Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.02.2014, 15:33   #1
Westwest75
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



Hallo,

seit 3 Tagen ca. leitet mein Internetexplorer andauernd auf die Seite "marketpingloui.com" um.

Im Detail : hxxp://marketpingloui.com/MRoute/amazon als Beispiel, wenn man sich vorher auf Amazon befand.

Kaspersky Antivirus meldet in der Abteilung "Web Antivirus" folgende Befunde

Code:
ATTFilter
Gefährliche URL-Adresse wurde gesperrt	hxxp://marketpingloui.com/MUpdate/VersionRequest.ashx?codename=s10&version=5&uid=395e6c12-6aad-4ba1-801e-28a720ccafb2&country=Germany&browser=IE	Schädlicher Link	Der Link wurde in der Datenbank für schädliche Adressen gefunden	Heute, 14:11
Gefährliche URL-Adresse wurde gesperrt	hxxp://marketpingloui.com/MUpdate/VersionRequest.ashx?codename=s10&version=5&uid=395e6c12-6aad-4ba1-801e-28a720ccafb2&country=Germany&browser=IE	Schädlicher Link	Der Link wurde in der Datenbank für schädliche Adressen gefunden	Heute, 14:13
Gefährliche URL-Adresse wurde gesperrt	hxxp://marketpingloui.com/MUpdate/VersionRequest.ashx?codename=s10&version=5&uid=395e6c12-6aad-4ba1-801e-28a720ccafb2&country=Germany&browser=IE	Schädlicher Link	Der Link wurde in der Datenbank für schädliche Adressen gefunden	Heute, 14:13
Gefährliche URL-Adresse wurde gesperrt	hxxp://marketpingloui.com/MUpdate/VersionRequest.ashx?codename=s10&version=5&uid=395e6c12-6aad-4ba1-801e-28a720ccafb2&country=Germany&browser=IE	Schädlicher Link	Der Link wurde in der Datenbank für schädliche Adressen gefunden	Heute, 14:18
Gefährliche URL-Adresse wurde gesperrt	hxxp://marketpingloui.com/MUpdate/VersionRequest.ashx?codename=s10&version=5&uid=395e6c12-6aad-4ba1-801e-28a720ccafb2&country=Germany&browser=IE	Schädlicher Link	Der Link wurde in der Datenbank für schädliche Adressen gefunden	Heute, 14:19
Gefährliche URL-Adresse wurde gesperrt	hxxp://marketpingloui.com/MUpdate/VersionRequest.ashx?codename=s10&version=5&uid=395e6c12-6aad-4ba1-801e-28a720ccafb2&country=Germany&browser=IE	Schädlicher Link	Der Link wurde in der Datenbank für schädliche Adressen gefunden	Heute, 14:19
Gefährliche URL-Adresse wurde gesperrt	hxxp://marketpingloui.com/MUpdate/VersionRequest.ashx?codename=s10&version=5&uid=395e6c12-6aad-4ba1-801e-28a720ccafb2&country=Germany&browser=IE	Schädlicher Link	Der Link wurde in der Datenbank für schädliche Adressen gefunden	Heute, 14:21
Gefährliche URL-Adresse wurde gesperrt	hxxp://marketpingloui.com/MUpdate/VersionRequest.ashx?codename=s10&version=5&uid=395e6c12-6aad-4ba1-801e-28a720ccafb2&country=Germany&browser=IE	Schädlicher Link	Der Link wurde in der Datenbank für schädliche Adressen gefunden	Heute, 14:25
Gefährliche URL-Adresse wurde gesperrt	hxxp://marketpingloui.com/MUpdate/VersionRequest.ashx?codename=s10&version=5&uid=395e6c12-6aad-4ba1-801e-28a720ccafb2&country=Germany&browser=IE	Schädlicher Link	Der Link wurde in der Datenbank für schädliche Adressen gefunden	Heute, 14:26
Gefährliche URL-Adresse wurde gesperrt	hxxp://marketpingloui.com/MUpdate/VersionRequest.ashx?codename=s10&version=5&uid=395e6c12-6aad-4ba1-801e-28a720ccafb2&country=Germany&browser=IE	Schädlicher Link	Der Link wurde in der Datenbank für schädliche Adressen gefunden	Heute, 14:42
Gefährliche URL-Adresse wurde gesperrt	hxxp://marketpingloui.com/MUpdate/VersionRequest.ashx?codename=s10&version=5&uid=395e6c12-6aad-4ba1-801e-28a720ccafb2&country=Germany&browser=IE	Schädlicher Link	Der Link wurde in der Datenbank für schädliche Adressen gefunden	Heute, 15:00
Gefährliche URL-Adresse wurde gesperrt	hxxp://marketpingloui.com/MUpdate/VersionRequest.ashx?codename=s10&version=5&uid=395e6c12-6aad-4ba1-801e-28a720ccafb2&country=Germany&browser=IE	Schädlicher Link	Der Link wurde in der Datenbank für schädliche Adressen gefunden	Heute,
         
Der vollständige Scan durch Kaspersky ergab folgende Funde:

Code:
ATTFilter
Gefundenes Objekt (Datei) wurde gelöscht	C:\Documents and Settings\X-12\AppData\Local\Temp\is1177715538\cor_ar_201381417179_qvo6.exe	C:\Documents and Settings\X-12\AppData\Local\Temp\is1177715538\cor_ar_201381417179_qvo6.exe	Trojan-Downloader.Win32.Agent.hdtg	Trojanisches Programm	Heute, 14:25
Gefundenes Objekt (Datei) wurde gelöscht	C:\Documents and Settings\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\X-12\AppData\Roaming\MCommon\MUpdates_new.exe	C:\Documents and Settings\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\X-12\AppData\Roaming\MCommon\MUpdates_new.exe	not-a-virus:HEUR:AdWare.MSIL.Agent.gen	Adware	Heute, 14:24
         
Defogger wurde ausgeführt :

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:57 on 13/02/2014 (X-12)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
         
FRST Logfile:





FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by X-12 (administrator) on X-12-PC on 13-02-2014 15:58:36
Running from C:\Users\X-12\Desktop\Antivir
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\ooditray.exe
(Hercules®) C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\X-12\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\cpl2\HDJSeries2CPL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtWlan.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe
() C:\Users\X-12\Desktop\Antivir\Defogger.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-03] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [OODITRAY.EXE] - C:\Program Files\OO Software\DiskImage\ooditray.exe [4986672 2013-09-09] (O&O Software GmbH)
HKLM\...\Run: [Hercules DJ Series TrayAgent] - C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe [3572048 2013-05-10] (Hercules®)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-12] (VIA)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-17] (Microsoft Corporation)
HKU\S-1-5-21-3062806104-2644068550-1530919491-1000\...\Run: [Spotify Web Helper] - C:\Users\X-12\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-10] (Spotify Ltd)
HKU\S-1-5-21-3062806104-2644068550-1530919491-1000\...\MountPoints2: {606ac54c-bedd-11e2-b707-902b34343b1c} - H:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9971BB55DB52CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST2000DM001-9YN164_S1E09Z48XXXXS1E09Z48&ts=1377346837
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST2000DM001-9YN164_S1E09Z48XXXXS1E09Z48&ts=1377346837
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IE.PerformancePack - {7adefb8e-b723-45e6-86e2-2b7841f5d6a5} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Profiles\bpuq7anx.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate
FF Extension: Total Browser Security - C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate [2013-05-17]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-04]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-12]
FF HKCU\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate
FF Extension: Total Browser Security - C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate [2013-05-17]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 Creative Dolby Digital Live Pack Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [79360 2013-05-17] (Creative Labs)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [47104 2013-05-21] (Hercules®)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [6258480 2013-09-09] (O&O Software GmbH)
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2155848 2011-11-15] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-06-19] ()
R2 RealtekSE; C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe [36864 2010-04-16] (Realtek)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [3315392 2013-08-21] ()
R1 archlp; C:\Windows\System32\drivers\archlp.sys [139840 2011-11-18] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-17] (DT Soft Ltd)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2007-02-16] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2007-02-16] (Elaborate Bytes AG)
S3 HDJusbaudio; C:\Windows\System32\DRIVERS\HDJusbaudio_x64.sys [425776 2013-05-21] ( Hercules)
S3 HDJusbaudioks; C:\Windows\System32\DRIVERS\HDJusbaudioks_x64.sys [110896 2013-05-21] ( Hercules)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-12] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620640 2014-02-12] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-12] (Kaspersky Lab ZAO)
S3 MCHPUSB; C:\Windows\System32\DRIVERS\mchpusb64.sys [64512 2011-11-16] (Microchip Technology, Inc.)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [116936 2013-09-09] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [41160 2013-09-09] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255688 2013-09-09] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44744 2013-09-09] (O&O Software GmbH)
R0 oodrvled; C:\Windows\System32\DRIVERS\oodrvled.sys [30800 2011-03-02] (O&O Software GmbH)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2013-11-26] (Audials AG)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-13 15:58 - 2014-02-13 15:58 - 00000000 ____D () C:\FRST
2014-02-13 15:57 - 2014-02-13 15:57 - 00000168 _____ () C:\Users\X-12\defogger_reenable
2014-02-13 15:44 - 2014-02-13 15:49 - 00000710 _____ () C:\Users\X-12\Desktop\Kaspersky Bericht.txt
2014-02-13 15:00 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-13 15:00 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-13 15:00 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-13 15:00 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-13 15:00 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-13 15:00 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-13 15:00 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-13 15:00 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-13 15:00 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-13 15:00 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-13 15:00 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-13 15:00 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-13 15:00 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-13 15:00 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-13 15:00 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-13 15:00 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-13 15:00 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-13 15:00 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-13 14:56 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 14:56 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 14:56 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 14:56 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 14:56 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 14:56 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 14:56 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 14:56 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 14:56 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 14:56 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 14:56 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 14:56 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 14:56 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 14:56 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 14:56 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 14:56 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 14:56 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 14:56 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 14:56 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 14:56 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 14:56 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 14:56 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 14:56 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 14:56 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 14:56 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 14:56 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 14:56 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 14:56 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 14:56 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 14:56 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 14:56 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 14:56 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 14:56 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 14:56 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 14:56 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 14:56 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 14:56 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 14:56 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 14:56 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 14:56 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 14:56 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 14:35 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 14:35 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 14:35 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 14:35 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 14:34 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 14:34 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 14:34 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 14:34 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 14:34 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 14:34 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 14:34 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 14:34 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 14:34 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 14:34 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 14:34 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 14:34 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 14:34 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 14:34 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 14:34 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 14:34 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 14:34 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 14:34 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 14:27 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-13 14:27 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-13 14:26 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 14:26 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 14:26 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 14:26 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 14:25 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 14:25 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 12:58 - 2014-02-13 15:53 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-12 12:58 - 2014-02-12 13:28 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-02-12 12:58 - 2014-02-12 12:58 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-02-12 12:58 - 2014-02-12 12:58 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-02-12 12:58 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-02-12 12:58 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-02-12 12:12 - 2014-02-12 12:12 - 00000039 _____ () C:\Users\X-12\Desktop\virus.txt
2014-02-12 12:04 - 2014-02-13 15:58 - 00000000 ____D () C:\Users\X-12\Desktop\Antivir
2014-02-12 12:01 - 2014-02-12 12:51 - 257813336 _____ () C:\Users\X-12\Downloads\kis14.0.0.4651de-de.exe
2014-02-08 16:39 - 2014-02-08 16:39 - 30246820 _____ () C:\Users\X-12\Desktop\Karneval2014 Intro.wav
2014-02-07 12:40 - 2014-02-12 16:06 - 00000948 _____ () C:\Windows\PFRO.log
2014-02-07 12:25 - 2014-02-07 12:25 - 00000000 ____D () C:\Users\X-12\Desktop\Anleitungen Sound
2014-02-07 12:04 - 2014-02-07 12:24 - 00000264 _____ () C:\Users\X-12\Desktop\Stromverbrauch Büdchen.txt
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files\iTunes
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files\iPod
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-07 11:47 - 2014-02-11 16:08 - 00000000 ____D () C:\Users\X-12\Desktop\Anleitungen Lichtgeräte
2014-02-04 23:04 - 2014-02-13 15:53 - 00001042 _____ () C:\Windows\setupact.log
2014-02-04 23:04 - 2014-02-04 23:04 - 00020036 _____ () C:\Windows\LDPINST.LOG
2014-02-04 23:04 - 2014-02-04 23:04 - 00000964 _____ () C:\Windows\LkmdfCoInst.log
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 ____D () C:\Users\X-12\AppData\Local\Logishrd
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 ____D () C:\Users\Public\Documents\LogiShrd
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-04 22:50 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-04 22:50 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-04 22:50 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-02-04 22:50 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-02-04 22:43 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-02-04 22:43 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-02-04 22:42 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-04 22:42 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-04 22:42 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-02-04 22:33 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-04 22:33 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-04 22:33 - 2013-08-21 14:44 - 03315392 _____ () C:\Windows\system32\Drivers\ArcCtrl.sys
2014-02-04 22:33 - 2012-06-11 18:42 - 00080488 _____ (ArcSoft Inc.) C:\Windows\system32\MMCEDT6.exe
2014-02-04 22:32 - 2014-02-04 22:32 - 00000000 ____D () C:\Users\X-12\AppData\Local\Downloaded Installations
2014-02-04 22:26 - 2014-02-02 11:52 - 00361179 _____ () C:\Users\X-12\Downloads\OOLiveUpdate64bit_5042.zip
2014-02-04 22:26 - 2014-01-30 22:17 - 104071200 _____ (ArcSoft ) C:\Users\X-12\Downloads\totalmediatheatre6_retail_tbyb_all.exe
2014-02-04 22:26 - 2014-01-30 15:33 - 18058432 _____ () C:\Users\X-12\Downloads\DMXControl_2.12.1_Setup.exe
2014-02-04 22:26 - 2013-12-22 11:53 - 01670892 _____ () C:\Users\X-12\Downloads\using-ipad-to-control-pangolin_i615.zip
2014-02-04 22:24 - 2014-02-12 16:58 - 00000000 ____D () C:\Users\X-12\Desktop\Anita
2014-02-04 22:24 - 2014-02-04 22:24 - 00000000 ___SH () C:\Windows\S607C9546.tmp
2014-02-04 22:24 - 2014-02-02 15:21 - 01090604 _____ () C:\Users\X-12\Desktop\Schlumpf.wav
2014-02-04 22:24 - 2014-02-02 15:14 - 03262508 _____ () C:\Users\X-12\Desktop\Keine Ahnung.wav
2014-02-04 22:24 - 2014-02-01 14:21 - 27631248 _____ () C:\Users\X-12\Desktop\Karneval2014.wav

