 10:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-10-29 00:11 - 2014-04-12 10:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-29 00:11 - 2014-04-12 10:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-29 00:11 - 2014-04-12 08:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-10-29 00:11 - 2014-04-12 08:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-10-29 00:11 - 2014-04-12 08:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-29 00:11 - 2014-04-12 08:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-29 00:11 - 2014-04-12 08:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-29 00:11 - 2014-04-12 08:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-10-29 00:11 - 2014-04-12 08:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-29 00:11 - 2014-04-12 07:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-10-29 00:11 - 2014-03-11 04:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-10-29 00:11 - 2014-03-11 01:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-10-29 00:11 - 2014-03-11 01:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-29 00:11 - 2014-03-11 01:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-10-29 00:11 - 2014-03-11 01:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-10-29 00:11 - 2014-03-11 01:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-29 00:11 - 2014-03-11 01:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-10-29 00:11 - 2014-03-11 01:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-29 00:11 - 2014-03-11 01:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-10-29 00:11 - 2014-03-11 01:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-10-29 00:11 - 2014-03-11 01:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-10-29 00:11 - 2014-03-11 01:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-10-29 00:11 - 2014-03-10 04:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-29 00:11 - 2014-03-10 02:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-10-29 00:11 - 2014-03-04 00:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-29 00:11 - 2013-04-11 23:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-10-29 00:11 - 2013-04-11 23:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-29 00:10 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-10-29 00:10 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-10-29 00:10 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-10-29 00:10 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-10-29 00:10 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-10-29 00:10 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-10-29 00:10 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-10-29 00:10 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-10-29 00:10 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-10-29 00:09 - 2014-07-16 00:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-29 00:09 - 2014-07-12 03:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-29 00:09 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-10-29 00:09 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-10-29 00:09 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-10-29 00:09 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-10-29 00:09 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-10-29 00:09 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-10-29 00:08 - 2013-05-15 03:25 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2014-10-29 00:08 - 2013-05-15 03:25 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-10-29 00:08 - 2013-05-15 03:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2014-10-29 00:08 - 2013-05-15 03:24 - 00482816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-10-29 00:08 - 2013-05-04 08:58 - 00120736 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2014-10-29 00:08 - 2013-05-04 08:34 - 00284416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-10-29 00:08 - 2013-05-04 07:59 - 13644288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-10-29 00:08 - 2013-05-04 07:59 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-10-29 00:08 - 2013-05-04 07:59 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2014-10-29 00:08 - 2013-05-04 07:58 - 01332736 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-10-29 00:08 - 2013-05-04 07:58 - 00470528 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2014-10-29 00:08 - 2013-05-04 07:58 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-10-29 00:08 - 2013-05-04 07:58 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-10-29 00:08 - 2013-05-04 07:58 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2014-10-29 00:08 - 2013-05-04 07:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2014-10-29 00:08 - 2013-05-04 07:58 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\BCP47Langs.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\biwinrt.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2014-10-29 00:08 - 2013-05-04 07:56 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2014-10-29 00:08 - 2013-05-04 05:58 - 00758784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2014-10-29 00:08 - 2013-05-04 05:57 - 10788864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-10-29 00:08 - 2013-05-04 05:57 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-10-29 00:08 - 2013-05-04 05:57 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2014-10-29 00:08 - 2013-05-04 05:57 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2014-10-29 00:08 - 2013-05-04 05:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2014-10-29 00:08 - 2013-05-04 05:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2014-10-29 00:08 - 2013-05-04 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2014-10-29 00:08 - 2013-05-04 05:56 - 00449536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2014-10-29 00:08 - 2013-05-04 05:56 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-10-29 00:08 - 2013-05-04 05:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2014-10-29 00:08 - 2013-05-04 05:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2014-10-29 00:08 - 2013-05-04 05:55 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2014-10-29 00:08 - 2013-05-04 05:51 - 00014848 _____ (Microsoft) C:\Windows\system32\rars.rs
2014-10-29 00:08 - 2013-05-04 05:47 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-10-29 00:08 - 2013-05-04 05:10 - 00014848 _____ (Microsoft) C:\Windows\SysWOW64\rars.rs
2014-10-29 00:07 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-10-29 00:07 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-10-29 00:07 - 2013-04-27 06:20 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-29 00:04 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-10-29 00:04 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2014-10-29 00:04 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-10-29 00:04 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-10-29 00:04 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-10-29 00:04 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2014-10-29 00:04 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-10-29 00:04 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-10-29 00:04 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-10-29 00:04 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-10-29 00:04 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-10-29 00:04 - 2013-07-13 07:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-29 00:04 - 2013-07-13 07:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-29 00:04 - 2013-07-13 07:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-29 00:04 - 2013-07-13 07:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2014-10-29 00:04 - 2013-07-13 07:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2014-10-29 00:04 - 2013-07-13 05:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-29 00:04 - 2013-07-13 05:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-29 00:04 - 2013-07-13 05:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2014-10-29 00:04 - 2013-07-13 05:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2014-10-29 00:04 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-10-29 00:04 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2014-10-29 00:04 - 2013-05-04 07:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-10-29 00:04 - 2013-05-04 05:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-10-29 00:03 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-29 00:03 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-29 00:03 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-10-29 00:03 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-10-29 00:01 - 2014-05-29 23:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-29 00:01 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-10-29 00:01 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-10-29 00:00 - 2014-09-28 05:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-29 00:00 - 2014-08-01 23:08 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-29 00:00 - 2014-07-24 14:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-10-29 00:00 - 2014-07-17 00:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-10-29 00:00 - 2014-07-16 23:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-10-29 00:00 - 2014-07-16 23:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-10-29 00:00 - 2014-07-12 07:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-10-29 00:00 - 2014-07-12 05:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-10-29 00:00 - 2014-07-12 05:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-10-29 00:00 - 2014-07-12 05:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-10-29 00:00 - 2014-07-12 05:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-10-29 00:00 - 2014-06-28 07:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-10-29 00:00 - 2014-06-28 03:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-10-28 23:59 - 2014-10-28 23:59 - 00001490 _____ () C:\Users\Asus\Desktop\Mozilla Firefox.lnk
2014-10-28 23:55 - 2014-06-06 15:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-28 23:55 - 2014-06-06 11:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-10-28 23:55 - 2014-04-03 12:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-28 23:55 - 2013-04-03 00:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-10-28 23:55 - 2013-04-03 00:12 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-10-28 23:54 - 2014-09-18 00:24 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-28 23:54 - 2014-09-17 23:56 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-28 23:54 - 2014-08-30 06:48 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-28 23:54 - 2014-08-30 06:46 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-28 23:54 - 2014-08-30 05:05 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-28 23:54 - 2014-08-30 05:03 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-28 23:54 - 2014-06-20 00:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-28 23:54 - 2014-06-19 23:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-28 23:54 - 2014-06-13 00:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-10-28 23:54 - 2014-06-13 00:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-10-28 23:54 - 2014-06-05 18:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-28 23:54 - 2014-06-05 18:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-28 23:54 - 2014-06-05 14:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-10-28 23:54 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-10-28 23:54 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-28 23:54 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-10-28 23:52 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-10-28 23:52 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2014-10-28 23:52 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-10-28 23:52 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-10-28 23:52 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-10-28 23:52 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2014-10-28 23:52 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2014-10-28 23:52 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-10-28 23:52 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-10-28 23:51 - 2013-08-07 06:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-10-28 23:51 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-10-28 23:51 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-10-28 23:51 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-10-28 23:51 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-10-28 23:51 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-10-28 23:51 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2014-10-28 23:49 - 2014-03-07 01:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-10-28 23:49 - 2014-03-07 01:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-28 23:48 - 2014-10-28 23:48 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 23:48 - 2014-10-28 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-28 23:47 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-10-28 23:47 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-10-28 23:46 - 2014-10-30 10:27 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 23:46 - 2014-10-30 09:51 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 23:46 - 2014-10-28 23:46 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-28 23:46 - 2014-10-28 23:46 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-28 23:45 - 2014-10-28 23:47 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-28 23:45 - 2014-05-29 05:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-10-28 23:45 - 2014-05-08 02:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-10-28 23:45 - 2014-03-01 10:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-10-28 23:45 - 2014-03-01 10:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-10-28 23:45 - 2014-03-01 09:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-10-28 23:45 - 2014-03-01 07:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-10-28 23:45 - 2014-02-15 05:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-10-28 23:45 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-10-28 23:45 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-10-28 23:45 - 2013-05-04 05:48 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2014-10-28 23:44 - 2014-10-28 23:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-28 23:31 - 2014-10-28 23:47 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-28 23:31 - 2014-10-28 23:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-28 22:22 - 2014-10-28 22:22 - 00000000 ____D () C:\Users\Asus\AppData\Local\ESET
2014-10-28 22:19 - 2014-10-28 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-10-28 22:19 - 2014-10-28 22:19 - 00000000 ____D () C:\ProgramData\ESET
2014-10-28 22:19 - 2014-10-28 22:19 - 00000000 ____D () C:\Program Files\ESET
2014-10-28 22:12 - 2014-10-28 22:12 - 02347384 _____ (ESET) C:\Users\Asus\Downloads\esetsmartinstaller_deu.exe
2014-10-28 21:52 - 2014-10-28 21:52 - 00000000 ____D () C:\Windows\ERUNT
2014-10-28 21:50 - 2014-10-28 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-28 21:19 - 2014-10-28 21:21 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-10-28 21:18 - 2014-10-28 21:46 - 00000000 ____D () C:\Qoobox
2014-10-28 21:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-28 21:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-28 21:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-28 21:17 - 2014-10-28 21:43 - 00000000 ____D () C:\Windows\erdnt
2014-10-28 19:41 - 2014-10-28 21:21 - 00003334 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-10-28 19:41 - 2014-10-28 21:21 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-28 19:41 - 2014-10-28 19:41 - 00000000 _____ () C:\autoexec.bat
2014-10-28 19:41 - 2012-06-22 12:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-10-28 19:40 - 2014-10-28 19:41 - 00000000 ____D () C:\sh4ldr
2014-10-28 19:40 - 2014-10-28 19:40 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-28 19:39 - 2014-10-28 19:41 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-26 16:51 - 2014-10-26 16:51 - 00002625 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-26 16:39 - 2014-10-26 16:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-20 15:53 - 2014-10-20 15:53 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Probit Software
2014-10-19 21:08 - 2014-10-19 21:08 - 00000000 __SHD () C:\Users\Asus\AppData\Roaming\AnyProtectEx
2014-10-19 19:48 - 2014-10-19 19:48 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-10-19 19:48 - 2014-10-19 19:48 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\InetStat
2014-10-19 19:48 - 2014-10-19 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-10-19 19:41 - 2014-10-26 17:06 - 00003240 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-10-19 19:38 - 2014-10-30 10:27 - 00001346 _____ () C:\Windows\Tasks\MQQ.job
2014-10-19 19:38 - 2014-10-19 19:38 - 00004350 _____ () C:\Windows\System32\Tasks\MQQ
2014-10-19 19:38 - 2014-10-19 19:38 - 00000000 ____D () C:\Users\Asus\AppData\Local\com
2014-10-19 19:37 - 2014-10-30 10:27 - 00001352 _____ () C:\Windows\Tasks\TSLPBY.job
2014-10-19 19:37 - 2014-10-26 16:39 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-19 19:37 - 2014-10-19 19:37 - 00004358 _____ () C:\Windows\System32\Tasks\TSLPBY
2014-10-19 19:36 - 2014-10-19 19:36 - 00004024 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-10-19 19:35 - 2014-10-19 19:35 - 00001334 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
2014-10-19 19:35 - 2014-10-19 19:35 - 00001299 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hilfe.lnk
2014-10-19 19:35 - 2014-10-19 19:35 - 00001299 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Speed PC.lnk
2014-10-19 19:35 - 2014-10-19 19:35 - 00001284 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Speed PC on the Web.lnk
2014-10-19 19:34 - 2014-10-28 21:29 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-10-19 19:34 - 2014-10-19 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-10-19 16:49 - 2014-10-19 16:49 - 00308066 _____ () C:\Users\Asus\Documents\steuer 1.zip
2014-10-19 11:55 - 2014-10-19 11:55 - 00002216 _____ () C:\Users\Public\Desktop\t@x 2014.lnk
2014-10-19 11:52 - 2014-10-19 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\t@x 2014

