Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung

Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung


Plagegeister aller Art und deren Bekämpfung: Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.04.2014, 15:14   #1
Äbb<
 
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung - Ausrufezeichen

Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung


Hallo,

ich bekomme ständig Meldungen dass mein PC nicht sicher ist, und dass ich irgendeine Software downloaden soll. Das wird immer mehr und nervt ständig. Wenn ich im Internet bin öffnen sich andauernd neue Fenster.
Außerdem habe ich auch das Gefühl, dass viel mehr Werbung auf den Internetseiten angezeigt wird als zuvor.
Das Antivirus-Programm findet aber auch nichts! Ich weiß nicht, was ich noch machen soll!
Wer kann mir helfen? Ich kenne mich leider nicht wirklich gut mit Computern aus.

Viele Grüße
Abb<

Alt 29.04.2014, 15:26   #2
M-K-D-B
/// TB-Ausbilder
 
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung - Standard

Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung





Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Alt 29.04.2014, 15:41   #3
Äbb<
 
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung - Standard

Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung



FRST Logfile:
[CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
Ran by Annika (administrator) on ANNIS on 29-04-2014 16:35:07
Running from C:\Users\Annika\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
() C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIXQNw.exe
() C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\windows\SysWOW64\DllHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014
Ran by Annika at 2014-04-29 16:37:07
Running from C:\Users\Annika\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21101 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{4C3C42A4-A4D1-52CA-2298-197CD329C2D7}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.4 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.30 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Support Center (HKLM\...\{25B191F6-A277-478F-90CA-88B76D5A08BD}) (Version: 2.1.70 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{DC4F83F3-CAF0-4347-97A4-D6B43D7E34F0}) (Version: 2.1.7 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{087EB114-ACEF-44D3-8C0A-27AE0CC8A8BB}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
ViewPassword (HKLM-x32\...\40A3780F-0D28-4F2D-2AA4-7FCE3D35EA34) (Version:  - ViewPassword-software)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

29-04-2014 10:31:50 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2ED79312-8766-4484-BABA-4CD6C948B524} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {310F4E96-687D-419C-ADDF-A5EEEA92474C} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => Rundll32.exe ResetEng.dll,RjvDelayedCleanupEntryPoint
Task: {320BB859-D78D-47CC-B5C3-6B327E68C26B} - System32\Tasks\ViewPassword_wd => C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIXQNw.exe [2014-04-29] ()
Task: {38300192-872D-4932-B4CF-4B8571387D0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5071709C-98AD-41A6-9451-2A5E26883B79} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\Annika\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe [2014-04-29] (Sien SA)
Task: {5E950256-B043-4CF6-82D2-7F595B318C9D} - System32\Tasks\ViewPassword Update => C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX.exe [2014-04-29] ()
Task: {A6C9121C-BA59-435C-A9C8-772120D07AC6} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {BC88B817-7BCB-4460-8727-BE3538B2FF47} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-02-13] (Samsung Electronics CO., LTD.)
Task: {C041BD1B-A4B8-45A0-9E38-17C4190A626A} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-01-14] (SEC)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DB7630B6-D2BE-4D09-A71E-484552621C68} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
Task: C:\windows\Tasks\ViewPassword Update.job => C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX.exe
Task: C:\windows\Tasks\ViewPassword_wd.job => C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIXQNw.exe

==================== Loaded Modules (whitelisted) =============

2012-11-30 09:26 - 2012-11-30 09:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-04-29 13:14 - 2014-04-29 13:14 - 00077312 _____ () C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIXQNw.exe
2014-04-29 13:14 - 2014-04-29 13:14 - 00142848 _____ () C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.exe
2013-01-03 02:50 - 2012-11-01 07:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-31 13:57 - 2012-10-31 13:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-10-31 13:52 - 2012-10-31 13:52 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-10-31 13:55 - 2012-10-31 13:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-10-31 13:57 - 2012-10-31 13:57 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2012-11-06 18:08 - 2012-11-06 18:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-13 07:16 - 2013-02-13 07:16 - 00022528 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2012-07-24 05:06 - 2012-07-24 05:06 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-27 04:24 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-04-29 13:14 - 2014-04-29 13:14 - 00133120 _____ () C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-02-27 04:36 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 04:34 - 2012-06-08 04:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2011-08-15 13:12 - 2011-08-15 13:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2012-06-14 04:57 - 2012-06-14 04:57 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 13:12 - 2011-08-15 13:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-15 13:15 - 2011-08-15 13:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 09:41 - 2011-08-17 09:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 09:48 - 2011-08-17 09:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-17 09:48 - 2011-08-17 09:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 12:23 - 2011-08-15 12:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2012-06-14 04:56 - 2012-06-14 04:56 - 00481792 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-06-14 05:06 - 2012-06-14 05:06 - 00500064 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-06-14 04:55 - 2012-06-14 04:55 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 09:05 - 2011-07-19 09:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 13:17 - 2011-08-15 13:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 09:04 - 2011-07-19 09:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2014-04-29 12:53 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2014 01:04:34 PM) (Source: MsiInstaller) (User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.

Error: (04/29/2014 01:04:32 PM) (Source: MsiInstaller) (User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.

Error: (04/29/2014 01:04:31 PM) (Source: MsiInstaller) (User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.

Error: (04/29/2014 00:30:41 PM) (Source: Application Hang) (User: )
Description: Programm SystemSettings.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1348

Startzeit: 01cf6396020b1a04

Endzeit: 15

Anwendungspfad: C:\windows\ImmersiveControlPanel\SystemSettings.exe

Berichts-ID: 4a0bd8cc-cf89-11e3-be8f-1867b056fcbd

Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.windows.immersivecontrolpanel

Error: (04/29/2014 00:25:25 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005


System errors:
=============
Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}


Microsoft Office Sessions:
=========================
Error: (04/29/2014 01:04:34 PM) (Source: MsiInstaller)(User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/29/2014 01:04:32 PM) (Source: MsiInstaller)(User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/29/2014 01:04:31 PM) (Source: MsiInstaller)(User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/29/2014 00:30:41 PM) (Source: Application Hang)(User: )
Description: SystemSettings.exe6.2.9200.16420134801cf6396020b1a0415C:\windows\ImmersiveControlPanel\SystemSettings.exe4a0bd8cc-cf89-11e3-be8f-1867b056fcbdwindows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (04/29/2014 00:25:25 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005


==================== Memory info =========================== 

Percentage of memory in use: 66%
Total physical RAM: 3797.53 MB
Available physical RAM: 1253.5 MB
Total Pagefile: 7253.53 MB
Available Pagefile: 4162.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.3 GB) (Free:335.66 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
--- --- ---

--- --- ---
__________________
Alt 29.04.2014, 15:42   #4
M-K-D-B
/// TB-Ausbilder
 
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung - Standard

Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung


Die Logdatei FRST.txt ist unvollständig.

Alt 29.04.2014, 15:47   #5
Äbb<
 
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung - Standard

Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
Ran by Annika (administrator) on ANNIS on 29-04-2014 16:35:07
Running from C:\Users\Annika\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
() C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIXQNw.exe
() C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\windows\SysWOW64\DllHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Atheros Communications)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-10-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13897
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM - DefaultScope {683F4EE4-FC8F-4319-B99B-CB0B360A92AF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {683F4EE4-FC8F-4319-B99B-CB0B360A92AF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {683F4EE4-FC8F-4319-B99B-CB0B360A92AF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {683F4EE4-FC8F-4319-B99B-CB0B360A92AF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {683F4EE4-FC8F-4319-B99B-CB0B360A92AF} URL = 
SearchScopes: HKCU - {683F4EE4-FC8F-4319-B99B-CB0B360A92AF} URL = 
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