==================== One Month Modified Files and Folders =======

2014-02-13 15:58 - 2014-02-13 15:58 - 00000000 ____D () C:\FRST
2014-02-13 15:58 - 2014-02-12 12:04 - 00000000 ____D () C:\Users\X-12\Desktop\Antivir
2014-02-13 15:58 - 2009-07-14 05:45 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 15:58 - 2009-07-14 05:45 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 15:57 - 2014-02-13 15:57 - 00000168 _____ () C:\Users\X-12\defogger_reenable
2014-02-13 15:57 - 2013-05-17 09:34 - 00000000 ____D () C:\Users\X-12
2014-02-13 15:57 - 2013-05-17 09:33 - 01248824 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 15:53 - 2014-02-12 12:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-13 15:53 - 2014-02-04 23:04 - 00001042 _____ () C:\Windows\setupact.log
2014-02-13 15:53 - 2013-05-17 12:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-13 15:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-13 15:49 - 2014-02-13 15:44 - 00000710 _____ () C:\Users\X-12\Desktop\Kaspersky Bericht.txt
2014-02-13 15:01 - 2013-08-15 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 15:01 - 2013-05-17 16:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 15:00 - 2013-05-17 11:56 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 14:57 - 2013-06-10 19:39 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-13 14:57 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-02-13 14:57 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-02-13 14:57 - 2009-07-14 06:13 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 14:56 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-13 14:42 - 2013-05-17 17:02 - 00000000 ____D () C:\Users\X-12\Documents\Outlook-Dateien
2014-02-13 14:41 - 2013-05-17 16:43 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\vlc
2014-02-13 14:38 - 2013-06-27 16:45 - 00000000 ____D () C:\Users\X-12\AppData\Local\Adobe
2014-02-12 16:58 - 2014-02-04 22:24 - 00000000 ____D () C:\Users\X-12\Desktop\Anita
2014-02-12 16:06 - 2014-02-07 12:40 - 00000948 _____ () C:\Windows\PFRO.log
2014-02-12 13:28 - 2014-02-12 12:58 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-02-12 13:28 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-02-12 13:28 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-02-12 12:58 - 2014-02-12 12:58 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-02-12 12:58 - 2014-02-12 12:58 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-02-12 12:51 - 2014-02-12 12:01 - 257813336 _____ () C:\Users\X-12\Downloads\kis14.0.0.4651de-de.exe
2014-02-12 12:12 - 2014-02-12 12:12 - 00000039 _____ () C:\Users\X-12\Desktop\virus.txt
2014-02-11 16:08 - 2014-02-07 11:47 - 00000000 ____D () C:\Users\X-12\Desktop\Anleitungen Lichtgeräte
2014-02-08 16:39 - 2014-02-08 16:39 - 30246820 _____ () C:\Users\X-12\Desktop\Karneval2014 Intro.wav
2014-02-08 16:39 - 2013-05-17 17:50 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\Audacity
2014-02-08 16:30 - 2013-06-22 09:22 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\Spotify
2014-02-08 16:16 - 2013-06-22 09:27 - 00000000 ____D () C:\Users\X-12\AppData\Local\Spotify
2014-02-07 12:42 - 2013-05-18 08:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-07 12:25 - 2014-02-07 12:25 - 00000000 ____D () C:\Users\X-12\Desktop\Anleitungen Sound
2014-02-07 12:24 - 2014-02-07 12:04 - 00000264 _____ () C:\Users\X-12\Desktop\Stromverbrauch Büdchen.txt
2014-02-07 12:03 - 2013-05-17 18:08 - 00000000 ____D () C:\ProgramData\Origin
2014-02-07 12:02 - 2013-05-17 18:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files\iTunes
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files\iPod
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-07 11:54 - 2013-05-17 16:36 - 00000000 ____D () C:\ProgramData\Apple
2014-02-07 11:19 - 2013-05-29 10:19 - 00000000 ____D () C:\Program Files (x86)\PhotoSync
2014-02-07 11:05 - 2013-05-19 10:09 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-07 10:13 - 2013-05-17 09:34 - 00000000 ___RD () C:\Users\X-12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-06 13:16 - 2014-02-13 14:56 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 14:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 14:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 14:56 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 14:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 14:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 14:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 14:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 14:56 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 14:56 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 14:56 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 14:56 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 14:56 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 14:56 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 14:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 14:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 14:56 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 14:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 14:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 14:56 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 14:56 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 14:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 14:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 14:56 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 14:56 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 14:56 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 14:56 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 14:56 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 14:56 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 14:56 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 14:56 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 14:56 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 14:56 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 14:56 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 14:56 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 14:56 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 14:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 14:56 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 14:56 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 10:03 - 2013-05-17 11:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 10:03 - 2013-05-17 11:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 23:07 - 2013-05-17 09:42 - 00089904 _____ () C:\Users\X-12\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-04 23:07 - 2009-07-14 05:45 - 00350096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-04 23:05 - 2013-07-27 08:44 - 00000000 ____D () C:\Users\X-12\Desktop\Games
2014-02-04 23:04 - 2014-02-04 23:04 - 00020036 _____ () C:\Windows\LDPINST.LOG
2014-02-04 23:04 - 2014-02-04 23:04 - 00000964 _____ () C:\Windows\LkmdfCoInst.log
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 ____D () C:\Users\X-12\AppData\Local\Logishrd
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 ____D () C:\Users\Public\Documents\LogiShrd
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-04 23:04 - 2013-05-17 16:42 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-02-04 23:04 - 2013-05-17 12:26 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2014-02-04 23:03 - 2013-05-17 16:41 - 00000000 ____D () C:\ProgramData\Logitech
2014-02-04 23:03 - 2013-05-17 12:26 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-02-04 22:57 - 2013-06-27 17:35 - 00000000 ____D () C:\Users\X-12\AppData\Local\Microsoft Game Studios
2014-02-04 22:50 - 2013-05-17 09:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-04 22:44 - 2013-12-27 14:25 - 00000000 ____D () C:\Program Files (x86)\Steuer 2012
2014-02-04 22:43 - 2013-05-20 09:27 - 00000000 ____D () C:\Users\X-12\Documents\ArcSoft
2014-02-04 22:43 - 2013-05-17 17:48 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\ArcSoft
2014-02-04 22:37 - 2013-05-17 17:15 - 00000000 ____D () C:\ProgramData\firebird
2014-02-04 22:33 - 2013-05-17 17:49 - 00000000 ___HD () C:\ProgramData\ArcSoft
2014-02-04 22:33 - 2013-05-17 17:49 - 00000000 ____D () C:\Users\X-12\AppData\Local\ArcSoft
2014-02-04 22:33 - 2013-05-17 17:48 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-02-04 22:32 - 2014-02-04 22:32 - 00000000 ____D () C:\Users\X-12\AppData\Local\Downloaded Installations
2014-02-04 22:32 - 2013-10-22 18:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-04 22:32 - 2013-08-07 13:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-04 22:25 - 2013-09-12 14:53 - 00000000 ____D () C:\Users\X-12\Desktop\Homepage Friesenhof
2014-02-04 22:24 - 2014-02-04 22:24 - 00000000 ___SH () C:\Windows\S607C9546.tmp
2014-02-02 15:21 - 2014-02-04 22:24 - 01090604 _____ () C:\Users\X-12\Desktop\Schlumpf.wav
2014-02-02 15:14 - 2014-02-04 22:24 - 03262508 _____ () C:\Users\X-12\Desktop\Keine Ahnung.wav
2014-02-02 11:52 - 2014-02-04 22:26 - 00361179 _____ () C:\Users\X-12\Downloads\OOLiveUpdate64bit_5042.zip
2014-02-01 14:21 - 2014-02-04 22:24 - 27631248 _____ () C:\Users\X-12\Desktop\Karneval2014.wav
2014-01-30 22:17 - 2014-02-04 22:26 - 104071200 _____ (ArcSoft ) C:\Users\X-12\Downloads\totalmediatheatre6_retail_tbyb_all.exe
2014-01-30 15:33 - 2014-02-04 22:26 - 18058432 _____ () C:\Users\X-12\Downloads\DMXControl_2.12.1_Setup.exe
2014-01-16 09:59 - 2013-05-17 10:06 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\X-12\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\X-12\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\X-12\AppData\Local\Temp\djuced.exe
C:\Users\X-12\AppData\Local\Temp\ICReinstall_ImageEditorSetup.exe
C:\Users\X-12\AppData\Local\Temp\jinstaller142_19.exe
C:\Users\X-12\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\X-12\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\X-12\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\X-12\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\X-12\AppData\Local\Temp\Quarantine.exe
C:\Users\X-12\AppData\Local\Temp\setup.exe
C:\Users\X-12\AppData\Local\Temp\sonarinst.exe
C:\Users\X-12\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\X-12\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\X-12\AppData\Local\Temp\_is9667.exe
C:\Users\X-12\AppData\Local\Temp\_isAE8B.exe
C:\Users\X-12\AppData\Local\Temp\_isD849.exe
C:\Users\X-12\AppData\Local\Temp\_isE3CD.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-31 15:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---



Kaspersky meldet zwar andauernd, das ein schädlicher Link blockiert wurde, wird der Sache aber anscheinend nicht Herr.

Ich bitte um Hilfe.