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 10:43 - 2012-11-28 21:08 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-480692169-2859508237-3514454044-1001
2014-10-30 10:39 - 2012-12-03 21:18 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001UA.job
2014-10-30 10:28 - 2012-11-28 21:03 - 00000500 _____ () C:\Users\Asus\AppData\Roaming\sp_data.sys
2014-10-30 10:21 - 2013-09-12 19:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-30 10:15 - 2012-10-28 21:05 - 01780034 _____ () C:\Windows\WindowsUpdate.log
2014-10-30 10:07 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-10-30 10:07 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-10-30 10:07 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-30 10:03 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-30 10:02 - 2012-08-02 14:24 - 00212134 _____ () C:\Windows\PFRO.log
2014-10-30 10:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-29 15:39 - 2013-02-17 21:23 - 00001082 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001Core1ce0d4ca69a01c8.job
2014-10-29 14:54 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-10-29 14:33 - 2013-05-24 18:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-29 14:31 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-29 14:20 - 2012-07-26 06:37 - 00000000 ____D () C:\Windows\servicing
2014-10-29 14:14 - 2012-07-26 10:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-29 14:14 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-10-29 14:13 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-10-29 14:12 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-29 14:12 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-29 14:12 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-10-29 14:12 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-10-29 14:12 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-29 14:12 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-29 14:11 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-10-29 14:05 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-29 14:03 - 2013-01-17 17:29 - 00000000 ____D () C:\Users\Asus\AppData\Local\CrashDumps
2014-10-29 12:13 - 2012-07-26 06:26 - 00000322 _____ () C:\Windows\win.ini
2014-10-29 11:20 - 2012-11-28 20:58 - 00000000 ____D () C:\Users\Asus
2014-10-29 11:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-10-28 23:45 - 2014-08-19 14:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-28 23:35 - 2013-01-18 10:47 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Mozilla
2014-10-28 23:26 - 2013-01-17 17:33 - 00000000 ____D () C:\Users\Asus\AppData\Local\Citrix
2014-10-28 23:23 - 2012-11-28 21:41 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Samsung
2014-10-28 23:23 - 2012-11-28 21:39 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-28 23:23 - 2012-10-28 20:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-28 22:14 - 2012-12-01 22:47 - 00445440 ___SH () C:\Users\Asus\Downloads\Thumbs.db
2014-10-28 21:46 - 2012-11-28 21:18 - 00060416 ___SH () C:\Users\Asus\Desktop\Thumbs.db
2014-10-28 21:46 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default
2014-10-28 21:40 - 2012-07-26 06:26 - 00000215 _____ () C:\Windows\system.ini
2014-10-28 21:30 - 2012-07-26 06:26 - 73400320 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-28 21:30 - 2012-07-26 06:26 - 11796480 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-28 21:30 - 2012-07-26 06:26 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-28 21:30 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-28 21:30 - 2012-07-26 06:26 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-28 21:30 - 2012-07-26 06:26 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-10-28 19:38 - 2012-07-26 08:21 - 00040201 _____ () C:\Windows\setupact.log
2014-10-19 21:45 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-10-19 19:35 - 2012-11-28 21:02 - 00001678 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-19 15:55 - 2014-05-22 10:33 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-10-19 11:56 - 2014-05-22 10:37 - 00000086 _____ () C:\Windows\wiso.ini
2014-10-19 11:49 - 2014-05-22 10:33 - 00000000 ____D () C:\Program Files (x86)\Buhl finance
2014-10-06 20:53 - 2012-11-28 21:04 - 00000000 ____D () C:\Users\Asus\Documents\Bluetooth Folder
2014-10-03 10:02 - 2012-12-12 12:19 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Asus\AppData\Local\temp\InstHelper.exe
C:\Users\Asus\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 18:29