FireFox:
========
FF ProfilePath: C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default
FF user.js: detected! => C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default\user.js
FF SelectedSearchEngine: StartWeb
FF Homepage: https://www.google.de/
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-04-29]
FF HKCU\...\Firefox\Extensions: [{24BB16A8-DF60-43FA-FE7D-AB1DFA4BCEF1}] - C:\Program Files (x86)\ViewPassword_P\161.xpi
FF Extension: ViewPassword - C:\Program Files (x86)\ViewPassword_P\161.xpi [2014-04-29]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-25] (Samsung Electronics CO., LTD.)
R2 ViewPassword; C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.exe [142848 2014-04-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-17] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
U4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2013-10-17] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178784 2013-06-06] (Kaspersky Lab ZAO)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-29 21:25 - 2014-04-29 21:25 - 00262144 _____ () C:\windows\system32\config\userdiff
2014-04-29 21:25 - 2014-04-29 21:25 - 00000000 ____D () C:\Windows.old
2014-04-29 16:35 - 2014-04-29 16:35 - 00015701 _____ () C:\Users\Annika\Downloads\FRST.txt
2014-04-29 16:34 - 2014-04-29 16:35 - 00000000 ____D () C:\FRST
2014-04-29 16:33 - 2014-04-29 16:33 - 02061824 _____ (Farbar) C:\Users\Annika\Downloads\FRST64(1).exe
2014-04-29 16:31 - 2014-04-29 16:31 - 02061824 _____ (Farbar) C:\Users\Annika\Downloads\FRST64.exe
2014-04-29 15:47 - 2014-04-29 15:47 - 01310621 _____ () C:\Users\Annika\Downloads\adwcleaner.exe
2014-04-29 15:43 - 2014-04-29 15:43 - 00804240 _____ () C:\Users\Annika\Downloads\Setup(1).exe
2014-04-29 15:34 - 2014-04-29 15:34 - 00001290 _____ () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk
2014-04-29 15:34 - 2014-04-29 15:33 - 00001089 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-04-29 15:33 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2014-04-29 15:32 - 2014-04-29 15:36 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-29 15:32 - 2014-04-29 15:32 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-29 15:32 - 2013-10-17 15:47 - 00624224 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2014-04-29 15:32 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2014-04-29 15:25 - 2014-04-29 15:36 - 00003594 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-308811900-1167254852-910680650-1001
2014-04-29 15:20 - 2014-04-29 15:20 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-29 13:20 - 2014-04-29 13:29 - 243681088 _____ () C:\Users\Annika\Downloads\kav14.0.0.4651abDE_5154.exe
2014-04-29 13:15 - 2014-04-29 13:15 - 00000000 ____D () C:\Program Files (x86)\IminentToolbar
2014-04-29 13:14 - 2014-04-29 15:25 - 00003500 _____ () C:\windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2014-04-29 13:14 - 2014-04-29 15:25 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2014-04-29 13:14 - 2014-04-29 15:23 - 00000426 _____ () C:\windows\Tasks\ViewPassword Update.job
2014-04-29 13:14 - 2014-04-29 15:20 - 00000416 _____ () C:\windows\Tasks\ViewPassword_wd.job
2014-04-29 13:14 - 2014-04-29 13:15 - 00000000 ____D () C:\Users\Annika\AppData\Local\Genesis
2014-04-29 13:14 - 2014-04-29 13:14 - 00003068 _____ () C:\windows\System32\Tasks\ViewPassword Update
2014-04-29 13:14 - 2014-04-29 13:14 - 00002998 _____ () C:\windows\System32\Tasks\ViewPassword_wd
2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 ____D () C:\Program Files (x86)\ViewPassword_P
2014-04-29 13:05 - 2014-04-29 13:12 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Apple Computer
2014-04-29 13:05 - 2014-04-29 13:05 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-29 13:05 - 2014-04-29 13:05 - 00000000 ____D () C:\Users\Annika\AppData\Local\Apple Computer
2014-04-29 13:05 - 2014-04-29 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-29 13:04 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2014-04-29 13:03 - 2014-04-29 13:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-29 13:03 - 2014-04-29 13:04 - 00000000 ____D () C:\Program Files\iTunes
2014-04-29 13:03 - 2014-04-29 13:03 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-29 13:03 - 2014-04-29 13:03 - 00000000 ____D () C:\Program Files\iPod
2014-04-29 13:03 - 2014-04-29 13:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-29 13:02 - 2014-04-29 13:02 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Users\Annika\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Users\Annika\AppData\Local\Apple
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-29 13:01 - 2014-04-29 13:02 - 00000000 ____D () C:\ProgramData\Apple
2014-04-29 13:01 - 2014-04-29 13:01 - 00000000 ____D () C:\Program Files\Bonjour
2014-04-29 13:01 - 2014-04-29 13:01 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-04-29 12:54 - 2014-04-29 12:54 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-29 12:54 - 2014-04-29 12:54 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-29 12:54 - 2014-04-29 12:54 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Mozilla
2014-04-29 12:54 - 2014-04-29 12:54 - 00000000 ____D () C:\Users\Annika\AppData\Local\Mozilla
2014-04-29 12:54 - 2014-04-29 12:54 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-29 12:53 - 2014-04-29 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-29 12:53 - 2014-04-29 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-29 12:51 - 2014-04-29 12:51 - 00000000 ____D () C:\Users\Annika\AppData\Local\bitcasa
2014-04-29 12:44 - 2014-04-29 12:44 - 00009712 _____ () C:\Users\Annika\Desktop\Entfernte Anwendungen.html
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Synaptics
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Atheros
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Local\Power2Go8
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Local\BMExplorer
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Local\Adobe
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\ProgramData\Synaptics
2014-04-29 11:49 - 2014-04-29 11:49 - 00000000 ____D () C:\Users\Annika\AppData\Local\Samsung
2014-04-29 11:43 - 2012-12-20 13:41 - 143198702 _____ () C:\windows\[0407]SamsungStory01_ger.scr
2014-04-29 11:39 - 2014-04-29 11:39 - 00001198 ____H () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Support Center Toasts.lnk
2014-04-29 11:39 - 2014-04-29 11:39 - 00000000 _____ () C:\windows\system32\Drivers\144D_SAMSUNG_na_300E5E_P02R.mrk
2014-04-29 11:37 - 2014-04-29 11:37 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 11:37 - 2014-04-29 11:37 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-29 11:36 - 2014-04-29 11:36 - 00001438 _____ () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-29 11:36 - 2014-04-29 11:36 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Adobe
2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____D () C:\Program Files\Synaptics
2014-04-29 11:34 - 2014-04-29 11:35 - 00005568 _____ () C:\windows\DPINST.LOG
2014-04-29 11:34 - 2014-04-29 11:35 - 00001362 _____ () C:\windows\Synaptics.log
2014-04-29 11:32 - 2014-04-29 11:32 - 00000000 ____D () C:\Users\Annika\AppData\Local\VirtualStore
2014-04-29 11:31 - 2014-04-29 11:31 - 00000020 ___SH () C:\Users\Annika\ntuser.ini
2014-04-29 11:28 - 2014-04-29 11:28 - 00001739 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Vorlagen
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Startmenü
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Netzwerkumgebung
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Lokale Einstellungen
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Eigene Dateien
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Druckumgebung
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Documents\Eigene Musik
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Documents\Eigene Bilder
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\AppData\Local\Verlauf
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\AppData\Local\Anwendungsdaten
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Anwendungsdaten
2014-04-29 11:28 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-29 11:28 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-29 11:28 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-04-29 11:28 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-29 11:27 - 2014-04-29 13:39 - 00000000 ____D () C:\Users\Annika
2014-04-29 11:27 - 2014-04-29 11:28 - 00017148 _____ () C:\windows\diagwrn.xml
2014-04-29 11:27 - 2014-04-29 11:28 - 00017148 _____ () C:\windows\diagerr.xml
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Programme
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-04-29 09:50 - 2014-04-29 20:55 - 00000000 ___HD () C:\$SysReset
2014-04-27 13:49 - 2014-04-27 13:49 - 12569408 _____ (IObit) C:\Users\Annika\Downloads\iobituninstaller_3.2.0.128.exe
2014-04-27 12:37 - 2014-04-22 20:24 - 00000426 _____ () C:\AVScanner.ini
2014-04-20 19:18 - 2014-04-20 19:18 - 00000000 ____D () C:\Users\Annika\Documents\CyberLink