Gruß westwest75

Das Additions File :

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by X-12 at 2014-02-13 15:58:51
Running from C:\Users\X-12\Desktop\Antivir
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
A Vampyre Story (x32 Version:  - )
Acronis*Disk*Director*11*Home (x32 Version: 11.0.2343 - Acronis)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (x32 Version: 2.1.1.220 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (x32 Version: 12 - Adobe Systems Incorporated)
Adobe Edge Animate CC (x32 Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Muse (x32 Version: 6.0.751 - Adobe Systems Incorporated)
Adobe Muse (x32 Version: 6.0.751 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 5 64-bit (Version: 5.0.1 - Adobe)
Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Advanced Fix 2013 version 2.0.1.108 (x32 Version: 2.0.1.108 - Advanced Fix, Inc.)
Advanced Renamer (x32 Version: 3.59 - Hulubulu Software)
Age of Empires II: HD Edition (x32 Version:  - Hidden Path Entertainment, Ensemble Studios)
Alan Wake (x32 Version:  - Remedy Entertainment)
Alan Wake's American Nightmare (x32 Version:  - Remedy Entertainment)
Anleitung für Epson Connect (x32 Version:  - )
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaConverter 7 (x32 Version: 7.1.0.98 - ArcSoft)
ArcSoft TotalMedia Theatre 3 (x32 Version: 3.0.1.120 - ArcSoft) Hidden
ArcSoft TotalMedia Theatre 3 (x32 Version: 3.0.1.195 - ArcSoft)
ArcSoft TotalMedia Theatre 6 (x32 Version: 6.5.1.150 - ArcSoft)
ArcSoft TotalMedia Theatre 6 (x32 Version: 6.5.1.150 - ArcSoft) Hidden
Ashampoo Burning Studio 2013 v.11.0.6 (x32 Version: 11.0.6 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.4.4 - Atheros Communications Inc.)
Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team)
Audials (x32 Version: 11.0.48200.0 - Audials AG)
Battle Worlds Kronos Version 1.0.0 (x32 Version: 1.0.0 - Crimson Cow)
Battlefield 3™ (x32 Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.0 - EA Digital Illusions CE AB)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
BioShock 2 (x32 Version: 1.00.0000 - 2K Games)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
CloneDVD2 (x32 Version:  - Elaborate Bytes)
Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (x32 Version: 2.0.0.1 - THQ Inc.)
Company of Heroes 2 (x32 Version:  - Relic Entertainment)
Creative Audio-Systemsteuerung (x32 Version: 2.00 - Creative Technology Limited)
Creative Konsole Starter (x32 Version:  - )
Creative Software AutoUpdate (x32 Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (x32 Version:  - )
DAEMON Tools Lite (x32 Version: 4.47.1.0333 - Disc Soft Ltd)
DDL und DTS Connect-Lizenzaktivierung (x32 Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (Version:  - Microsoft)
Deus Ex: Human Revolution (x32 Version:  - Eidos Montreal)
Dolby Digital Live Pack (x32 Version:  - )
Download Navigator (x32 Version: 3.4.2 - SEIKO EPSON CORPORATION)
Druckerdeinstallation für EPSON XP-600 Series (Version:  - SEIKO EPSON Corporation)
DTS Connect Pack (x32 Version:  - )
DVDFab 9.0.1.6 (14/12/2012) Qt (x32 Version:  - Fengtao Software Inc.)
Edimax Wireless LAN Driver and Utility (x32 Version: 1.00.0184 - Edimax Technology Co.)
Epson Benutzerhandbuch XP-600 Series (x32 Version:  - )
Epson Event Manager (x32 Version: 3.01.0005 - Seiko Epson Corporation)
Epson Netzwerkhandbuch XP-600 Series (x32 Version:  - )
EPSON Printer Finder (x32 Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (x32 Version:  - Seiko Epson Corporation)
EpsonNet Print (x32 Version: 2.6.0 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
GIMP 2.8.6 (Version: 2.8.6 - The GIMP Team)
HandBrake 0.9.9 (x32 Version: 0.9.9 - )
Hercules DJ Products Series drivers (x32 Version: 2.HDJS.2013 - Hercules)
ID3-TagIT 3 (x32 Version: 3 - Michael Pluemper)
Image Data Converter (x32 Version: 4.2.02.10112 - Sony Corporation)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)
Logitech Solar App 1.10 (Version: 1.10.3 - Logitech)
marvell 91xx driver (x32 Version: 1.2.0.1010 - Marvell)
Metro Last Light Update 3 Plus limited First Edition DLCs 1.00 (x32 Version: 1.00 - .x.X.RIDDICK.X.x.)
Metro: Last Light (c) Deep Silver version 1 (x32 Version: 1 - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 23.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5.1 (Version: 1.5.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 6.4.23 (Version: 6.4.23 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 6.4.23 - NVIDIA Corporation) Hidden
O&O DiskImage Professional (Version: 7.81.6 - O&O Software GmbH)
O&O DiskRecovery (Version: 8.0.335 - O&O Software GmbH)
O&O DriveLED Professional (Version: 4.2.157 - O&O Software GmbH)
ON_OFF Charge B11.1102.1 (x32 Version: 1.00.0001 - GIGABYTE)
OpenAL (x32 Version:  - )
OpenTTD 1.3.2 (x32 Version: 1.3.2 - OpenTTD)
Origin (x32 Version: 9.1.15.109 - Electronic Arts, Inc.)
PhoneBrowse 2.0.3 (x32 Version: 2.0.3 - iMobie Inc.)
PhotoSync (Version: 2.1.2 - touchbyte GmbH)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Simple Shutdown Timer (x32 Version: 1.1.2 - PcWinTech.com)
Sony PC Companion 2.10.165 (x32 Version: 2.10.165 - Sony)
Sony RAW Driver (x32 Version: 2.0.00.08130 - Sony Corporation)
SoundFont-Bank-Manager (x32 Version:  - )
Splinter Cell Pandora Tomorrow (x32 Version: 1.00.000 - )
Spotify (HKCU Version: 0.9.6.81.gd359a796 - Spotify AB)
StarCraft II (x32 Version:  - Blizzard Entertainment)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Steuer 2012 (x32 Version: 20.00.8137 - Buhl Data Service GmbH)
SumatraPDF (x32 Version: 2.4 - Krzysztof Kowalczyk)
THX-Einrichtungskonsole (x32 Version:  - )
UnLock Root 3.1.3 (x32 Version: 3.1.3 - Unlcokroot)
UnLock Root Pro 3.41 (x32 Version: 3.41 - Unlcokroot)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (Version:  - Microsoft)
VIA Plattform-Geräte-Manager (x32 Version: 1.39 - VIA Technologies, Inc.)
VirtualDJ PRO Full (x32 Version: 7.2 - Atomix Productions)
VLC media player 2.1.1 (x32 Version: 2.1.1 - VideoLAN)
Winamp (x32 Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-08-20 19:04 - 00002687 ____A C:\Windows\system32\Drivers\etc\hosts
  127.0.0.1 activate.adobe.com      
      127.0.0.1 practivate.adobe.com
      127.0.0.1 adobeereg.com
      127.0.0.1 www.adobeereg.com
      127.0.0.1 activate.adobe.com
      127.0.0.1 activate-sea.adobe.com
      127.0.0.1 activate-sjc0.adobe.com
      127.0.0.1 wwis-dubc1-vip60.adobe.com
      127.0.0.1 192.150.18.108
      127.0.0.1 activate.adobe.com:443
      127.0.0.1 3dns.adobe.com
      127.0.0.1 3dns-1.adobe.com
      127.0.0.1 3dns-2.adobe.com
      127.0.0.1 3dns-3.adobe.com
      127.0.0.1 3dns-4.adobe.com
      127.0.0.1 adobeereg.com
      127.0.0.1 www.adobeereg.com
      127.0.0.1 activate.adobe.com
      127.0.0.1 activate-sea.adobe.com
      127.0.0.1 activate-sjc0.adobe.com
      127.0.0.1 wwis-dubc1-vip60.adobe.com
      127.0.0.1 192.150.18.108
      127.0.0.1 adobe-dns.adobe.com
      127.0.0.1 adobe-dns-1.adobe.com
      127.0.0.1 adobe-dns-2.adobe.com
      127.0.0.1 adobe-dns-3.adobe.com
      127.0.0.1 adobe-dns-4.adobe.com
      127.0.0.1 adobe-dns-5.adobe.com
      127.0.0.1 ereg.wip3.adobe.com
      127.0.0.1 ereg.adobe.com
      127.0.0.1 practivate.adobe.com
      127.0.0.1 wip3.adobe.com
      127.0.0.1 wwis-dubc1-vip60.adobe.com
      127.0.0.1 ntrack.com
      127.0.0.1 hl2rcv.adobe.com
      127.0.0.1 activate.wip3.adobe.com
      127.0.0.1 activate.adobe.de
      127.0.0.1 practivate.adobe.de
      127.0.0.1 ereg.adobe.de
      127.0.0.1 activate.wip3.adobe.de
      127.0.0.1 wip3.adobe.de
      127.0.0.1 3dns-3.adobe.de
      127.0.0.1 3dns-2.adobe.de
      127.0.0.1 adobe-dns.adobe.de
      127.0.0.1 adobe-dns-2.adobe.de
      127.0.0.1 adobe-dns-3.adobe.de
      127.0.0.1 ereg.wip3.adobe.de
      127.0.0.1 activate-sea.adobe.de
      127.0.0.1 wwis-dubc1-vip60.adobe.de
      127.0.0.1 activate-sjc0.adobe.de
      127.0.0.1 hl2rcv.adobe.de