==================== End Of Log ============================
--- --- ---

cosinus 30.10.2014 12:00
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: http=127.0.0.1:13837;https=127.0.0.1:13837
FF Extension: Shopping Helper Smartbar - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\Extensions\{1a3e798c-998b-1943-0c7f-8fd69ced1164} [2014-10-26]
FF Extension: No Name - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com [Not Found]
FF Extension: No Name - wrigtdamon@yahoo.com [Not Found]
CHR HomePage: Default -> http://isearch.omiga-plus.com/?type=hp&ts=1413743725&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51139JDBGMHJDBGMHX
Task: {198289B7-27B3-433F-A1AE-048EEB9446EF} - \ASP No Task File <==== ATTENTION
Task: {1DB76B47-E148-42F2-9A24-56103C6A1E36} - System32\Tasks\TSLPBY => C:\Users\Asus\AppData\Roaming\TSLPBY.exe <==== ATTENTION
Task: {2AEB5209-E996-49B9-B969-283E0BEFCB5A} - System32\Tasks\MQQ => C:\Users\Asus\AppData\Roaming\MQQ.exe <==== ATTENTION
Task: {319D5422-1575-4C94-A9E1-E2BFD6DD8179} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4DB4AB46-84A8-4455-A412-E3ADE4562157} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {F9E7068A-E805-4258-9A1F-0932E11DEEA2} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: C:\Windows\Tasks\MQQ.job => C:\Users\Asus\AppData\Roaming\MQQ.exe <==== ATTENTION
Task: C:\Windows\Tasks\TSLPBY.job => C:\Users\Asus\AppData\Roaming\TSLPBY.exe <==== ATTENTION
C:\Users\Asus\AppData\Roaming\AnyProtectEx
C:\Windows\System32\Tasks\Optimizer Pro Schedule
C:\Windows\Tasks\MQQ.job
C:\Windows\System32\Tasks\MQQ
C:\Users\Asus\AppData\Roaming\MQQ.exe
C:\Users\Asus\AppData\Local\com
C:\Program Files (x86)\MyPC Backup
C:\Windows\Tasks\TSLPBY.job
C:\Windows\System32\Tasks\TSLPBY
C:\Users\Asus\AppData\Roaming\TSLPBY.exe
C:\Program Files (x86)\Optimizer Pro
C:\Program Files (x86)\Enigma Software Group
C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
C:\Users\Asus\AppData\Roaming\InetStat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Iraklis 30.10.2014 12:30
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014
Ran by Asus at 2014-10-30 12:08:20 Run:1
Running from C:\Users\Asus\Desktop
Loaded Profile: Asus (Available profiles: Asus)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: http=127.0.0.1:13837;https=127.0.0.1:13837
FF Extension: Shopping Helper Smartbar - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\Extensions\{1a3e798c-998b-1943-0c7f-8fd69ced1164} [2014-10-26]
FF Extension: No Name - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com [Not Found]
FF Extension: No Name - wrigtdamon@yahoo.com [Not Found]
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1413743725&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51139JDBGMHJDBGMHX
Task: {198289B7-27B3-433F-A1AE-048EEB9446EF} - \ASP No Task File <==== ATTENTION
Task: {1DB76B47-E148-42F2-9A24-56103C6A1E36} - System32\Tasks\TSLPBY => C:\Users\Asus\AppData\Roaming\TSLPBY.exe <==== ATTENTION
Task: {2AEB5209-E996-49B9-B969-283E0BEFCB5A} - System32\Tasks\MQQ => C:\Users\Asus\AppData\Roaming\MQQ.exe <==== ATTENTION
Task: {319D5422-1575-4C94-A9E1-E2BFD6DD8179} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4DB4AB46-84A8-4455-A412-E3ADE4562157} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {F9E7068A-E805-4258-9A1F-0932E11DEEA2} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: C:\Windows\Tasks\MQQ.job => C:\Users\Asus\AppData\Roaming\MQQ.exe <==== ATTENTION
Task: C:\Windows\Tasks\TSLPBY.job => C:\Users\Asus\AppData\Roaming\TSLPBY.exe <==== ATTENTION
C:\Users\Asus\AppData\Roaming\AnyProtectEx
C:\Windows\System32\Tasks\Optimizer Pro Schedule
C:\Windows\Tasks\MQQ.job
C:\Windows\System32\Tasks\MQQ
C:\Users\Asus\AppData\Roaming\MQQ.exe
C:\Users\Asus\AppData\Local\com
C:\Program Files (x86)\MyPC Backup
C:\Windows\Tasks\TSLPBY.job
C:\Windows\System32\Tasks\TSLPBY
C:\Users\Asus\AppData\Roaming\TSLPBY.exe
C:\Program Files (x86)\Optimizer Pro
C:\Program Files (x86)\Enigma Software Group
C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
C:\Users\Asus\AppData\Roaming\InetStat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
EmptyTemp:
Hosts:
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\Extensions\{1a3e798c-998b-1943-0c7f-8fd69ced1164} => Moved successfully.
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\extensions\wrigtdamon@yahoo.com not found.
FF Extension: No Name - wrigtdamon@yahoo.com [Not Found] not found.
Chrome HomePage deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{198289B7-27B3-433F-A1AE-048EEB9446EF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{198289B7-27B3-433F-A1AE-048EEB9446EF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1DB76B47-E148-42F2-9A24-56103C6A1E36}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DB76B47-E148-42F2-9A24-56103C6A1E36}" => Key deleted successfully.
C:\Windows\System32\Tasks\TSLPBY => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TSLPBY" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2AEB5209-E996-49B9-B969-283E0BEFCB5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AEB5209-E996-49B9-B969-283E0BEFCB5A}" => Key deleted successfully.
C:\Windows\System32\Tasks\MQQ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MQQ" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{319D5422-1575-4C94-A9E1-E2BFD6DD8179}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{319D5422-1575-4C94-A9E1-E2BFD6DD8179}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4DB4AB46-84A8-4455-A412-E3ADE4562157}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB4AB46-84A8-4455-A412-E3ADE4562157}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F9E7068A-E805-4258-9A1F-0932E11DEEA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9E7068A-E805-4258-9A1F-0932E11DEEA2}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpyHunter4Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => Key deleted successfully.
C:\Windows\Tasks\MQQ.job => Moved successfully.
C:\Windows\Tasks\TSLPBY.job => Moved successfully.
C:\Users\Asus\AppData\Roaming\AnyProtectEx => Moved successfully.
"C:\Windows\System32\Tasks\Optimizer Pro Schedule" => File/Directory not found.
"C:\Windows\Tasks\MQQ.job" => File/Directory not found.
"C:\Windows\System32\Tasks\MQQ" => File/Directory not found.
"C:\Users\Asus\AppData\Roaming\MQQ.exe" => File/Directory not found.
C:\Users\Asus\AppData\Local\com => Moved successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"C:\Windows\Tasks\TSLPBY.job" => File/Directory not found.
"C:\Windows\System32\Tasks\TSLPBY" => File/Directory not found.
"C:\Users\Asus\AppData\Roaming\TSLPBY.exe" => File/Directory not found.
"C:\Program Files (x86)\Optimizer Pro" => File/Directory not found.
"C:\Program Files (x86)\Enigma Software Group" => File/Directory not found.
C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat => Moved successfully.
C:\Users\Asus\AppData\Roaming\InetStat => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 429.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