==================== One Month Modified Files and Folders =======

2014-04-29 21:25 - 2014-04-29 21:25 - 00262144 _____ () C:\windows\system32\config\userdiff
2014-04-29 21:25 - 2014-04-29 21:25 - 00000000 ____D () C:\Windows.old
2014-04-29 21:25 - 2012-07-26 10:13 - 00262144 _____ () C:\windows\system32\config\BCD-Template
2014-04-29 20:55 - 2014-04-29 09:50 - 00000000 ___HD () C:\$SysReset
2014-04-29 16:35 - 2014-04-29 16:35 - 00015701 _____ () C:\Users\Annika\Downloads\FRST.txt
2014-04-29 16:35 - 2014-04-29 16:34 - 00000000 ____D () C:\FRST
2014-04-29 16:33 - 2014-04-29 16:33 - 02061824 _____ (Farbar) C:\Users\Annika\Downloads\FRST64(1).exe
2014-04-29 16:31 - 2014-04-29 16:31 - 02061824 _____ (Farbar) C:\Users\Annika\Downloads\FRST64.exe
2014-04-29 16:21 - 2013-02-27 03:27 - 01151986 _____ () C:\windows\WindowsUpdate.log
2014-04-29 16:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-04-29 15:47 - 2014-04-29 15:47 - 01310621 _____ () C:\Users\Annika\Downloads\adwcleaner.exe
2014-04-29 15:43 - 2014-04-29 15:43 - 00804240 _____ () C:\Users\Annika\Downloads\Setup(1).exe
2014-04-29 15:36 - 2014-04-29 15:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-29 15:36 - 2014-04-29 15:25 - 00003594 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-308811900-1167254852-910680650-1001
2014-04-29 15:34 - 2014-04-29 15:34 - 00001290 _____ () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk
2014-04-29 15:33 - 2014-04-29 15:34 - 00001089 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-04-29 15:33 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-04-29 15:33 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-04-29 15:32 - 2014-04-29 15:32 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-29 15:25 - 2014-04-29 13:14 - 00003500 _____ () C:\windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2014-04-29 15:25 - 2014-04-29 13:14 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2014-04-29 15:23 - 2014-04-29 13:14 - 00000426 _____ () C:\windows\Tasks\ViewPassword Update.job
2014-04-29 15:22 - 2013-02-27 04:40 - 00000000 ____D () C:\ProgramData\WinClon
2014-04-29 15:20 - 2014-04-29 15:20 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-29 15:20 - 2014-04-29 13:14 - 00000416 _____ () C:\windows\Tasks\ViewPassword_wd.job
2014-04-29 14:39 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-29 14:15 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-04-29 13:46 - 2013-02-28 01:59 - 00780976 _____ () C:\windows\system32\perfh010.dat
2014-04-29 13:46 - 2013-02-28 01:59 - 00152608 _____ () C:\windows\system32\perfc010.dat
2014-04-29 13:46 - 2013-02-28 01:49 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-04-29 13:46 - 2013-02-28 01:49 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-04-29 13:46 - 2013-02-28 01:40 - 00790022 _____ () C:\windows\system32\perfh00C.dat
2014-04-29 13:46 - 2013-02-28 01:40 - 00155084 _____ () C:\windows\system32\perfc00C.dat
2014-04-29 13:46 - 2012-07-26 09:28 - 03624158 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-29 13:41 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-29 13:40 - 2013-02-27 04:38 - 00000000 ____D () C:\ProgramData\Norton
2014-04-29 13:40 - 2012-08-05 23:07 - 00706792 _____ () C:\windows\PFRO.log
2014-04-29 13:40 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-04-29 13:39 - 2014-04-29 11:27 - 00000000 ____D () C:\Users\Annika
2014-04-29 13:29 - 2014-04-29 13:20 - 243681088 _____ () C:\Users\Annika\Downloads\kav14.0.0.4651abDE_5154.exe
2014-04-29 13:15 - 2014-04-29 13:15 - 00000000 ____D () C:\Program Files (x86)\IminentToolbar
2014-04-29 13:15 - 2014-04-29 13:14 - 00000000 ____D () C:\Users\Annika\AppData\Local\Genesis
2014-04-29 13:14 - 2014-04-29 13:14 - 00003068 _____ () C:\windows\System32\Tasks\ViewPassword Update
2014-04-29 13:14 - 2014-04-29 13:14 - 00002998 _____ () C:\windows\System32\Tasks\ViewPassword_wd
2014-04-29 13:14 - 2014-04-29 13:14 - 00000000 ____D () C:\Program Files (x86)\ViewPassword_P
2014-04-29 13:12 - 2014-04-29 13:05 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Apple Computer
2014-04-29 13:05 - 2014-04-29 13:05 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-29 13:05 - 2014-04-29 13:05 - 00000000 ____D () C:\Users\Annika\AppData\Local\Apple Computer
2014-04-29 13:05 - 2014-04-29 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-29 13:04 - 2014-04-29 13:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-29 13:04 - 2014-04-29 13:03 - 00000000 ____D () C:\Program Files\iTunes
2014-04-29 13:03 - 2014-04-29 13:03 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-29 13:03 - 2014-04-29 13:03 - 00000000 ____D () C:\Program Files\iPod
2014-04-29 13:03 - 2014-04-29 13:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-29 13:02 - 2014-04-29 13:02 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Users\Annika\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Users\Annika\AppData\Local\Apple
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-29 13:02 - 2014-04-29 13:01 - 00000000 ____D () C:\ProgramData\Apple
2014-04-29 13:01 - 2014-04-29 13:01 - 00000000 ____D () C:\Program Files\Bonjour
2014-04-29 13:01 - 2014-04-29 13:01 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-04-29 12:54 - 2014-04-29 12:54 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-29 12:54 - 2014-04-29 12:54 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-29 12:54 - 2014-04-29 12:54 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Mozilla
2014-04-29 12:54 - 2014-04-29 12:54 - 00000000 ____D () C:\Users\Annika\AppData\Local\Mozilla
2014-04-29 12:54 - 2014-04-29 12:54 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-29 12:54 - 2014-04-29 12:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-29 12:54 - 2014-04-29 12:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-29 12:51 - 2014-04-29 12:51 - 00000000 ____D () C:\Users\Annika\AppData\Local\bitcasa
2014-04-29 12:50 - 2012-07-26 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-29 12:44 - 2014-04-29 12:44 - 00009712 _____ () C:\Users\Annika\Desktop\Entfernte Anwendungen.html
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Synaptics
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Atheros
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Local\Power2Go8
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Local\BMExplorer
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Local\Adobe
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\ProgramData\Synaptics
2014-04-29 12:44 - 2013-02-27 05:55 - 00000000 ____D () C:\ProgramData\Atheros
2014-04-29 12:42 - 2013-02-27 05:43 - 03293656 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-29 11:49 - 2014-04-29 11:49 - 00000000 ____D () C:\Users\Annika\AppData\Local\Samsung
2014-04-29 11:40 - 2013-02-27 03:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-04-29 11:39 - 2014-04-29 11:39 - 00001198 ____H () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Support Center Toasts.lnk
2014-04-29 11:39 - 2014-04-29 11:39 - 00000000 _____ () C:\windows\system32\Drivers\144D_SAMSUNG_na_300E5E_P02R.mrk
2014-04-29 11:37 - 2014-04-29 11:37 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 11:37 - 2014-04-29 11:37 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-29 11:36 - 2014-04-29 11:36 - 00001438 _____ () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-29 11:36 - 2014-04-29 11:36 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Adobe
2014-04-29 11:36 - 2014-02-27 14:26 - 00000000 ____D () C:\Users\Annika\AppData\Local\Packages
2014-04-29 11:36 - 2013-02-28 01:23 - 00000000 ____D () C:\windows\MSetup
2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____D () C:\Program Files\Synaptics
2014-04-29 11:35 - 2014-04-29 11:34 - 00005568 _____ () C:\windows\DPINST.LOG
2014-04-29 11:35 - 2014-04-29 11:34 - 00001362 _____ () C:\windows\Synaptics.log
2014-04-29 11:35 - 2012-07-26 09:21 - 00023612 _____ () C:\windows\setupact.log
2014-04-29 11:32 - 2014-04-29 11:32 - 00000000 ____D () C:\Users\Annika\AppData\Local\VirtualStore
2014-04-29 11:31 - 2014-04-29 11:31 - 00000020 ___SH () C:\Users\Annika\ntuser.ini
2014-04-29 11:31 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2014-04-29 11:31 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-04-29 11:28 - 2014-04-29 11:28 - 00001739 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Vorlagen
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Startmenü
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Netzwerkumgebung
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Lokale Einstellungen
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Eigene Dateien
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Druckumgebung
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Documents\Eigene Musik
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Documents\Eigene Bilder
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\AppData\Local\Verlauf
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\AppData\Local\Anwendungsdaten
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Anwendungsdaten
2014-04-29 11:28 - 2014-04-29 11:27 - 00017148 _____ () C:\windows\diagwrn.xml
2014-04-29 11:28 - 2014-04-29 11:27 - 00017148 _____ () C:\windows\diagerr.xml
2014-04-29 11:28 - 2012-08-06 00:07 - 00000000 ____D () C:\windows\Panther
2014-04-29 11:28 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-29 11:28 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\Recovery
2014-04-29 11:28 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Programme
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-04-29 11:27 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows NT
2014-04-29 09:52 - 2014-03-09 18:56 - 00000000 ___RD () C:\Users\Annika\Dropbox
2014-04-27 13:49 - 2014-04-27 13:49 - 12569408 _____ (IObit) C:\Users\Annika\Downloads\iobituninstaller_3.2.0.128.exe
2014-04-22 20:24 - 2014-04-27 12:37 - 00000426 _____ () C:\AVScanner.ini
2014-04-20 19:18 - 2014-04-20 19:18 - 00000000 ____D () C:\Users\Annika\Documents\CyberLink
2014-03-31 18:49 - 2014-03-01 09:17 - 00040448 _____ () C:\Users\Annika\Desktop\Abrechnung_6.xls

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-08-05 23:07

==================== End Of Log ============================
--- --- ---

--- --- ---
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014
Ran by Annika at 2014-04-29 16:37:07
Running from C:\Users\Annika\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21101 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{4C3C42A4-A4D1-52CA-2298-197CD329C2D7}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.4 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.30 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Support Center (HKLM\...\{25B191F6-A277-478F-90CA-88B76D5A08BD}) (Version: 2.1.70 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{DC4F83F3-CAF0-4347-97A4-D6B43D7E34F0}) (Version: 2.1.7 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{087EB114-ACEF-44D3-8C0A-27AE0CC8A8BB}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
ViewPassword (HKLM-x32\...\40A3780F-0D28-4F2D-2AA4-7FCE3D35EA34) (Version: - ViewPassword-software)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