==================== Scheduled Tasks (whitelisted) =============

Task: {095AA1BD-66BC-4E56-AEA5-95FB39F11898} - System32\Tasks\{49F7F33A-3453-41AE-9D6D-5218B2054F09} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {172280B1-900C-4710-AD46-6FC4740D5960} - System32\Tasks\{F151AB69-7C49-4DDA-ACBA-EC9674525E36} => C:\Program Files (x86)\Ubisoft\Splinter Cell Pandora Tomorrow\logo_ubi.exe [2004-02-24] ()
Task: {174584AC-7BA2-40AA-B96F-5E1B1ECDB8DC} - System32\Tasks\{A3299292-A33E-41CA-A5C5-D087FD6CE5F9} => C:\Program Files (x86)\Ubisoft\Splinter Cell Pandora Tomorrow\logo_ubi.exe [2004-02-24] ()
Task: {1F2F3351-0E18-452D-8905-132765E3C1CA} - System32\Tasks\{D8FCFFC0-2CCA-4A89-A4DE-899311F4FF09} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {25EB042B-3A77-4057-B32D-8082DC3362B4} - System32\Tasks\{28A60DDB-95F1-4684-AFDB-2E3FCF5645DC} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {2E00A0C4-97C0-466E-ACB4-D935FA48A38E} - System32\Tasks\{832B11BC-E0AC-4D3A-9A3D-F4DCCC2E7D1F} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {3764DC09-1C69-4812-A716-F1FBB33FA730} - System32\Tasks\{A8C447FA-016F-4F3C-BE25-379CCDADEC29} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {3EF294AF-96D9-4436-87DF-61546D02FB53} - System32\Tasks\{3C52D359-4107-45D4-9314-C0B7E4DB1D5C} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {501F3619-5F1F-42FF-A793-2A99E410A5C7} - System32\Tasks\{C83304AD-9627-4225-A287-7EE65BAE9CA6} => C:\Program Files (x86)\Ubisoft\Splinter Cell Pandora Tomorrow\logo_ubi.exe [2004-02-24] ()
Task: {58843666-8584-411F-ADE7-14B9E18FF2EA} - System32\Tasks\{D7464779-F5B8-4D63-B260-741498016A87} => C:\Program Files (x86)\Syncios\Syncios.exe
Task: {5B6A0D35-6552-4405-9DC6-AA78E656F2F5} - System32\Tasks\{4D5CD932-6887-4CA1-A362-3B49AF5488FC} => C:\Program Files (x86)\Ubisoft\Splinter Cell Pandora Tomorrow\logo_ubi.exe [2004-02-24] ()
Task: {770CA5B8-9260-4681-8C43-03B611943DB0} - System32\Tasks\{ED793F9F-89AD-483A-96A4-FE4FCCA0D777} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {919B1150-9DA4-496A-B7B4-16FAE1C802DA} - System32\Tasks\{C650B9EE-5930-43A2-96CA-9CFFCA0B1F32} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {A4BF9911-61C6-44FA-BDB0-5617EB284345} - System32\Tasks\{F4392386-C87D-4EFB-93E6-3DB93E157B28} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {B60681D7-E131-45D9-B54D-DFF814A496A7} - System32\Tasks\AdobeAAMUpdater-1.0-X-12-PC-X-12 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {E96AAC9F-95A4-4C48-BFA7-641860693DF6} - System32\Tasks\{B28C42DD-BBAF-4A39-AE96-80C391293FF6} => C:\Program Files (x86)\Syncios\Syncios.exe

==================== Loaded Modules (whitelisted) =============

2013-08-16 23:32 - 2013-08-16 23:32 - 03357040 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-09 16:35 - 2013-09-09 16:35 - 00344880 _____ () C:\Program Files\OO Software\DiskImage\oodishrs.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-09-09 16:35 - 2013-09-09 16:35 - 00537904 _____ () C:\Program Files\OO Software\DiskImage\ooditrrs.dll
2013-09-09 16:36 - 2013-09-09 16:36 - 00069936 _____ () C:\Program Files\OO Software\DiskImage\oodiagpsx64.dll
2013-05-17 09:39 - 2012-01-12 14:21 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-05-17 09:39 - 2012-01-12 14:21 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-08-16 23:32 - 2013-08-16 23:32 - 04578672 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-02-12 12:05 - 2014-02-12 12:05 - 00050477 _____ () C:\Users\X-12\Desktop\Antivir\Defogger.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-06-18 18:03 - 2013-06-19 09:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-11-15 17:44 - 2011-11-15 17:44 - 02155848 _____ () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
2013-08-19 21:12 - 2013-08-19 21:12 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-08-16 23:32 - 2013-08-16 23:32 - 00381808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
2013-05-17 09:44 - 2009-12-09 20:20 - 00126976 _____ () C:\Program Files (x86)\Edimax\PCIe Wireless LAN\EnumDevLib.dll
2013-05-17 09:39 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-05-17 09:38 - 2011-12-16 09:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2014 00:57:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Creative Cloud.exe, Version: 2.1.1.220, Zeitstempel: 0x52125abf
Name des fehlerhaften Moduls: VulcanWrapper.dll, Version: 2.1.1.220, Zeitstempel: 0x5212618f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002b66
ID des fehlerhaften Prozesses: 0xc80
Startzeit der fehlerhaften Anwendung: 0xCreative Cloud.exe0
Pfad der fehlerhaften Anwendung: Creative Cloud.exe1
Pfad des fehlerhaften Moduls: Creative Cloud.exe2
Berichtskennung: Creative Cloud.exe3

Error: (02/07/2014 00:44:04 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(cc:08:e0:26:d6:8b@fe80::ce08:e0ff:fe26:d68b._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/07/2014 00:44:04 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(1c:ab:a7:90:da:43@fe80::1eab:a7ff:fe90:da43._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/07/2014 00:42:19 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/07/2014 11:04:23 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(1c:ab:a7:90:da:43@fe80::1eab:a7ff:fe90:da43._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/04/2014 11:03:18 PM) (Source: MsiInstaller) (User: X-12-PC)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {CE3230AC-E72E-3EDF-8A57-87FCE1CF2629}

Error: (02/04/2014 10:53:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ImageDataConverter.exe, Version: 4.2.0.10112, Zeitstempel: 0x50768a0b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x2fe850ff
ID des fehlerhaften Prozesses: 0x92c
Startzeit der fehlerhaften Anwendung: 0xImageDataConverter.exe0
Pfad der fehlerhaften Anwendung: ImageDataConverter.exe1
Pfad des fehlerhaften Moduls: ImageDataConverter.exe2
Berichtskennung: ImageDataConverter.exe3