cosinus 30.10.2014 13:01
Rechner neu gestartet? Wenn ja, bitte zur Nachkontrolle frische FRST Logs erstellen und posten.-

Iraklis 30.10.2014 13:07
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014
Ran by Asus at 2014-10-30 13:04:38
Running from C:\Users\Asus\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.32 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ESET NOD32 Antivirus (HKLM\...\{9EEE5827-F6A6-447E-9839-6AFAF6FCC442}) (Version: 8.0.304.4 - ESET, spol s r. o.)
Free YouTube to MP3 Converter version 3.12.10.812 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.10.812 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
InetStat (HKCU\...\InetStat) (Version: 0.5b - InetStat)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
t@x 2014 (HKLM-x32\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (08/27/2012 1.0.0.125) (HKLM\...\2BD897DEE9289F769D9176245811D5330A360B0B) (Version: 08/27/2012 1.0.0.125 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-480692169-2859508237-3514454044-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-480692169-2859508237-3514454044-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-480692169-2859508237-3514454044-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-480692169-2859508237-3514454044-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

28-10-2014 22:20:39 Removed Samsung Kies
30-10-2014 08:45:00 Removed SpyHunter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2014-10-30 12:08 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1249AE20-A7BC-4DBF-A776-7555CBE4024E} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {16E5B35A-9673-4EBA-AC90-F5C1AC37D25C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {290F9B47-4D28-4ACE-B05D-65D91366D80B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {6683D72B-CB05-4A63-8E43-01E58C43C823} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {82C0FFFC-9BB3-413D-9992-64E9D3B76791} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {83635A10-A158-452F-8895-974DE7A6437E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {858D59E1-266D-460C-9E46-8CF60F77710F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AED13FBC-9100-4FD8-96AF-DB95EEF51877} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001UA => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {AEEA2B72-D479-49AA-B462-A580D1440608} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-03] (Microsoft Corporation)
Task: {B2800EDA-3D78-4BB3-AADC-AFFCFBABA640} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001Core1ce0d4ca69a01c8 => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {BECC9953-7B9D-46D7-80E9-3C624A30D1EE} - System32\Tasks\Google Updater and Installer => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C73C5D15-F828-427B-B98E-5DB5AFC6C104} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {D5825BB9-C269-4890-B2CE-B6B4000D3427} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {E1121F6C-B7B9-4B67-950E-2FE068AEFE7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {E55102B7-1977-408C-B9B8-B576429B1E11} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {E7294B90-9506-4D87-B3E6-9BADFE97F208} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001Core1ce0d4ca69a01c8.job => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001UA.job => C:\Users\Asus\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-10-19 11:52 - 2013-10-30 16:45 - 00587856 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-28 20:47 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 09572944 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wgui14.dll
2014-10-19 11:49 - 2013-10-30 16:46 - 03674192 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wcore14.dll
2014-10-19 11:50 - 2013-10-30 16:45 - 00308816 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\rscorewinapi48.dll
2014-10-19 11:50 - 2013-10-30 16:45 - 00321616 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\rsguiwinapi48.dll
2014-10-19 11:50 - 2013-10-30 16:45 - 00034896 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\rsdcom48.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 02467408 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wfvie14.dll
2014-10-19 11:50 - 2013-10-30 16:37 - 01043456 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\clucene-core.dll
2014-10-19 11:50 - 2013-10-30 16:37 - 00250368 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\clucene-contribs-lib.dll
2014-10-19 11:50 - 2013-10-30 16:45 - 00136272 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\rsodbc48.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01855568 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wsteu14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01904208 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wreli14.dll
2014-10-19 11:50 - 2013-10-30 16:37 - 00094720 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\clucene-shared.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 04277840 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wauff14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01396816 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wmain14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 05019728 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wbae114.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01666128 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wbae214.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01786448 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wbae314.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01624144 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wbae414.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01125456 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\whau114.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01316944 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\whau214.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01278544 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wwerb14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 06818384 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wkont14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01266768 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wimp14.dll
2014-10-19 11:49 - 2013-10-30 16:45 - 01322064 ____N () C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\wfabu14.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-10-28 23:44 - 2014-10-28 03:01 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\Run: => "KiesPreload"
HKCU\...\StartupApproved\Run: => "KiesAirMessage"
HKCU\...\StartupApproved\Run: => "Google Update"
HKCU\...\StartupApproved\Run: => "NTRedirect"
HKCU\...\StartupApproved\Run: => ""
HKCU\...\StartupApproved\Run: => "Easy Speed PC"
HKCU\...\StartupApproved\Run: => "EasySpeedCheck"
HKCU\...\StartupApproved\Run: => "Browser Infrastructure Helper"