==================== Restore Points =========================

29-04-2014 10:31:50 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2ED79312-8766-4484-BABA-4CD6C948B524} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {310F4E96-687D-419C-ADDF-A5EEEA92474C} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => Rundll32.exe ResetEng.dll,RjvDelayedCleanupEntryPoint
Task: {320BB859-D78D-47CC-B5C3-6B327E68C26B} - System32\Tasks\ViewPassword_wd => C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIXQNw.exe [2014-04-29] ()
Task: {38300192-872D-4932-B4CF-4B8571387D0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5071709C-98AD-41A6-9451-2A5E26883B79} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\Annika\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe [2014-04-29] (Sien SA)
Task: {5E950256-B043-4CF6-82D2-7F595B318C9D} - System32\Tasks\ViewPassword Update => C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX.exe [2014-04-29] ()
Task: {A6C9121C-BA59-435C-A9C8-772120D07AC6} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {BC88B817-7BCB-4460-8727-BE3538B2FF47} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-02-13] (Samsung Electronics CO., LTD.)
Task: {C041BD1B-A4B8-45A0-9E38-17C4190A626A} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-01-14] (SEC)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DB7630B6-D2BE-4D09-A71E-484552621C68} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
Task: C:\windows\Tasks\ViewPassword Update.job => C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX.exe
Task: C:\windows\Tasks\ViewPassword_wd.job => C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIXQNw.exe

==================== Loaded Modules (whitelisted) =============

2012-11-30 09:26 - 2012-11-30 09:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-04-29 13:14 - 2014-04-29 13:14 - 00077312 _____ () C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIXQNw.exe
2014-04-29 13:14 - 2014-04-29 13:14 - 00142848 _____ () C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.exe
2013-01-03 02:50 - 2012-11-01 07:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-31 13:57 - 2012-10-31 13:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-10-31 13:52 - 2012-10-31 13:52 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-10-31 13:55 - 2012-10-31 13:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-10-31 13:57 - 2012-10-31 13:57 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2012-11-06 18:08 - 2012-11-06 18:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-13 07:16 - 2013-02-13 07:16 - 00022528 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2012-07-24 05:06 - 2012-07-24 05:06 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-27 04:24 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-04-29 13:14 - 2014-04-29 13:14 - 00133120 _____ () C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-02-27 04:36 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 04:34 - 2012-06-08 04:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2011-08-15 13:12 - 2011-08-15 13:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2012-06-14 04:57 - 2012-06-14 04:57 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 13:12 - 2011-08-15 13:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-15 13:15 - 2011-08-15 13:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 09:41 - 2011-08-17 09:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 09:48 - 2011-08-17 09:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-17 09:48 - 2011-08-17 09:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 12:23 - 2011-08-15 12:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2012-06-14 04:56 - 2012-06-14 04:56 - 00481792 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-06-14 05:06 - 2012-06-14 05:06 - 00500064 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-06-14 04:55 - 2012-06-14 04:55 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 09:05 - 2011-07-19 09:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 13:17 - 2011-08-15 13:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 09:04 - 2011-07-19 09:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2014-04-29 12:53 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2014 01:04:34 PM) (Source: MsiInstaller) (User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.

Error: (04/29/2014 01:04:32 PM) (Source: MsiInstaller) (User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.

Error: (04/29/2014 01:04:31 PM) (Source: MsiInstaller) (User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.

Error: (04/29/2014 00:30:41 PM) (Source: Application Hang) (User: )
Description: Programm SystemSettings.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1348

Startzeit: 01cf6396020b1a04

Endzeit: 15

Anwendungspfad: C:\windows\ImmersiveControlPanel\SystemSettings.exe

Berichts-ID: 4a0bd8cc-cf89-11e3-be8f-1867b056fcbd

Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.windows.immersivecontrolpanel

Error: (04/29/2014 00:25:25 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005


System errors:
=============
Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}


Microsoft Office Sessions:
=========================
Error: (04/29/2014 01:04:34 PM) (Source: MsiInstaller)(User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/29/2014 01:04:32 PM) (Source: MsiInstaller)(User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/29/2014 01:04:31 PM) (Source: MsiInstaller)(User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/29/2014 00:30:41 PM) (Source: Application Hang)(User: )
Description: SystemSettings.exe6.2.9200.16420134801cf6396020b1a0415C:\windows\ImmersiveControlPanel\SystemSettings.exe4a0bd8cc-cf89-11e3-be8f-1867b056fcbdwindows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (04/29/2014 00:25:25 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005


==================== Memory info ===========================

Percentage of memory in use: 66%
Total physical RAM: 3797.53 MB
Available physical RAM: 1253.5 MB
Total Pagefile: 7253.53 MB
Available Pagefile: 4162.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.3 GB) (Free:335.66 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================


Alt 29.04.2014, 15:48   #6
M-K-D-B
/// TB-Ausbilder
 
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung - Standard

Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung


Lauter Adware... ziemlich lästig, aber nicht gefährlich.


Wir beginnen erst mal so:



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen können.
  • Starte die zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und sollte nicht 1:1 auf andere Computer übernommen werden.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    FFdefaults;
CHRdefaults;
iedefaults;
emptyclsid;
autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)





Schritt 4
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden zwei Logdateien erzeugt. Poste mir diese.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek,
  • die beiden neuen Logdateien von FRST.
Alt 29.04.2014, 15:52   #7
Äbb<
 
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung - Standard

Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung


okay! nicht gefährlich ist gut. aber wie bekommt man sowas? Habe ich etwas falscher heruntergeladen?

Alt 29.04.2014, 15:57   #8
M-K-D-B
/// TB-Ausbilder
 
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung - Standard

Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung


Zitat:
Zitat von Äbb< Beitrag anzeigen
okay! nicht gefährlich ist gut. aber wie bekommt man sowas? Habe ich etwas falscher heruntergeladen?
gut möglich, könnte beim Installieren anderer Software mitgekommen sein.

Einfach mal die geposteten Schritte ausführen und die Logdateien posten, dann sehen wir weiter.

Alt 29.04.2014, 18:05   #9
Äbb<
 
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung - Standard

Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung


AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.205 - Bericht erstellt am 29/04/2014 um 16:55:18
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Annika - ANNIS
# Gestartet von : C:\Users\Annika\Downloads\adwcleaner(1).exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : ViewPassword

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\IminentToolbar
Ordner Gelöscht : C:\Users\Annika\AppData\Local\Genesis
Ordner Gelöscht : C:\Users\Annika\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
Datei Gelöscht : C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default\invalidprefs.js
Datei Gelöscht : C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default\searchplugins\iminent.xml
Datei Gelöscht : C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default\user.js
Datei Gelöscht : C:\windows\Tasks\ViewPassword Update.job
Datei Gelöscht : C:\windows\System32\Tasks\ViewPassword Update
Datei Gelöscht : C:\windows\Tasks\ViewPassword_wd.job
Datei Gelöscht : C:\windows\System32\Tasks\ViewPassword_wd

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ViewPassword
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\genesis
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Iminent

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16453


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.iminent.admin", false);
Zeile gelöscht : user_pref("extensions.iminent.aflt", "orgnl");
Zeile gelöscht : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Zeile gelöscht : user_pref("extensions.iminent.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.iminent.dfltLng", "");
Zeile gelöscht : user_pref("extensions.iminent.excTlbr", false);
Zeile gelöscht : user_pref("extensions.iminent.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.iminent.id", "687927e40000000000001a67b056fcbc");
Zeile gelöscht : user_pref("extensions.iminent.instlDay", "16189");
Zeile gelöscht : user_pref("extensions.iminent.instlRef", "");
Zeile gelöscht : user_pref("extensions.iminent.newTab", false);
Zeile gelöscht : user_pref("extensions.iminent.prdct", "iminent");
Zeile gelöscht : user_pref("extensions.iminent.prtnrId", "iminent");
Zeile gelöscht : user_pref("extensions.iminent.rvrt", "false");
Zeile gelöscht : user_pref("extensions.iminent.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Zeile gelöscht : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Zeile gelöscht : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Zeile gelöscht : user_pref("extensions.iminent.vrsnTs", "1.8.28.313:15:17");
Zeile gelöscht : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Zeile gelöscht : user_pref("iminent.adapters", "{\"de.iminent.com\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.228,\"expireTime\":\"139877013478[...]
Zeile gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.iminentjs.info/imitin/javascript.js\",\"queryS[...]