Error: (01/02/2014 06:15:18 PM) (Source: Application Hang) (User: )
Description: Programm oodipro.exe, Version 7.0.0.2057 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1dc0

Startzeit: 01cf07ddec37b075

Endzeit: 0

Anwendungspfad: C:\Program Files\OO Software\DiskImage\oodipro.exe

Berichts-ID: 6edb79a7-73d1-11e3-843d-902b34343b1c

Error: (12/12/2013 05:45:06 PM) (Source: Application Hang) (User: )
Description: Programm ImageDataConverter.exe, Version 4.2.0.10112 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d0

Startzeit: 01cef759730436d4

Endzeit: 437

Anwendungspfad: C:\Program Files (x86)\Sony\Image Data Converter\Image Data Converter Ver. 4.0\ImageDataConverter.exe

Berichts-ID: bd9d7a72-634c-11e3-83d8-902b34343b1c

Error: (12/07/2013 00:06:52 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AoK HD.exe, Version: 3.1.1630.0, Zeitstempel: 0x52993c07
Name des fehlerhaften Moduls: AoK HD.exe, Version: 3.1.1630.0, Zeitstempel: 0x52993c07
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0011f332
ID des fehlerhaften Prozesses: 0x1b78
Startzeit der fehlerhaften Anwendung: 0xAoK HD.exe0
Pfad der fehlerhaften Anwendung: AoK HD.exe1
Pfad des fehlerhaften Moduls: AoK HD.exe2
Berichtskennung: AoK HD.exe3


System errors:
=============
Error: (02/13/2014 03:44:42 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (02/13/2014 02:45:56 PM) (Source: DCOM) (User: )
Description: {46986115-84D6-459C-8F95-52DD653E532E}

Error: (02/12/2014 01:28:39 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (02/12/2014 00:57:27 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (02/12/2014 00:57:27 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (02/12/2014 00:57:27 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (02/12/2014 00:57:27 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (02/12/2014 11:48:45 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (02/12/2014 11:48:20 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (02/12/2014 11:48:20 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (02/12/2014 00:57:29 PM) (Source: Application Error)(User: )
Description: Creative Cloud.exe2.1.1.22052125abfVulcanWrapper.dll2.1.1.2205212618fc000000500002b66c8001cf27e998af0649C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreExt\VulcanWrapper.dlld8a496ad-93dc-11e3-83b1-902b34343b1c

Error: (02/07/2014 00:44:04 PM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(cc:08:e0:26:d6:8b@fe80::ce08:e0ff:fe26:d68b._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/07/2014 00:44:04 PM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(1c:ab:a7:90:da:43@fe80::1eab:a7ff:fe90:da43._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/07/2014 00:42:19 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/07/2014 11:04:23 AM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(1c:ab:a7:90:da:43@fe80::1eab:a7ff:fe90:da43._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/04/2014 11:03:18 PM) (Source: MsiInstaller)(User: X-12-PC)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {CE3230AC-E72E-3EDF-8A57-87FCE1CF2629}(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/04/2014 10:53:26 PM) (Source: Application Error)(User: )
Description: ImageDataConverter.exe4.2.0.1011250768a0bunknown0.0.0.000000000c00000052fe850ff92c01cf21f387298ddeC:\Program Files (x86)\Sony\Image Data Converter\Image Data Converter Ver. 4.0\ImageDataConverter.exeunknownc63fe9e8-8de6-11e3-8ae0-902b34343b1c

Error: (01/02/2014 06:15:18 PM) (Source: Application Hang)(User: )
Description: oodipro.exe7.0.0.20571dc001cf07ddec37b0750C:\Program Files\OO Software\DiskImage\oodipro.exe6edb79a7-73d1-11e3-843d-902b34343b1c

Error: (12/12/2013 05:45:06 PM) (Source: Application Hang)(User: )
Description: ImageDataConverter.exe4.2.0.10112d001cef759730436d4437C:\Program Files (x86)\Sony\Image Data Converter\Image Data Converter Ver. 4.0\ImageDataConverter.exebd9d7a72-634c-11e3-83d8-902b34343b1c

Error: (12/07/2013 00:06:52 PM) (Source: Application Error)(User: )
Description: AoK HD.exe3.1.1630.052993c07AoK HD.exe3.1.1630.052993c07c00004090011f3321b7801cef338e9aa26c3C:\Program Files (x86)\Steam\steamapps\common\Age2HD\AoK HD.exeC:\Program Files (x86)\Steam\steamapps\common\Age2HD\AoK HD.exeacd5458b-5f2f-11e3-9f49-902b34343b1c


CodeIntegrity Errors:
===================================
  Date: 2013-11-24 00:30:53.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 00:30:53.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 00:30:53.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 00:30:53.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 00:30:53.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 00:30:53.011
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-22 12:12:38.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-22 12:12:38.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-22 12:12:38.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-22 12:12:38.973
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 16345.82 MB
Available physical RAM: 13669.92 MB
Total Pagefile: 32689.82 MB
Available Pagefile: 29834.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.35 GB) (Free:3.79 GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:237.17 GB) NTFS
Drive h: (Battle_Worlds_Kr) (CDROM) (Total:0.72 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B7C01430)
Partition 2: (Active) - (Size=-198635159552) - (Type=05)

========================================================
Disk: 1 (Size: 224 GB) (Disk ID: DA8015DC)

Partition: GPT Partition Type
========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
==================== End Of Log ============================
         

Alt 13.02.2014, 15:34   #2
Westwest75
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