========================= Accounts: ==========================

Administrator (S-1-5-21-480692169-2859508237-3514454044-500 - Administrator - Disabled)
Asus (S-1-5-21-480692169-2859508237-3514454044-1001 - Administrator - Enabled) => C:\Users\Asus
Gast (S-1-5-21-480692169-2859508237-3514454044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-480692169-2859508237-3514454044-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2014 00:20:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.exe, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4e8

Startzeit: 01cff43372a41838

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.exe

Berichts-ID: cb37354a-6026-11e4-beb0-dc85de7829e6

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/30/2014 00:19:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16628, Zeitstempel: 0x51a94434
Name des fehlerhaften Moduls: twinui.dll, Version: 6.2.9200.17101, Zeitstempel: 0x54015816
Ausnahmecode: 0x80270249
Fehleroffset: 0x000000000037d18b
ID des fehlerhaften Prozesses: 0xff0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (10/30/2014 11:52:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SulaMisa)
Description: Bei der Aktivierung der App „Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (10/30/2014 11:05:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x70a18482
ID des fehlerhaften Prozesses: 0x130c
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5

Error: (10/30/2014 11:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x03254e50
ID des fehlerhaften Prozesses: 0x130c
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5

Error: (10/30/2014 11:05:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x70a18482
ID des fehlerhaften Prozesses: 0x2d8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5

Error: (10/30/2014 11:05:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00994e50
ID des fehlerhaften Prozesses: 0x2d8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5

Error: (10/30/2014 11:05:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x70a18482
ID des fehlerhaften Prozesses: 0xf0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5

Error: (10/30/2014 11:04:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe, Version: 15.0.0.152, Zeitstempel: 0x53fe814b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x02894e50
ID des fehlerhaften Prozesses: 0xf0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_15_0_0_152.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_15_0_0_152.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_15_0_0_152.exe2
Berichtskennung: FlashPlayerPlugin_15_0_0_152.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_15_0_0_152.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_15_0_0_152.exe5

Error: (10/30/2014 11:04:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 33.0.2.5413 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d40

Startzeit: 01cff42846eac8ca

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 00ad4916-601c-11e4-beaf-dc85de7829e6

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (10/30/2014 11:26:04 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/30/2014 11:25:33 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (10/30/2014 00:20:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.exe6.2.9200.166284e801cff43372a418380C:\Windows\Explorer.execb37354a-6026-11e4-beb0-dc85de7829e6

Error: (10/30/2014 00:19:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.2.9200.1662851a94434twinui.dll6.2.9200.171015401581680270249000000000037d18bff001cff432a8b6dedeC:\Windows\Explorer.EXEC:\Windows\System32\twinui.dlladbe926e-6026-11e4-beb0-dc85de7829e6

Error: (10/30/2014 11:52:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SulaMisa)
Description: Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader-2144927151

Error: (10/30/2014 11:05:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c000000570a18482130c01cff429161f8bceC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknown55fb4cf9-601c-11e4-beaf-dc85de7829e6

Error: (10/30/2014 11:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c00001a503254e50130c01cff429161f8bceC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknown542e2d8f-601c-11e4-beaf-dc85de7829e6

Error: (10/30/2014 11:05:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c000000570a184822d801cff429069fe22bC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknown4718087b-601c-11e4-beaf-dc85de7829e6

Error: (10/30/2014 11:05:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c00001a500994e502d801cff429069fe22bC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknown45ca132f-601c-11e4-beaf-dc85de7829e6

Error: (10/30/2014 11:05:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c000000570a18482f001cff428f6c0674aC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknown36a6ccd6-601c-11e4-beaf-dc85de7829e6

Error: (10/30/2014 11:04:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_152.exe15.0.0.15253fe814bunknown0.0.0.000000000c00001a502894e50f001cff428f6c0674aC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exeunknown34957bbc-601c-11e4-beaf-dc85de7829e6

Error: (10/30/2014 11:04:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe33.0.2.5413d4001cff42846eac8ca4294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe00ad4916-601c-11e4-beaf-dc85de7829e6


CodeIntegrity Errors:
===================================
  Date: 2014-10-28 21:29:36.381
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B970 @ 2.30GHz
Percentage of memory in use: 36%
Total physical RAM: 3979.81 MB
Available physical RAM: 2519.56 MB
Total Pagefile: 8075.81 MB
Available Pagefile: 6577.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:96.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:258.32 GB) NTFS
Drive e: (KING_OF_QUEENS_4_2) (CDROM) (Total:7.81 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 944CB54D)

Partition: GPT Partition Type.