*************************

AdwCleaner[R0].txt - [4385 octets] - [29/04/2014 16:54:17]
AdwCleaner[S0].txt - [4252 octets] - [29/04/2014 16:55:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4312 octets] ##########
--- --- ---


Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 29.04.2014
Suchlauf-Zeit: 18:29:53
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.1.1004
Malware Datenbank: v2014.04.29.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Annika

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 291748
Verstrichene Zeit: 42 Min, 48 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.ViewPassword.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\40A3780F-0D28-4F2D-2AA4-7FCE3D35EA34, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2],

Registrierungswerte: 1
PUP.Optional.ViewPassword.A, HKU\S-1-5-21-308811900-1167254852-910680650-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{24BB16A8-DF60-43FA-FE7D-AB1DFA4BCEF1}, C:\Program Files (x86)\ViewPassword_P\161.xpi, In Quarantäne, [74a3b67ad6a577bf751eee849b67e719]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2],

Dateien: 15
PUP.Optional.Iminent.A, C:\Users\Annika\AppData\Local\Temp\n582\Iminent_1712-b2fcad5e.exe, In Quarantäne, [9681fa3680fb7cbacbbf4cf4db2659a7],
PUP.Optional.Rapiddown, C:\Users\Annika\AppData\Local\Temp\n582\s582.exe, In Quarantäne, [e532a090bac137ff9e63b7a7df22c838],
PUP.Optional.BundleInstaller.A, C:\Users\Annika\Downloads\Dropbox.exe, In Quarantäne, [9c7b38f87ffcca6ca96c59e138c8f907],
PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\161.dat, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2],
PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\161.xpi, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2],
PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\a.db, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2],
PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\b.db, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2],
PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\Sqlite3.dll, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2],
PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\Uninstall.exe, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2],
PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX.exe, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2],
PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.bin, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2],
PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.dll, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2],
PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.exe, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2],
PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIX161.ini, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2],
PUP.Optional.ViewPassword.A, C:\Program Files (x86)\ViewPassword_P\ViewPasswordFIXQNw.exe, In Quarantäne, [ad6ac66aaecd1d192939343e3fc34eb2],

Physische Sektoren: 0
(No malicious items detected)


(end)

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Annika on 29.04.2014 at 18:38:35,07.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Annika\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29.04.2014 18:40:30 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully
HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully
HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully
HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully
HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.de/");
user_pref("browser.search.selectedEngine", "StartWeb");

Added to C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~3\MakeMarkerFile.exe deleted
"C:\PROGRA~3\boost_interprocess\Nobu64AgentService" deleted
"C:\PROGRA~3\boost_interprocess\Nobu64TrayIcon" deleted
"C:\PROGRA~3\boost_interprocess" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"content_blocker@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com" [29.04.2014 15:32]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx[17.10.2013 15:49]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx[17.10.2013 15:50]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx[17.10.2013 15:49]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.msn.com/?ocid=iehp"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.msn.com/?ocid=iehp"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{683F4EE4-FC8F-4319-B99B-CB0B360A92AF} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Internet Explorer\SearchScopes\{683F4EE4-FC8F-4319-B99B-CB0B360A92AF} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Annika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Annika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Annika\AppData\Local\Mozilla\Firefox\Profiles\45evv89m.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4 folders=1 2106474 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Annika\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Annika\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\boost_interprocess" not found

==== EOF on 29.04.2014 at 18:58:17,46 ======================

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Annika on 29.04.2014 at 18:38:35,07.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Annika\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29.04.2014 18:40:30 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully
HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully
HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully
HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully
HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.de/");
user_pref("browser.search.selectedEngine", "StartWeb");

Added to C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~3\MakeMarkerFile.exe deleted
"C:\PROGRA~3\boost_interprocess\Nobu64AgentService" deleted
"C:\PROGRA~3\boost_interprocess\Nobu64TrayIcon" deleted
"C:\PROGRA~3\boost_interprocess" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"content_blocker@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com" [29.04.2014 15:32]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx[17.10.2013 15:49]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx[17.10.2013 15:50]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx[17.10.2013 15:49]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.msn.com/?ocid=iehp"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.msn.com/?ocid=iehp"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{683F4EE4-FC8F-4319-B99B-CB0B360A92AF} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-308811900-1167254852-910680650-1001\Software\Microsoft\Internet Explorer\SearchScopes\{683F4EE4-FC8F-4319-B99B-CB0B360A92AF} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Annika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Annika\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Annika\AppData\Local\Mozilla\Firefox\Profiles\45evv89m.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4 folders=1 2106474 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Annika\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Annika\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\boost_interprocess" not found

==== EOF on 29.04.2014 at 18:58:17,46 ======================

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
Ran by Annika (administrator) on ANNIS on 29-04-2014 19:02:58
Running from C:\Users\Annika\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Atheros Communications)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-10-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKLM - DefaultScope {683F4EE4-FC8F-4319-B99B-CB0B360A92AF} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Annika\AppData\Roaming\Mozilla\Firefox\Profiles\45evv89m.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-04-29]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-25] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-17] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2013-10-17] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178784 2013-06-06] (Kaspersky Lab ZAO)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-29 21:25 - 2014-04-29 21:25 - 00262144 _____ () C:\windows\system32\config\userdiff
2014-04-29 21:25 - 2014-04-29 18:53 - 00000000 ____D () C:\Windows.old
2014-04-29 18:58 - 2014-04-29 18:58 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-29 18:58 - 2014-04-29 18:58 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-29 18:49 - 2014-04-29 18:38 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-04-29 18:40 - 2014-04-29 18:58 - 00007550 _____ () C:\zoek-results.log
2014-04-29 18:38 - 2014-04-29 18:47 - 00000000 ____D () C:\zoek_backup
2014-04-29 18:37 - 2014-04-29 18:37 - 01285120 _____ () C:\Users\Annika\Downloads\zoek.exe
2014-04-29 18:35 - 2014-04-29 18:35 - 00003651 _____ () C:\Users\Annika\Desktop\mbam.txt
2014-04-29 17:45 - 2014-04-29 18:34 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 17:44 - 2014-04-29 17:44 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-29 17:44 - 2014-04-29 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 17:44 - 2014-04-29 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 17:44 - 2014-04-29 17:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 17:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-29 17:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-29 17:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-29 17:43 - 2014-04-29 17:44 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Annika\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-29 16:53 - 2014-04-29 16:55 - 00000000 ____D () C:\AdwCleaner
2014-04-29 16:52 - 2014-04-29 16:52 - 01310621 _____ () C:\Users\Annika\Downloads\adwcleaner(2).exe
2014-04-29 16:51 - 2014-04-29 16:51 - 01310621 _____ () C:\Users\Annika\Downloads\adwcleaner(1).exe
2014-04-29 16:37 - 2014-04-29 16:39 - 00026037 _____ () C:\Users\Annika\Downloads\Addition.txt
2014-04-29 16:35 - 2014-04-29 19:03 - 00014436 _____ () C:\Users\Annika\Downloads\FRST.txt
2014-04-29 16:34 - 2014-04-29 19:02 - 00000000 ____D () C:\FRST
2014-04-29 16:33 - 2014-04-29 16:33 - 02061824 _____ (Farbar) C:\Users\Annika\Downloads\FRST64(1).exe
2014-04-29 16:31 - 2014-04-29 16:31 - 02061824 _____ (Farbar) C:\Users\Annika\Downloads\FRST64.exe
2014-04-29 15:47 - 2014-04-29 15:47 - 01310621 _____ () C:\Users\Annika\Downloads\adwcleaner.exe
2014-04-29 15:43 - 2014-04-29 15:43 - 00804240 _____ () C:\Users\Annika\Downloads\Setup(1).exe
2014-04-29 15:34 - 2014-04-29 15:34 - 00001290 _____ () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk
2014-04-29 15:34 - 2014-04-29 15:33 - 00001089 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-04-29 15:33 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2014-04-29 15:32 - 2014-04-29 18:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-29 15:32 - 2014-04-29 15:32 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-29 15:32 - 2013-10-17 15:47 - 00624224 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2014-04-29 15:32 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2014-04-29 15:25 - 2014-04-29 18:04 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-308811900-1167254852-910680650-1001
2014-04-29 13:20 - 2014-04-29 13:29 - 243681088 _____ () C:\Users\Annika\Downloads\kav14.0.0.4651abDE_5154.exe
2014-04-29 13:14 - 2014-04-29 15:25 - 00003500 _____ () C:\windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2014-04-29 13:05 - 2014-04-29 13:12 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Apple Computer
2014-04-29 13:05 - 2014-04-29 13:05 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-29 13:05 - 2014-04-29 13:05 - 00000000 ____D () C:\Users\Annika\AppData\Local\Apple Computer
2014-04-29 13:05 - 2014-04-29 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-29 13:04 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2014-04-29 13:03 - 2014-04-29 13:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-29 13:03 - 2014-04-29 13:04 - 00000000 ____D () C:\Program Files\iTunes
2014-04-29 13:03 - 2014-04-29 13:03 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-29 13:03 - 2014-04-29 13:03 - 00000000 ____D () C:\Program Files\iPod
2014-04-29 13:03 - 2014-04-29 13:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-29 13:02 - 2014-04-29 13:02 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Users\Annika\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Users\Annika\AppData\Local\Apple
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-29 13:01 - 2014-04-29 13:02 - 00000000 ____D () C:\ProgramData\Apple
2014-04-29 13:01 - 2014-04-29 13:01 - 00000000 ____D () C:\Program Files\Bonjour
2014-04-29 13:01 - 2014-04-29 13:01 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-04-29 12:54 - 2014-04-29 12:54 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-29 12:54 - 2014-04-29 12:54 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-29 12:54 - 2014-04-29 12:54 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Mozilla
2014-04-29 12:54 - 2014-04-29 12:54 - 00000000 ____D () C:\Users\Annika\AppData\Local\Mozilla
2014-04-29 12:54 - 2014-04-29 12:54 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-29 12:53 - 2014-04-29 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-29 12:53 - 2014-04-29 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-29 12:51 - 2014-04-29 12:51 - 00000000 ____D () C:\Users\Annika\AppData\Local\bitcasa
2014-04-29 12:44 - 2014-04-29 12:44 - 00009712 _____ () C:\Users\Annika\Desktop\Entfernte Anwendungen.html
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Synaptics
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Atheros
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Local\Power2Go8
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Local\BMExplorer
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Local\Adobe
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\ProgramData\Synaptics
2014-04-29 11:49 - 2014-04-29 11:49 - 00000000 ____D () C:\Users\Annika\AppData\Local\Samsung
2014-04-29 11:43 - 2012-12-20 13:41 - 143198702 _____ () C:\windows\[0407]SamsungStory01_ger.scr
2014-04-29 11:39 - 2014-04-29 11:39 - 00001198 ____H () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Support Center Toasts.lnk
2014-04-29 11:39 - 2014-04-29 11:39 - 00000000 _____ () C:\windows\system32\Drivers\144D_SAMSUNG_na_300E5E_P02R.mrk
2014-04-29 11:37 - 2014-04-29 11:37 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 11:37 - 2014-04-29 11:37 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-29 11:36 - 2014-04-29 11:36 - 00001438 _____ () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-29 11:36 - 2014-04-29 11:36 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Adobe
2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____D () C:\Program Files\Synaptics
2014-04-29 11:34 - 2014-04-29 11:35 - 00005568 _____ () C:\windows\DPINST.LOG
2014-04-29 11:34 - 2014-04-29 11:35 - 00001362 _____ () C:\windows\Synaptics.log
2014-04-29 11:32 - 2014-04-29 11:32 - 00000000 ____D () C:\Users\Annika\AppData\Local\VirtualStore
2014-04-29 11:31 - 2014-04-29 11:31 - 00000020 ___SH () C:\Users\Annika\ntuser.ini
2014-04-29 11:28 - 2014-04-29 11:28 - 00001739 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Vorlagen
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Startmenü
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Netzwerkumgebung
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Lokale Einstellungen
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Eigene Dateien
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Druckumgebung
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Documents\Eigene Musik
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Documents\Eigene Bilder
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\AppData\Local\Verlauf
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\AppData\Local\Anwendungsdaten
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Anwendungsdaten
2014-04-29 11:28 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-29 11:28 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-29 11:28 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-04-29 11:28 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-29 11:27 - 2014-04-29 13:39 - 00000000 ____D () C:\Users\Annika
2014-04-29 11:27 - 2014-04-29 11:28 - 00017148 _____ () C:\windows\diagwrn.xml
2014-04-29 11:27 - 2014-04-29 11:28 - 00017148 _____ () C:\windows\diagerr.xml
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Programme
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-04-29 09:50 - 2014-04-29 18:53 - 00000000 ___HD () C:\$SysReset
2014-04-27 13:49 - 2014-04-27 13:49 - 12569408 _____ (IObit) C:\Users\Annika\Downloads\iobituninstaller_3.2.0.128.exe
2014-04-27 12:37 - 2014-04-22 20:24 - 00000426 _____ () C:\AVScanner.ini
2014-04-20 19:18 - 2014-04-20 19:18 - 00000000 ____D () C:\Users\Annika\Documents\CyberLink