Das GMER File:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-13 16:06:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 Corsair_ rev.5.02 223,57GB
Running: Gmer-19357.exe; Driver: C:\Users\X-12\AppData\Local\Temp\kxldipob.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                 0000000077301465 2 bytes [30, 77]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                00000000773014bb 2 bytes [30, 77]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                            0000000077301465 2 bytes [30, 77]
.text    C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                           00000000773014bb 2 bytes [30, 77]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[2032] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                                            0000000077dbfaa8 5 bytes JMP 00000001737718a8
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[2032] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                     0000000077dc0038 5 bytes JMP 0000000173771ea1
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[2032] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize + 779                                                                             00000000770ab9f8 4 bytes [96, 25, 77, 73]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                           0000000077301465 2 bytes [30, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          00000000773014bb 2 bytes [30, 77]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                         0000000077301465 2 bytes [30, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                        00000000773014bb 2 bytes [30, 77]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                                                                        0000000075421a22 2 bytes [42, 75]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                                                                        0000000075421ad0 2 bytes [42, 75]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                                                                        0000000075421b08 2 bytes [42, 75]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                                                                        0000000075421bba 2 bytes [42, 75]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                                                                        0000000075421bda 2 bytes [42, 75]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                 0000000077301465 2 bytes [30, 77]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                00000000773014bb 2 bytes [30, 77]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files\OO Software\DiskImage\oodiag.exe[2476] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter                                                                                                           0000000077ab9b80 13 bytes {MOV R11, 0x13f366cf8; JMP R11}
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                          0000000077301465 2 bytes [30, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                         00000000773014bb 2 bytes [30, 77]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                  0000000077301465 2 bytes [30, 77]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[4688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                 00000000773014bb 2 bytes [30, 77]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                            0000000077301465 2 bytes [30, 77]
.text    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                           00000000773014bb 2 bytes [30, 77]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                         0000000077301465 2 bytes [30, 77]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                        00000000773014bb 2 bytes [30, 77]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                          0000000077301465 2 bytes [30, 77]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                         00000000773014bb 2 bytes [30, 77]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                       0000000077301465 2 bytes [30, 77]
.text    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                      00000000773014bb 2 bytes [30, 77]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                        0000000077bc11f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                      0000000077bc1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                             0000000077bc143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                             0000000077bc158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                     0000000077bc191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                     0000000077bc1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                    0000000077bc1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                       0000000077bc1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                       0000000077bc1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                           0000000077bc1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                          0000000077bc1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                         0000000077bc1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                 0000000077bc1fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                             0000000077bc2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                             0000000077bc2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                  0000000077bc2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                         0000000077bc27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                       0000000077bc27d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                        0000000077bc282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                       0000000077bc2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                               0000000077bc2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                               0000000077bc2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                            * 3
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                       0000000077bc3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                           0000000077bc323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                           0000000077bc33c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                          0000000077bc3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                          0000000077bc3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                              0000000077bc3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                              0000000077bc3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                       0000000077bc4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                 0000000077c11380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                               0000000077c11500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                     0000000077c11530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                   0000000077c11650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                       0000000077c11700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                       0000000077c11d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                     0000000077c11f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                     0000000077c127e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                   00000000756a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                   00000000756a146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                00000000756a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                  00000000756a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                             00000000756a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                             00000000756a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                       00000000756a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                         00000000756a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                       00000000756a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1288] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                            00000000756a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                             0000000077bc11f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                           0000000077bc1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                  0000000077bc143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                                  0000000077bc158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                          0000000077bc191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                          0000000077bc1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                         0000000077bc1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                            0000000077bc1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                            0000000077bc1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                0000000077bc1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                               0000000077bc1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                              0000000077bc1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                      0000000077bc1fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                                  0000000077bc2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                                  0000000077bc2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                       0000000077bc2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                              0000000077bc27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                            0000000077bc27d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                             0000000077bc282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                            0000000077bc2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                    0000000077bc2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                    0000000077bc2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                            * 3
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                            0000000077bc3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                0000000077bc323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                                0000000077bc33c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                               0000000077bc3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                               0000000077bc3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                   0000000077bc3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                   0000000077bc3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                            0000000077bc4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                      0000000077c11380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                    0000000077c11500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                          0000000077c11530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                        0000000077c11650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                            0000000077c11700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                            0000000077c11d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                          0000000077c11f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                          0000000077c127e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                        00000000756a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                        00000000756a146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                     00000000756a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                       00000000756a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                  00000000756a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                  00000000756a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                            00000000756a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                              00000000756a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                            00000000756a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                 00000000756a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                             0000000077bc11f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                           0000000077bc1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                  0000000077bc143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                                  0000000077bc158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                          0000000077bc191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                          0000000077bc1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                         0000000077bc1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                            0000000077bc1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                            0000000077bc1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                0000000077bc1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                               0000000077bc1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                              0000000077bc1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                      0000000077bc1fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                                  0000000077bc2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                                  0000000077bc2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                       0000000077bc2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                              0000000077bc27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                            0000000077bc27d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                             0000000077bc282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                            0000000077bc2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                    0000000077bc2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                    0000000077bc2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                            * 3
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                            0000000077bc3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                0000000077bc323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                                0000000077bc33c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                               0000000077bc3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                               0000000077bc3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                   0000000077bc3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                   0000000077bc3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                            0000000077bc4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                      0000000077c11380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                    0000000077c11500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                          0000000077c11530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                        0000000077c11650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                            0000000077c11700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                            0000000077c11d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                          0000000077c11f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                          0000000077c127e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                        00000000756a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                        00000000756a146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                     00000000756a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                       00000000756a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                  00000000756a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                  00000000756a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                            00000000756a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                              00000000756a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                            00000000756a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                 00000000756a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                                                                 0000000077bc11f5 8 bytes {JMP 0xd}
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                                                               0000000077bc1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                                      0000000077bc143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                                                                      0000000077bc158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                              0000000077bc191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                                                              0000000077bc1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                                                             0000000077bc1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                                0000000077bc1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                                                                0000000077bc1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                                    0000000077bc1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                                                                   0000000077bc1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                                                                  0000000077bc1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                                                          0000000077bc1fd7 8 bytes {JMP 0xb}
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                                                                      0000000077bc2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                                                                      0000000077bc2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                                                           0000000077bc2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                                  0000000077bc27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                                                0000000077bc27d2 8 bytes {JMP 0x10}
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                                                 0000000077bc282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                                                                0000000077bc2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                                        0000000077bc2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                                                        0000000077bc2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                            * 3
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                                                                0000000077bc3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                                                    0000000077bc323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                                                                    0000000077bc33c0 16 bytes {JMP 0x4e}
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                                                   0000000077bc3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                                                   0000000077bc3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                                       0000000077bc3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                                                       0000000077bc3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                                                0000000077bc4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                          0000000077c11380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                        0000000077c11500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                              0000000077c11530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                            0000000077c11650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                0000000077c11700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                0000000077c11d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                              0000000077c11f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                              0000000077c127e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                            00000000756a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                            00000000756a146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                         00000000756a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                                                           00000000756a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                      00000000756a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                                      00000000756a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                                                                00000000756a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                                                                  00000000756a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                                00000000756a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                                                     00000000756a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                       0000000077301465 2 bytes [30, 77]
.text    C:\Users\X-12\Desktop\Antivir\Defogger.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                      00000000773014bb 2 bytes [30, 77]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                                                               0000000077bc11f5 8 bytes {JMP 0xd}
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                                                             0000000077bc1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                                    0000000077bc143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                                                                    0000000077bc158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                            0000000077bc191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                                                            0000000077bc1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                                                           0000000077bc1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                              0000000077bc1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                                                              0000000077bc1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                                  0000000077bc1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                                                                 0000000077bc1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                                                                0000000077bc1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                                                        0000000077bc1fd7 8 bytes {JMP 0xb}
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                                                                    0000000077bc2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                                                                    0000000077bc2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                                                         0000000077bc2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                                0000000077bc27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                                              0000000077bc27d2 8 bytes {JMP 0x10}
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                                               0000000077bc282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                                                              0000000077bc2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                                      0000000077bc2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                                                      0000000077bc2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                            * 3
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                                                              0000000077bc3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                                                  0000000077bc323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                                                                  0000000077bc33c0 16 bytes {JMP 0x4e}
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                                                 0000000077bc3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                                                 0000000077bc3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                                     0000000077bc3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                                                     0000000077bc3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                                              0000000077bc4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                        0000000077c11380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                      0000000077c11500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                            0000000077c11530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                          0000000077c11650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                              0000000077c11700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                              0000000077c11d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                            0000000077c11f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                            0000000077c127e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                          00000000756a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                          00000000756a146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                       00000000756a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                                                         00000000756a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                    00000000756a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                                    00000000756a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                                                              00000000756a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                                                                00000000756a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                              00000000756a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\X-12\Desktop\Antivir\Gmer-19357.exe[2632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                                                   00000000756a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3468:3484]                                                                                                                                                         00000000761c7587
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3468:3488]                                                                                                                                                         0000000070e97712
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3468:3520]                                                                                                                                                         0000000077df2e65
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3468:8132]                                                                                                                                                         0000000077df3e85
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3468:5160]                                                                                                                                                         0000000077df3e85
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3468:6764]                                                                                                                                                         0000000077df3e85
Thread   C:\Windows\System32\svchost.exe [6272:3296]                                                                                                                                                                                    000007fef88c9688
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\EPSON\EPSON XP-600 Series\Language\0407.E_SJE0AB.DLL (*** suspicious ***) @ C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNJCE.EXE [5636] (EPSON Status Monitor 3/SEIKO EPSON CORPORATION)(2013-05-17 17:19:38)  00000000003c0000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk1\DR1                                                                                                                                                                                                          unknown MBR code