==================== End Of Log ============================

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014
Ran by Asus (administrator) on SULAMISA on 30-10-2014 13:03:33
Running from C:\Users\Asus\Desktop
Loaded Profile: Asus (Available profiles: Asus)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Farbar) C:\Users\Asus\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-09-14] ()
HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-480692169-2859508237-3514454044-1001\...\Run: [InetStat] => C:\Users\Asus\AppData\Roaming\InetStat\inetstat.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: ASUS Browser Extension x64 -> {78234974-0C4B-4111-BDEB-D9A104418772} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ASUS Browser Extension x86 -> {78234974-0C4B-4111-BDEB-D9A104418771} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Asus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\g1duac04.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Google Update) - C:\Users\Asus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-12]
CHR Extension: (YouTube) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03]
CHR Extension: (Google-Suche) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03]
CHR Extension: (Google Wallet) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Google Mail) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [158968 2014-09-22] (ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 13:03 - 2014-10-30 13:03 - 00018786 _____ () C:\Users\Asus\Desktop\FRST.txt
2014-10-30 09:46 - 2014-10-30 10:01 - 00000000 ____D () C:\AdwCleaner
2014-10-30 09:46 - 2014-10-30 09:38 - 02113536 _____ (Farbar) C:\Users\Asus\Desktop\FRST64 (1).exe
2014-10-30 09:46 - 2014-10-30 09:38 - 01998336 _____ () C:\Users\Asus\Desktop\AdwCleaner_4.002.exe
2014-10-30 09:46 - 2014-10-30 09:38 - 01706144 _____ (Thisisu) C:\Users\Asus\Desktop\JRT.exe
2014-10-29 14:21 - 2014-10-29 14:22 - 00423008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-29 14:19 - 2014-09-29 23:49 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-29 14:19 - 2014-09-29 23:49 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-29 14:07 - 2014-10-29 14:07 - 00284056 _____ () C:\Windows\Minidump\102914-78031-01.dmp
2014-10-29 14:07 - 2014-10-29 14:07 - 00000000 ____D () C:\Windows\Minidump
2014-10-29 14:06 - 2014-10-29 14:06 - 467518369 _____ () C:\Windows\MEMORY.DMP
2014-10-29 12:38 - 2014-07-15 23:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-10-29 11:41 - 2014-10-29 12:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-29 11:30 - 2014-10-29 11:30 - 00000355 _____ () C:\Users\Asus\Desktop\Computer.lnk
2014-10-29 11:27 - 2014-10-29 11:29 - 00000000 ____D () C:\Users\Asus\Desktop\Neuer Ordner
2014-10-29 11:21 - 2014-10-30 13:03 - 00000000 ____D () C:\FRST
2014-10-29 11:20 - 2014-10-29 11:20 - 00000000 _____ () C:\Users\Asus\defogger_reenable
2014-10-29 11:18 - 2014-06-10 23:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-29 11:18 - 2014-06-10 23:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-29 10:56 - 2013-06-16 23:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-10-29 10:56 - 2013-06-01 12:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-10-29 10:56 - 2013-06-01 12:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-10-29 10:56 - 2013-06-01 12:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-10-29 10:56 - 2013-06-01 12:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-10-29 10:56 - 2013-06-01 11:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-10-29 10:56 - 2013-06-01 10:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2014-10-29 10:56 - 2013-06-01 10:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-10-29 10:56 - 2013-06-01 10:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2014-10-29 10:56 - 2013-06-01 10:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2014-10-29 10:56 - 2013-06-01 10:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-10-29 10:56 - 2013-06-01 10:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2014-10-29 10:56 - 2013-06-01 10:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-10-29 10:56 - 2013-06-01 10:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2014-10-29 10:56 - 2013-06-01 10:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2014-10-29 10:56 - 2013-06-01 10:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-10-29 10:56 - 2013-06-01 10:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2014-10-29 10:56 - 2013-06-01 10:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-10-29 10:56 - 2013-06-01 10:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-10-29 10:56 - 2013-06-01 10:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2014-10-29 10:56 - 2013-06-01 10:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2014-10-29 10:56 - 2013-06-01 10:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-29 10:56 - 2013-06-01 10:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2014-10-29 10:56 - 2013-06-01 04:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2014-10-29 10:56 - 2013-05-24 23:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-29 10:56 - 2013-05-24 23:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-29 10:56 - 2013-05-24 23:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-29 10:56 - 2013-05-24 23:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-29 10:54 - 2014-02-04 00:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-10-29 10:54 - 2014-02-04 00:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-10-29 10:54 - 2014-01-31 01:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-10-29 10:54 - 2014-01-31 01:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-10-29 10:54 - 2014-01-27 04:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-10-29 10:54 - 2014-01-27 01:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-29 10:54 - 2014-01-27 01:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-29 10:54 - 2014-01-16 00:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-10-29 10:54 - 2014-01-11 07:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-29 10:54 - 2014-01-11 06:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-29 10:54 - 2014-01-03 00:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-10-29 10:54 - 2014-01-03 00:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-10-29 10:53 - 2014-08-28 12:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-29 10:53 - 2014-08-28 07:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-29 10:53 - 2014-08-28 07:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-29 10:53 - 2014-08-28 07:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-29 10:53 - 2014-08-28 07:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-29 10:53 - 2014-08-28 07:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-29 10:53 - 2014-08-28 07:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-29 10:53 - 2014-08-28 07:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-29 10:53 - 2014-08-28 07:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-29 10:53 - 2014-08-28 07:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-29 10:53 - 2014-08-28 07:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-10-29 10:53 - 2014-08-28 07:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-29 10:53 - 2014-08-28 07:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-29 10:53 - 2014-08-28 07:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-10-29 10:53 - 2014-08-01 00:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-10-29 10:53 - 2014-06-13 02:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-29 10:53 - 2014-06-13 02:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-10-29 10:53 - 2014-04-19 10:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-10-29 00:15 - 2014-06-02 23:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-10-29 00:12 - 2014-05-03 07:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-29 00:12 - 2014-05-03 07:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-29 00:12 - 2014-05-03 05:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-29 00:12 - 2014-05-01 23:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-29 00:12 - 2014-04-29 23:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-10-29 00:12 - 2014-04-29 23:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-10-29 00:12 - 2014-04-24 00:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-29 00:12 - 2014-04-24 00:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-29 00:12 - 2014-04-24 00:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-29 00:12 - 2014-04-24 00:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-29 00:12 - 2014-01-31 01:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-10-29 00:12 - 2013-08-16 06:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-10-29 00:12 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-10-29 00:12 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-10-29 00:12 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-10-29 00:12 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-10-29 00:11 - 2014-04-12 10:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-29 00:11 - 2014-04-12 10:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-29 00:11 - 2014-04-12 10:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-10-29 00:11 - 2014-04-12 10:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-10-29 00:11 - 2014-04-12 10:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-29 00:11 - 2014-04-12 10:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-29 00:11 - 2014-04-12 10:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-29 00:11 - 2014-04-12 10:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-29 00:11 - 2014-04-12 10:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-10-29 00:11 - 2014-04-12 10:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-29 00:11 - 2014-04-12 10:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-29 00:11 - 2014-04-12 08:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-10-29 00:11 - 2014-04-12 08:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-10-29 00:11 - 2014-04-12 08:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-29 00:11 - 2014-04-12 08:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-29 00:11 - 2014-04-12 08:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-29 00:11 - 2014-04-12 08:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-10-29 00:11 - 2014-04-12 08:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-29 00:11 - 2014-04-12 07:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-10-29 00:11 - 2014-03-11 04:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-10-29 00:11 - 2014-03-11 01:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-10-29 00:11 - 2014-03-11 01:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-29 00:11 - 2014-03-11 01:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-10-29 00:11 - 2014-03-11 01:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-10-29 00:11 - 2014-03-11 01:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-29 00:11 - 2014-03-11 01:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-10-29 00:11 - 2014-03-11 01:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-29 00:11 - 2014-03-11 01:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-10-29 00:11 - 2014-03-11 01:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-10-29 00:11 - 2014-03-11 01:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-10-29 00:11 - 2014-03-11 01:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-10-29 00:11 - 2014-03-10 04:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-29 00:11 - 2014-03-10 02:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-10-29 00:11 - 2014-03-04 00:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-29 00:11 - 2013-04-11 23:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-10-29 00:11 - 2013-04-11 23:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-29 00:10 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-10-29 00:10 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-10-29 00:10 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-10-29 00:10 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-10-29 00:10 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-10-29 00:10 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-10-29 00:10 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-10-29 00:10 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-10-29 00:10 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-10-29 00:09 - 2014-07-16 00:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-29 00:09 - 2014-07-12 03:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-29 00:09 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-10-29 00:09 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-10-29 00:09 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-10-29 00:09 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-10-29 00:09 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-10-29 00:09 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-10-29 00:08 - 2013-05-15 03:25 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2014-10-29 00:08 - 2013-05-15 03:25 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-10-29 00:08 - 2013-05-15 03:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2014-10-29 00:08 - 2013-05-15 03:24 - 00482816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-10-29 00:08 - 2013-05-04 08:58 - 00120736 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2014-10-29 00:08 - 2013-05-04 08:34 - 00284416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-10-29 00:08 - 2013-05-04 07:59 - 13644288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-10-29 00:08 - 2013-05-04 07:59 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-10-29 00:08 - 2013-05-04 07:59 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2014-10-29 00:08 - 2013-05-04 07:58 - 01332736 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-10-29 00:08 - 2013-05-04 07:58 - 00470528 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2014-10-29 00:08 - 2013-05-04 07:58 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-10-29 00:08 - 2013-05-04 07:58 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-10-29 00:08 - 2013-05-04 07:58 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2014-10-29 00:08 - 2013-05-04 07:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2014-10-29 00:08 - 2013-05-04 07:58 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\BCP47Langs.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\biwinrt.dll
2014-10-29 00:08 - 2013-05-04 07:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2014-10-29 00:08 - 2013-05-04 07:56 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2014-10-29 00:08 - 2013-05-04 05:58 - 00758784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2014-10-29 00:08 - 2013-05-04 05:57 - 10788864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-10-29 00:08 - 2013-05-04 05:57 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-10-29 00:08 - 2013-05-04 05:57 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2014-10-29 00:08 - 2013-05-04 05:57 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2014-10-29 00:08 - 2013-05-04 05:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2014-10-29 00:08 - 2013-05-04 05:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2014-10-29 00:08 - 2013-05-04 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2014-10-29 00:08 - 2013-05-04 05:56 - 00449536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2014-10-29 00:08 - 2013-05-04 05:56 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-10-29 00:08 - 2013-05-04 05:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2014-10-29 00:08 - 2013-05-04 05:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2014-10-29 00:08 - 2013-05-04 05:55 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2014-10-29 00:08 - 2013-05-04 05:51 - 00014848 _____ (Microsoft) C:\Windows\system32\rars.rs
2014-10-29 00:08 - 2013-05-04 05:47 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-10-29 00:08 - 2013-05-04 05:10 - 00014848 _____ (Microsoft) C:\Windows\SysWOW64\rars.rs
2014-10-29 00:07 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-10-29 00:07 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-10-29 00:07 - 2013-04-27 06:20 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-29 00:04 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-10-29 00:04 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2014-10-29 00:04 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-10-29 00:04 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-10-29 00:04 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-10-29 00:04 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2014-10-29 00:04 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-10-29 00:04 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-10-29 00:04 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-10-29 00:04 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-10-29 00:04 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-10-29 00:04 - 2013-07-13 07:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-29 00:04 - 2013-07-13 07:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-29 00:04 - 2013-07-13 07:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-29 00:04 - 2013-07-13 07:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2014-10-29 00:04 - 2013-07-13 07:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2014-10-29 00:04 - 2013-07-13 05:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-29 00:04 - 2013-07-13 05:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-29 00:04 - 2013-07-13 05:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2014-10-29 00:04 - 2013-07-13 05:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2014-10-29 00:04 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-10-29 00:04 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2014-10-29 00:04 - 2013-05-04 07:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-10-29 00:04 - 2013-05-04 05:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-10-29 00:03 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-29 00:03 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-29 00:03 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-10-29 00:03 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-10-29 00:01 - 2014-05-29 23:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-29 00:01 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-10-29 00:01 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-10-29 00:00 - 2014-09-28 05:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-29 00:00 - 2014-08-01 23:08 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-29 00:00 - 2014-07-24 14:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-10-29 00:00 - 2014-07-17 00:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-10-29 00:00 - 2014-07-16 23:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-10-29 00:00 - 2014-07-16 23:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-10-29 00:00 - 2014-07-12 07:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-10-29 00:00 - 2014-07-12 05:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-10-29 00:00 - 2014-07-12 05:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-10-29 00:00 - 2014-07-12 05:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-10-29 00:00 - 2014-07-12 05:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-10-29 00:00 - 2014-06-28 07:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-10-29 00:00 - 2014-06-28 03:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-10-28 23:59 - 2014-10-28 23:59 - 00001490 _____ () C:\Users\Asus\Desktop\Mozilla Firefox.lnk
2014-10-28 23:55 - 2014-06-06 15:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-28 23:55 - 2014-06-06 11:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-10-28 23:55 - 2014-04-03 12:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-28 23:55 - 2013-04-03 00:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-10-28 23:55 - 2013-04-03 00:12 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-10-28 23:54 - 2014-09-18 00:24 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-28 23:54 - 2014-09-17 23:56 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-28 23:54 - 2014-08-30 06:48 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-28 23:54 - 2014-08-30 06:46 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-28 23:54 - 2014-08-30 05:05 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-28 23:54 - 2014-08-30 05:03 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-28 23:54 - 2014-06-20 00:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-28 23:54 - 2014-06-19 23:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-28 23:54 - 2014-06-13 00:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-10-28 23:54 - 2014-06-13 00:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-10-28 23:54 - 2014-06-05 18:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-28 23:54 - 2014-06-05 18:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-28 23:54 - 2014-06-05 14:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-10-28 23:54 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-10-28 23:54 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-28 23:54 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-10-28 23:52 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-10-28 23:52 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2014-10-28 23:52 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-10-28 23:52 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-10-28 23:52 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-10-28 23:52 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2014-10-28 23:52 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2014-10-28 23:52 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-10-28 23:52 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-10-28 23:51 - 2013-08-07 06:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-10-28 23:51 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-10-28 23:51 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-10-28 23:51 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-10-28 23:51 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-10-28 23:51 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-10-28 23:51 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2014-10-28 23:49 - 2014-03-07 01:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-10-28 23:49 - 2014-03-07 01:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-28 23:48 - 2014-10-28 23:48 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 23:48 - 2014-10-28 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-28 23:47 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-10-28 23:47 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-10-28 23:46 - 2014-10-30 12:51 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 23:46 - 2014-10-30 12:14 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 23:46 - 2014-10-28 23:46 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-28 23:46 - 2014-10-28 23:46 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-28 23:45 - 2014-10-28 23:47 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-28 23:45 - 2014-05-29 05:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-10-28 23:45 - 2014-05-08 02:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-10-28 23:45 - 2014-03-01 10:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-10-28 23:45 - 2014-03-01 10:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-10-28 23:45 - 2014-03-01 09:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-10-28 23:45 - 2014-03-01 07:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-10-28 23:45 - 2014-02-15 05:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-10-28 23:45 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-10-28 23:45 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-10-28 23:45 - 2013-05-04 05:48 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2014-10-28 23:44 - 2014-10-28 23:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-28 23:31 - 2014-10-28 23:47 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-28 23:31 - 2014-10-28 23:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-28 22:22 - 2014-10-28 22:22 - 00000000 ____D () C:\Users\Asus\AppData\Local\ESET
2014-10-28 22:19 - 2014-10-28 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-10-28 22:19 - 2014-10-28 22:19 - 00000000 ____D () C:\ProgramData\ESET
2014-10-28 22:19 - 2014-10-28 22:19 - 00000000 ____D () C:\Program Files\ESET
2014-10-28 22:12 - 2014-10-28 22:12 - 02347384 _____ (ESET) C:\Users\Asus\Downloads\esetsmartinstaller_deu.exe
2014-10-28 21:52 - 2014-10-28 21:52 - 00000000 ____D () C:\Windows\ERUNT
2014-10-28 21:50 - 2014-10-28 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-28 21:19 - 2014-10-28 21:21 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-10-28 21:18 - 2014-10-28 21:46 - 00000000 ____D () C:\Qoobox
2014-10-28 21:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-28 21:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-28 21:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-28 21:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-28 21:17 - 2014-10-28 21:43 - 00000000 ____D () C:\Windows\erdnt
2014-10-28 19:41 - 2014-10-28 21:21 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-28 19:41 - 2014-10-28 19:41 - 00000000 _____ () C:\autoexec.bat
2014-10-28 19:41 - 2012-06-22 12:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-10-28 19:40 - 2014-10-28 19:41 - 00000000 ____D () C:\sh4ldr
2014-10-28 19:40 - 2014-10-28 19:40 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-28 19:39 - 2014-10-28 19:41 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-26 16:51 - 2014-10-26 16:51 - 00002625 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-26 16:39 - 2014-10-30 12:13 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-10-20 15:53 - 2014-10-20 15:53 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Probit Software
2014-10-19 19:37 - 2014-10-26 16:39 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-19 19:35 - 2014-10-19 19:35 - 00001334 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
2014-10-19 19:35 - 2014-10-19 19:35 - 00001299 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hilfe.lnk
2014-10-19 19:35 - 2014-10-19 19:35 - 00001299 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Speed PC.lnk
2014-10-19 19:35 - 2014-10-19 19:35 - 00001284 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Speed PC on the Web.lnk
2014-10-19 19:34 - 2014-10-28 21:29 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-10-19 16:49 - 2014-10-19 16:49 - 00308066 _____ () C:\Users\Asus\Documents\steuer 1.zip
2014-10-19 11:55 - 2014-10-19 11:55 - 00002216 _____ () C:\Users\Public\Desktop\t@x 2014.lnk
2014-10-19 11:52 - 2014-10-19 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\t@x 2014