==================== One Month Modified Files and Folders =======

2014-04-29 21:25 - 2014-04-29 21:25 - 00262144 _____ () C:\windows\system32\config\userdiff
2014-04-29 21:25 - 2012-07-26 10:13 - 00262144 _____ () C:\windows\system32\config\BCD-Template
2014-04-29 19:03 - 2014-04-29 16:35 - 00014436 _____ () C:\Users\Annika\Downloads\FRST.txt
2014-04-29 19:02 - 2014-04-29 16:34 - 00000000 ____D () C:\FRST
2014-04-29 19:02 - 2013-02-28 01:49 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-04-29 19:02 - 2013-02-28 01:49 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-04-29 19:02 - 2012-07-26 09:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-29 19:01 - 2013-02-27 04:40 - 00000000 ____D () C:\ProgramData\WinClon
2014-04-29 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-04-29 18:58 - 2014-04-29 18:58 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-29 18:58 - 2014-04-29 18:58 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-04-29 18:58 - 2014-04-29 18:40 - 00007550 _____ () C:\zoek-results.log
2014-04-29 18:58 - 2014-04-29 15:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-29 18:57 - 2012-08-05 23:07 - 00714018 _____ () C:\windows\PFRO.log
2014-04-29 18:57 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-29 18:53 - 2014-04-29 21:25 - 00000000 ____D () C:\Windows.old
2014-04-29 18:53 - 2014-04-29 09:50 - 00000000 ___HD () C:\$SysReset
2014-04-29 18:47 - 2014-04-29 18:38 - 00000000 ____D () C:\zoek_backup
2014-04-29 18:38 - 2014-04-29 18:49 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-04-29 18:37 - 2014-04-29 18:37 - 01285120 _____ () C:\Users\Annika\Downloads\zoek.exe
2014-04-29 18:37 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-04-29 18:35 - 2014-04-29 18:35 - 00003651 _____ () C:\Users\Annika\Desktop\mbam.txt
2014-04-29 18:34 - 2014-04-29 17:45 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 18:04 - 2014-04-29 15:25 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-308811900-1167254852-910680650-1001
2014-04-29 17:44 - 2014-04-29 17:44 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-29 17:44 - 2014-04-29 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-29 17:44 - 2014-04-29 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 17:44 - 2014-04-29 17:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-29 17:44 - 2014-04-29 17:43 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Annika\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-29 17:28 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-04-29 17:22 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-04-29 17:22 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-04-29 17:22 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-29 17:22 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-04-29 17:22 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-29 17:22 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-29 17:21 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\migwiz
2014-04-29 17:21 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\winrm
2014-04-29 17:21 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\SysWOW64\oobe
2014-04-29 17:20 - 2013-02-28 01:40 - 00000000 ____D () C:\windows\SysWOW64\XPSViewer
2014-04-29 17:20 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2014-04-29 17:20 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-04-29 17:20 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\Com
2014-04-29 17:20 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\migwiz
2014-04-29 17:20 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\WCN
2014-04-29 17:20 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\sysprep
2014-04-29 17:20 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\slmgr
2014-04-29 17:20 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\Printing_Admin_Scripts
2014-04-29 17:20 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\system32\winrm
2014-04-29 17:20 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-04-29 17:17 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\system32\slmgr
2014-04-29 17:17 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\system32\Sysprep
2014-04-29 17:17 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\system32\oobe
2014-04-29 17:16 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\system32\WCN
2014-04-29 17:16 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\system32\Dism
2014-04-29 17:15 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\SystemResetPlatform
2014-04-29 17:15 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\Com
2014-04-29 17:15 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2014-04-29 17:04 - 2013-02-28 02:05 - 00000000 ____D () C:\windows\en-GB
2014-04-29 17:04 - 2013-02-27 03:27 - 01153488 _____ () C:\windows\WindowsUpdate.log
2014-04-29 17:04 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\en-GB
2014-04-29 17:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-29 17:03 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\en-GB
2014-04-29 17:03 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-29 16:59 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\MUI
2014-04-29 16:55 - 2014-04-29 16:53 - 00000000 ____D () C:\AdwCleaner
2014-04-29 16:52 - 2014-04-29 16:52 - 01310621 _____ () C:\Users\Annika\Downloads\adwcleaner(2).exe
2014-04-29 16:51 - 2014-04-29 16:51 - 01310621 _____ () C:\Users\Annika\Downloads\adwcleaner(1).exe
2014-04-29 16:39 - 2014-04-29 16:37 - 00026037 _____ () C:\Users\Annika\Downloads\Addition.txt
2014-04-29 16:33 - 2014-04-29 16:33 - 02061824 _____ (Farbar) C:\Users\Annika\Downloads\FRST64(1).exe
2014-04-29 16:31 - 2014-04-29 16:31 - 02061824 _____ (Farbar) C:\Users\Annika\Downloads\FRST64.exe
2014-04-29 15:47 - 2014-04-29 15:47 - 01310621 _____ () C:\Users\Annika\Downloads\adwcleaner.exe
2014-04-29 15:43 - 2014-04-29 15:43 - 00804240 _____ () C:\Users\Annika\Downloads\Setup(1).exe
2014-04-29 15:34 - 2014-04-29 15:34 - 00001290 _____ () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk
2014-04-29 15:33 - 2014-04-29 15:34 - 00001089 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-04-29 15:33 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-04-29 15:33 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-04-29 15:32 - 2014-04-29 15:32 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-29 15:25 - 2014-04-29 13:14 - 00003500 _____ () C:\windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2014-04-29 14:39 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-29 13:40 - 2013-02-27 04:38 - 00000000 ____D () C:\ProgramData\Norton
2014-04-29 13:39 - 2014-04-29 11:27 - 00000000 ____D () C:\Users\Annika
2014-04-29 13:29 - 2014-04-29 13:20 - 243681088 _____ () C:\Users\Annika\Downloads\kav14.0.0.4651abDE_5154.exe
2014-04-29 13:12 - 2014-04-29 13:05 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Apple Computer
2014-04-29 13:05 - 2014-04-29 13:05 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-29 13:05 - 2014-04-29 13:05 - 00000000 ____D () C:\Users\Annika\AppData\Local\Apple Computer
2014-04-29 13:05 - 2014-04-29 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-29 13:04 - 2014-04-29 13:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-29 13:04 - 2014-04-29 13:03 - 00000000 ____D () C:\Program Files\iTunes
2014-04-29 13:03 - 2014-04-29 13:03 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-29 13:03 - 2014-04-29 13:03 - 00000000 ____D () C:\Program Files\iPod
2014-04-29 13:03 - 2014-04-29 13:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-29 13:02 - 2014-04-29 13:02 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Users\Annika\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Users\Annika\AppData\Local\Apple
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-29 13:02 - 2014-04-29 13:02 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-29 13:02 - 2014-04-29 13:01 - 00000000 ____D () C:\ProgramData\Apple
2014-04-29 13:01 - 2014-04-29 13:01 - 00000000 ____D () C:\Program Files\Bonjour
2014-04-29 13:01 - 2014-04-29 13:01 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-04-29 12:54 - 2014-04-29 12:54 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-29 12:54 - 2014-04-29 12:54 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-29 12:54 - 2014-04-29 12:54 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Mozilla
2014-04-29 12:54 - 2014-04-29 12:54 - 00000000 ____D () C:\Users\Annika\AppData\Local\Mozilla
2014-04-29 12:54 - 2014-04-29 12:54 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-29 12:54 - 2014-04-29 12:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-29 12:54 - 2014-04-29 12:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-29 12:51 - 2014-04-29 12:51 - 00000000 ____D () C:\Users\Annika\AppData\Local\bitcasa
2014-04-29 12:50 - 2012-07-26 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-29 12:44 - 2014-04-29 12:44 - 00009712 _____ () C:\Users\Annika\Desktop\Entfernte Anwendungen.html
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Synaptics
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Atheros
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Local\Power2Go8
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Local\BMExplorer
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\Users\Annika\AppData\Local\Adobe
2014-04-29 12:44 - 2014-04-29 12:44 - 00000000 ____D () C:\ProgramData\Synaptics
2014-04-29 12:44 - 2013-02-27 05:55 - 00000000 ____D () C:\ProgramData\Atheros
2014-04-29 12:42 - 2013-02-27 05:43 - 03293656 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-29 11:49 - 2014-04-29 11:49 - 00000000 ____D () C:\Users\Annika\AppData\Local\Samsung
2014-04-29 11:40 - 2013-02-27 03:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-04-29 11:39 - 2014-04-29 11:39 - 00001198 ____H () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Support Center Toasts.lnk
2014-04-29 11:39 - 2014-04-29 11:39 - 00000000 _____ () C:\windows\system32\Drivers\144D_SAMSUNG_na_300E5E_P02R.mrk
2014-04-29 11:37 - 2014-04-29 11:37 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 11:37 - 2014-04-29 11:37 - 00000000 ___RD () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-29 11:36 - 2014-04-29 11:36 - 00001438 _____ () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-29 11:36 - 2014-04-29 11:36 - 00000000 ____D () C:\Users\Annika\AppData\Roaming\Adobe
2014-04-29 11:36 - 2014-02-27 14:26 - 00000000 ____D () C:\Users\Annika\AppData\Local\Packages
2014-04-29 11:36 - 2013-02-28 01:23 - 00000000 ____D () C:\windows\MSetup
2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-04-29 11:35 - 2014-04-29 11:35 - 00000000 ____D () C:\Program Files\Synaptics
2014-04-29 11:35 - 2014-04-29 11:34 - 00005568 _____ () C:\windows\DPINST.LOG
2014-04-29 11:35 - 2014-04-29 11:34 - 00001362 _____ () C:\windows\Synaptics.log
2014-04-29 11:35 - 2012-07-26 09:21 - 00023612 _____ () C:\windows\setupact.log
2014-04-29 11:32 - 2014-04-29 11:32 - 00000000 ____D () C:\Users\Annika\AppData\Local\VirtualStore
2014-04-29 11:31 - 2014-04-29 11:31 - 00000020 ___SH () C:\Users\Annika\ntuser.ini
2014-04-29 11:28 - 2014-04-29 11:28 - 00001739 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Vorlagen
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Startmenü
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Netzwerkumgebung
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Lokale Einstellungen
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Eigene Dateien
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Druckumgebung
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Documents\Eigene Musik
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Documents\Eigene Bilder
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\AppData\Local\Verlauf
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\AppData\Local\Anwendungsdaten
2014-04-29 11:28 - 2014-04-29 11:28 - 00000000 _SHDL () C:\Users\Annika\Anwendungsdaten
2014-04-29 11:28 - 2014-04-29 11:27 - 00017148 _____ () C:\windows\diagwrn.xml
2014-04-29 11:28 - 2014-04-29 11:27 - 00017148 _____ () C:\windows\diagerr.xml
2014-04-29 11:28 - 2012-08-06 00:07 - 00000000 ____D () C:\windows\Panther
2014-04-29 11:28 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-29 11:28 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\Recovery
2014-04-29 11:28 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Programme
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-04-29 11:27 - 2014-04-29 11:27 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-04-29 11:27 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows NT
2014-04-29 09:52 - 2014-03-09 18:56 - 00000000 ___RD () C:\Users\Annika\Dropbox
2014-04-27 13:49 - 2014-04-27 13:49 - 12569408 _____ (IObit) C:\Users\Annika\Downloads\iobituninstaller_3.2.0.128.exe
2014-04-22 20:24 - 2014-04-27 12:37 - 00000426 _____ () C:\AVScanner.ini
2014-04-20 19:18 - 2014-04-20 19:18 - 00000000 ____D () C:\Users\Annika\Documents\CyberLink
2014-04-03 09:51 - 2014-04-29 17:44 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-29 17:44 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-29 17:44 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-31 18:49 - 2014-03-01 09:17 - 00040448 _____ () C:\Users\Annika\Desktop\Abrechnung_6.xls

Files to move or delete:
====================
C:\Users\EasySurvey\EasySurvey.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-08-05 23:07

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014
Ran by Annika at 2014-04-29 19:03:27
Running from C:\Users\Annika\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Anti-Virus (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21101 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{4C3C42A4-A4D1-52CA-2298-197CD329C2D7}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1101.0107.126 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1101.108.126 - Advanced Micro Devices, Inc.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.4 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.30 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Support Center (HKLM\...\{25B191F6-A277-478F-90CA-88B76D5A08BD}) (Version: 2.1.70 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{DC4F83F3-CAF0-4347-97A4-D6B43D7E34F0}) (Version: 2.1.7 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{087EB114-ACEF-44D3-8C0A-27AE0CC8A8BB}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

29-04-2014 10:31:50 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2ED79312-8766-4484-BABA-4CD6C948B524} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {310F4E96-687D-419C-ADDF-A5EEEA92474C} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => Rundll32.exe ResetEng.dll,RjvDelayedCleanupEntryPoint
Task: {320BB859-D78D-47CC-B5C3-6B327E68C26B} - \ViewPassword_wd No Task File <==== ATTENTION
Task: {38300192-872D-4932-B4CF-4B8571387D0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5071709C-98AD-41A6-9451-2A5E26883B79} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\Annika\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe
Task: {5E950256-B043-4CF6-82D2-7F595B318C9D} - \ViewPassword Update No Task File <==== ATTENTION
Task: {A6C9121C-BA59-435C-A9C8-772120D07AC6} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {BC88B817-7BCB-4460-8727-BE3538B2FF47} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-02-13] (Samsung Electronics CO., LTD.)
Task: {C041BD1B-A4B8-45A0-9E38-17C4190A626A} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-01-14] (SEC)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DB7630B6-D2BE-4D09-A71E-484552621C68} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup

==================== Loaded Modules (whitelisted) =============

2012-11-30 09:26 - 2012-11-30 09:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-01-03 02:50 - 2012-11-01 07:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-31 13:57 - 2012-10-31 13:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-10-31 13:52 - 2012-10-31 13:52 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-10-31 13:55 - 2012-10-31 13:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-11-06 18:08 - 2012-11-06 18:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-31 13:57 - 2012-10-31 13:57 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-02-13 07:16 - 2013-02-13 07:16 - 00022528 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-11-30 09:26 - 2012-11-30 09:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-02-27 04:36 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 04:34 - 2012-06-08 04:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-04-29 12:53 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-02-27 04:24 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2014 01:04:34 PM) (Source: MsiInstaller) (User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.