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 13:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-30 12:52 - 2012-10-28 21:05 - 01735796 _____ () C:\Windows\WindowsUpdate.log
2014-10-30 12:39 - 2012-12-03 21:18 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001UA.job
2014-10-30 12:23 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-30 12:21 - 2013-09-12 19:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-30 12:18 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-10-30 12:18 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-10-30 12:18 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-30 12:13 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-30 12:08 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-10-30 11:05 - 2013-01-17 17:29 - 00000000 ____D () C:\Users\Asus\AppData\Local\CrashDumps
2014-10-30 11:01 - 2012-11-28 21:08 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-480692169-2859508237-3514454044-1001
2014-10-30 10:28 - 2012-11-28 21:03 - 00000500 _____ () C:\Users\Asus\AppData\Roaming\sp_data.sys
2014-10-30 10:02 - 2012-08-02 14:24 - 00212134 _____ () C:\Windows\PFRO.log
2014-10-29 15:39 - 2013-02-17 21:23 - 00001082 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-480692169-2859508237-3514454044-1001Core1ce0d4ca69a01c8.job
2014-10-29 14:54 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-10-29 14:33 - 2013-05-24 18:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-29 14:20 - 2012-07-26 06:37 - 00000000 ____D () C:\Windows\servicing
2014-10-29 14:14 - 2012-07-26 10:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-29 14:14 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-10-29 14:13 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-10-29 14:12 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-29 14:12 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-29 14:12 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-10-29 14:12 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-10-29 14:12 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-29 14:12 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-29 14:11 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-10-29 14:05 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-29 12:13 - 2012-07-26 06:26 - 00000322 _____ () C:\Windows\win.ini
2014-10-29 11:20 - 2012-11-28 20:58 - 00000000 ____D () C:\Users\Asus
2014-10-29 11:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-10-28 23:45 - 2014-08-19 14:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-28 23:35 - 2013-01-18 10:47 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Mozilla
2014-10-28 23:26 - 2013-01-17 17:33 - 00000000 ____D () C:\Users\Asus\AppData\Local\Citrix
2014-10-28 23:23 - 2012-11-28 21:41 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Samsung
2014-10-28 23:23 - 2012-11-28 21:39 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-28 23:23 - 2012-10-28 20:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-28 22:14 - 2012-12-01 22:47 - 00445440 ___SH () C:\Users\Asus\Downloads\Thumbs.db
2014-10-28 21:46 - 2012-11-28 21:18 - 00060416 ___SH () C:\Users\Asus\Desktop\Thumbs.db
2014-10-28 21:46 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default
2014-10-28 21:40 - 2012-07-26 06:26 - 00000215 _____ () C:\Windows\system.ini
2014-10-28 21:30 - 2012-07-26 06:26 - 73400320 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-28 21:30 - 2012-07-26 06:26 - 11796480 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-28 21:30 - 2012-07-26 06:26 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-28 21:30 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-28 21:30 - 2012-07-26 06:26 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-28 21:30 - 2012-07-26 06:26 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-10-28 19:38 - 2012-07-26 08:21 - 00040201 _____ () C:\Windows\setupact.log
2014-10-19 19:35 - 2012-11-28 21:02 - 00001678 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-19 15:55 - 2014-05-22 10:33 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-10-19 11:56 - 2014-05-22 10:37 - 00000086 _____ () C:\Windows\wiso.ini
2014-10-19 11:49 - 2014-05-22 10:33 - 00000000 ____D () C:\Program Files (x86)\Buhl finance
2014-10-06 20:53 - 2012-11-28 21:04 - 00000000 ____D () C:\Users\Asus\Documents\Bluetooth Folder
2014-10-03 10:02 - 2012-12-12 12:19 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-30 10:57