Error: (04/29/2014 01:04:32 PM) (Source: MsiInstaller) (User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.

Error: (04/29/2014 01:04:31 PM) (Source: MsiInstaller) (User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.

Error: (04/29/2014 00:30:41 PM) (Source: Application Hang) (User: )
Description: Programm SystemSettings.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1348

Startzeit: 01cf6396020b1a04

Endzeit: 15

Anwendungspfad: C:\windows\ImmersiveControlPanel\SystemSettings.exe

Berichts-ID: 4a0bd8cc-cf89-11e3-be8f-1867b056fcbd

Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.windows.immersivecontrolpanel

Error: (04/29/2014 00:25:25 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005


System errors:
=============
Error: (04/29/2014 06:47:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/29/2014 06:47:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/29/2014 06:47:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/29/2014 06:47:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/29/2014 06:47:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/29/2014 05:32:11 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005

Error: (04/29/2014 05:32:11 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (04/29/2014 05:03:43 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}TrustedInstaller

Error: (04/29/2014 04:56:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (04/29/2014 01:39:50 PM) (Source: DCOM) (User: ANNIS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}


Microsoft Office Sessions:
=========================
Error: (04/29/2014 01:04:34 PM) (Source: MsiInstaller)(User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/29/2014 01:04:32 PM) (Source: MsiInstaller)(User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/29/2014 01:04:31 PM) (Source: MsiInstaller)(User: ANNIS)
Description: Produkt: OpenOffice 4.0.1 -- Fehler 1500.Eine andere Installation wird durchgeführt. Sie müssen diese Installation abschließen, bevor Sie diese fortsetzen.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/29/2014 00:30:41 PM) (Source: Application Hang)(User: )
Description: SystemSettings.exe6.2.9200.16420134801cf6396020b1a0415C:\windows\ImmersiveControlPanel\SystemSettings.exe4a0bd8cc-cf89-11e3-be8f-1867b056fcbdwindows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (04/29/2014 00:25:25 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 3797.53 MB
Available physical RAM: 2487.12 MB
Total Pagefile: 7253.53 MB
Available Pagefile: 5668.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.3 GB) (Free:351.48 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
--- --- ---

Alt 29.04.2014, 19:33   #10
M-K-D-B
/// TB-Ausbilder
 
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung - Standard

Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung


Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
C:\windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
Task: {320BB859-D78D-47CC-B5C3-6B327E68C26B} - \ViewPassword_wd No Task File <==== ATTENTION
Task: {5071709C-98AD-41A6-9451-2A5E26883B79} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\Annika\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe
Task: {5E950256-B043-4CF6-82D2-7F595B318C9D} - \ViewPassword Update No Task File <==== ATTENTION
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
Alt 30.04.2014, 19:12   #11
Äbb<
 
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung - Standard

Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2014
Ran by Annika at 2014-04-30 18:40:09 Run:1
Running from C:\Users\Annika\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
C:\windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
Task: {320BB859-D78D-47CC-B5C3-6B327E68C26B} - \ViewPassword_wd No Task File <==== ATTENTION
Task: {5071709C-98AD-41A6-9451-2A5E26883B79} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\Annika\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe
Task: {5E950256-B043-4CF6-82D2-7F595B318C9D} - \ViewPassword Update No Task File <==== ATTENTION
end

*****************

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DatamngrCoordinator.exe => Key deleted successfully.
C:\windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{320BB859-D78D-47CC-B5C3-6B327E68C26B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{320BB859-D78D-47CC-B5C3-6B327E68C26B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ViewPassword_wd => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5071709C-98AD-41A6-9451-2A5E26883B79} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5071709C-98AD-41A6-9451-2A5E26883B79} => Key deleted successfully.
C:\Windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E950256-B043-4CF6-82D2-7F595B318C9D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E950256-B043-4CF6-82D2-7F595B318C9D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ViewPassword Update => Key deleted successfully.

==== End of Fixlog ====

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a3015a150a85dd46822d5e66c135a8b3
# engine=18090
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-30 06:04:17
# local_time=2014-04-30 08:04:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 96111 55610969 0 0
# scanned=364053
# found=0
# cleaned=0
# scan_time=4614

Results of screen317's Security Check version 0.99.82
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Anti-Virus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Anti-Virus 14.0.0 avpui.exe
Kaspersky Lab Kaspersky Anti-Virus 14.0.0 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Alt 01.05.2014, 13:17   #12
M-K-D-B
/// TB-Ausbilder
 
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung - Standard

Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung


Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Schritt 1
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 2
  • Klicke auf > Hilfe > Über Firefox
  • Warte bis das Update geladen ist, klicke auf Update installieren und lasse Firefox neu starten.
  • Prüfe bitte, ob weitere Updates vorliegen oder ob Firefox aktuell ist.
  • Klicke nun auf > Add-ons > > Auf Updates überprüfen
  • Nach einem weiteren Neustart von Firefox sollte alles aktuell sein.

Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen:




Schritt 3
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 4
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 03.05.2014, 12:16   #13
M-K-D-B
/// TB-Ausbilder
 
Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung - Standard

Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung


Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Antwort

Themen zu Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung
aktualisierung, angezeigt, aufforderung, computer, dauernd, downloaden, internetseite, internetseiten, meldungen, pup.optional.bundleinstaller.a, pup.optional.iminent.a, pup.optional.rapiddown, pup.optional.viewpassword.a, software, werbung, wirklich


« Trojanermeldung von G-Data | Steam Virus? »


Ähnliche Themen: Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung


  1. Jede menge Pop ups
    Log-Analyse und Auswertung - 27.06.2015 (3)
  2. Jede menge Werbung im Mozilla
    Plagegeister aller Art und deren Bekämpfung - 18.04.2015 (25)
  3. Jede Menge Probleme, jede Menge Logs
    Plagegeister aller Art und deren Bekämpfung - 15.03.2014 (7)
  4. Windows 8: jede Menge Müll im Browser
    Log-Analyse und Auswertung - 06.12.2013 (19)
  5. jede menge win32 probleme (webcake, Bprotekt-A etc.)
    Log-Analyse und Auswertung - 08.11.2013 (8)
  6. Jede Menge Funde und BKA Virus im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 27.08.2012 (1)
  7. Jede Menge Trojaner und Würmer eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 03.08.2010 (36)
  8. Jede menge Fehler und Bluescreens - Ingame
    Alles rund um Windows - 04.04.2009 (1)
  9. Hilfe ich hab jede menge Trojaner auf dem Pc!
    Mülltonne - 24.10.2008 (0)
  10. Jede Menge Trojaner oder lauter Fehlalarme?
    Plagegeister aller Art und deren Bekämpfung - 03.12.2007 (5)
  11. Jede Menge Trojaner u.a.
    Log-Analyse und Auswertung - 07.06.2007 (1)
  12. Popup und jede menge andere Werbung im IE
    Plagegeister aller Art und deren Bekämpfung - 11.10.2006 (9)
  13. Jede Menge Funde mit eScan - Help
    Log-Analyse und Auswertung - 19.03.2006 (2)
  14. Jede Menge Trojaner und Pop-Ups
    Log-Analyse und Auswertung - 19.12.2005 (29)
  15. hilfe, jede menge plagegeister :-))
    Plagegeister aller Art und deren Bekämpfung - 09.05.2005 (7)
  16. Jede Menge Viren...
    Log-Analyse und Auswertung - 20.01.2005 (7)
  17. Hilfe, jede menge Viruse/Trojaner
    Log-Analyse und Auswertung - 05.12.2004 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung - Hallo, ich bekomme ständig Meldungen dass mein PC nicht sicher ist, und dass ich irgendeine Software downloaden soll. Das wird immer mehr und nervt ständig. Wenn ich im Internet bin - Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung...
Archiv
Du betrachtest: Merwürdige Aufforderung zur Aktualisierung div. Software und jede Menge Werbung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130