==================== End Of Log ============================
--- --- ---

cosinus 30.10.2014 17:32
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    SpyHunter

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 

Iraklis 31.10.2014 17:34
Vielen dank schon mal für deine Hilfe - Leider klapp es nicht die Software zu deinstallieren siehe Fotos.

http://www.imgbox.de/users/public/images/xJieIZGR8B.jpg

http://www.imgbox.de/users/public/images/DLYx6kZkFl.jpg

Wir haben einiges Geschafft. Folgende Probleme bestehen noch:

- Computer braucht nach Passworteingabe ca. 20 Minuten um Bedienbar zu sein
- Programme, Bilder, ... kann immer noch nicht ohne zuvor "als Administrator öffnen" öffnen

Handelt es sich hier noch um einen Virus bzw. gibt es dafür eine Lösung?

cosinus 01.11.2014 01:13
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Iraklis 04.11.2014 21:18
Hallo,

die Geschwindigkeit hat sich deutlich verbessert - Vielen Dank.
Seit heute ist auch Windows 8.1 installiert.

Letztendlich gibt es nur noch 2 Probleme:

- Programme, Bilder, ... kann man nicht ohne zuvor "als Administrator öffnen" öffnen. Dieses Problem geht einfach nicht weg.

- Spyhunter lässt sich nicht deinstallieren (siehe Fehlermeldung vorheriger Post)

Hättest du dafür ein paar Ideen?

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6a52c14618b5d244915f19694ea60c7b
# engine=20897
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-02 11:17:20
# local_time=2014-11-03 12:17:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 130230 19361129 0 0
# scanned=259940
# found=0
# cleaned=0
# scan_time=5448
# nod_component=V3 Build:0x30000000
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 02.11.2014
Suchlauf-Zeit: 19:35:04
Logdatei: malware.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.02.05
Rootkit Datenbank: v2014.11.01.02
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Asus

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333033
Verstrichene Zeit: 25 Min, 9 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:23 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131