---- EOF - GMER 2.1 ----
         
__________________


Alt 13.02.2014, 15:38   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



Hi,

Code:
ATTFilter
 127.0.0.1 activate.adobe.com      
      127.0.0.1 practivate.adobe.com
      127.0.0.1 adobeereg.com
      127.0.0.1 www.adobeereg.com
      127.0.0.1 activate.adobe.com
      127.0.0.1 activate-sea.adobe.com
      127.0.0.1 activate-sjc0.adobe.com
      127.0.0.1 wwis-dubc1-vip60.adobe.com
      127.0.0.1 192.150.18.108
      127.0.0.1 activate.adobe.com:443
      127.0.0.1 3dns.adobe.com
      127.0.0.1 3dns-1.adobe.com
      127.0.0.1 3dns-2.adobe.com
      127.0.0.1 3dns-3.adobe.com
      127.0.0.1 3dns-4.adobe.com
      127.0.0.1 adobeereg.com
      127.0.0.1 www.adobeereg.com
      127.0.0.1 activate.adobe.com
      127.0.0.1 activate-sea.adobe.com
      127.0.0.1 activate-sjc0.adobe.com
      127.0.0.1 wwis-dubc1-vip60.adobe.com
      127.0.0.1 192.150.18.108
      127.0.0.1 adobe-dns.adobe.com
      127.0.0.1 adobe-dns-1.adobe.com
      127.0.0.1 adobe-dns-2.adobe.com
      127.0.0.1 adobe-dns-3.adobe.com
      127.0.0.1 adobe-dns-4.adobe.com
      127.0.0.1 adobe-dns-5.adobe.com
      127.0.0.1 ereg.wip3.adobe.com
      127.0.0.1 ereg.adobe.com
      127.0.0.1 practivate.adobe.com
      127.0.0.1 wip3.adobe.com
      127.0.0.1 wwis-dubc1-vip60.adobe.com
      127.0.0.1 ntrack.com
      127.0.0.1 hl2rcv.adobe.com
      127.0.0.1 activate.wip3.adobe.com
      127.0.0.1 activate.adobe.de
      127.0.0.1 practivate.adobe.de
      127.0.0.1 ereg.adobe.de
      127.0.0.1 activate.wip3.adobe.de
      127.0.0.1 wip3.adobe.de
      127.0.0.1 3dns-3.adobe.de
      127.0.0.1 3dns-2.adobe.de
      127.0.0.1 adobe-dns.adobe.de
      127.0.0.1 adobe-dns-2.adobe.de
      127.0.0.1 adobe-dns-3.adobe.de
      127.0.0.1 ereg.wip3.adobe.de
      127.0.0.1 activate-sea.adobe.de
      127.0.0.1 wwis-dubc1-vip60.adobe.de
      127.0.0.1 activate-sjc0.adobe.de
      127.0.0.1 hl2rcv.adobe.de
         


Diese Einträge in der Hosts dienen dazu, raubkopierte (gecrackte) Software lauffähig zu machen

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________
__________________

Alt 13.02.2014, 15:59   #4
Westwest75
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



Okay,sorry....das Adobe Programm ist jetzt runter.

Hier die aktualisierte FRST Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014 01
Ran by X-12 (administrator) on X-12-PC on 13-02-2014 16:54:17
Running from C:\Users\X-12\Desktop\Antivir
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\ooditray.exe
(Hercules®) C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\X-12\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\cpl2\HDJSeries2CPL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtWlan.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\X-12\Desktop\Antivir\Defogger.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNJCE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-03] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [OODITRAY.EXE] - C:\Program Files\OO Software\DiskImage\ooditray.exe [4986672 2013-09-09] (O&O Software GmbH)
HKLM\...\Run: [Hercules DJ Series TrayAgent] - C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe [3572048 2013-05-10] (Hercules®)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-12] (VIA)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-17] (Microsoft Corporation)
HKU\S-1-5-21-3062806104-2644068550-1530919491-1000\...\Run: [Spotify Web Helper] - C:\Users\X-12\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-10] (Spotify Ltd)
HKU\S-1-5-21-3062806104-2644068550-1530919491-1000\...\MountPoints2: {606ac54c-bedd-11e2-b707-902b34343b1c} - H:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9971BB55DB52CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST2000DM001-9YN164_S1E09Z48XXXXS1E09Z48&ts=1377346837
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST2000DM001-9YN164_S1E09Z48XXXXS1E09Z48&ts=1377346837
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IE.PerformancePack - {7adefb8e-b723-45e6-86e2-2b7841f5d6a5} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Profiles\bpuq7anx.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate
FF Extension: Total Browser Security - C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate [2013-05-17]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-04]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-12]
FF HKCU\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate
FF Extension: Total Browser Security - C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate [2013-05-17]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 Creative Dolby Digital Live Pack Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [79360 2013-05-17] (Creative Labs)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [47104 2013-05-21] (Hercules®)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [6258480 2013-09-09] (O&O Software GmbH)
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2155848 2011-11-15] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-06-19] ()
R2 RealtekSE; C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe [36864 2010-04-16] (Realtek)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [3315392 2013-08-21] ()
R1 archlp; C:\Windows\System32\drivers\archlp.sys [139840 2011-11-18] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-17] (DT Soft Ltd)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2007-02-16] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2007-02-16] (Elaborate Bytes AG)
S3 HDJusbaudio; C:\Windows\System32\DRIVERS\HDJusbaudio_x64.sys [425776 2013-05-21] ( Hercules)
S3 HDJusbaudioks; C:\Windows\System32\DRIVERS\HDJusbaudioks_x64.sys [110896 2013-05-21] ( Hercules)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-12] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620640 2014-02-12] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-12] (Kaspersky Lab ZAO)
S3 MCHPUSB; C:\Windows\System32\DRIVERS\mchpusb64.sys [64512 2011-11-16] (Microchip Technology, Inc.)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [116936 2013-09-09] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [41160 2013-09-09] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255688 2013-09-09] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44744 2013-09-09] (O&O Software GmbH)
R0 oodrvled; C:\Windows\System32\DRIVERS\oodrvled.sys [30800 2011-03-02] (O&O Software GmbH)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2013-11-26] (Audials AG)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
U3 kxldipob; \??\C:\Users\X-12\AppData\Local\Temp\kxldipob.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-13 15:59 - 2014-02-13 16:51 - 00000000 ____D () C:\Users\X-12\Desktop\Posten
2014-02-13 15:58 - 2014-02-13 16:54 - 00000000 ____D () C:\FRST
2014-02-13 15:57 - 2014-02-13 15:57 - 00000168 _____ () C:\Users\X-12\defogger_reenable
2014-02-13 15:00 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-13 15:00 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-13 15:00 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-13 15:00 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-13 15:00 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-13 15:00 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-13 15:00 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-13 15:00 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-13 15:00 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-13 15:00 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-13 15:00 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-13 15:00 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-13 15:00 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-13 15:00 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-13 15:00 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-13 15:00 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-13 15:00 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-13 15:00 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-13 14:56 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 14:56 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 14:56 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 14:56 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 14:56 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 14:56 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 14:56 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 14:56 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 14:56 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 14:56 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 14:56 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 14:56 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 14:56 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 14:56 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 14:56 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 14:56 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 14:56 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 14:56 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 14:56 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 14:56 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 14:56 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 14:56 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 14:56 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 14:56 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 14:56 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 14:56 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 14:56 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 14:56 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 14:56 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 14:56 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 14:56 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 14:56 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 14:56 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 14:56 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 14:56 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 14:56 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 14:56 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 14:56 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 14:56 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 14:56 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 14:56 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 14:35 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 14:35 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 14:35 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 14:35 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 14:34 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 14:34 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 14:34 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 14:34 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 14:34 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 14:34 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 14:34 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 14:34 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 14:34 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 14:34 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 14:34 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 14:34 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 14:34 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 14:34 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 14:34 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 14:34 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 14:34 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 14:34 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 14:27 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-13 14:27 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-13 14:26 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 14:26 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 14:26 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 14:26 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 14:25 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 14:25 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 12:58 - 2014-02-13 16:20 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-12 12:58 - 2014-02-12 13:28 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-02-12 12:58 - 2014-02-12 12:58 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-02-12 12:58 - 2014-02-12 12:58 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-02-12 12:58 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-02-12 12:58 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-02-12 12:04 - 2014-02-13 16:54 - 00000000 ____D () C:\Users\X-12\Desktop\Antivir
2014-02-12 12:01 - 2014-02-12 12:51 - 257813336 _____ () C:\Users\X-12\Downloads\kis14.0.0.4651de-de.exe
2014-02-08 16:39 - 2014-02-08 16:39 - 30246820 _____ () C:\Users\X-12\Desktop\Karneval2014 Intro.wav
2014-02-07 12:40 - 2014-02-12 16:06 - 00000948 _____ () C:\Windows\PFRO.log
2014-02-07 12:25 - 2014-02-07 12:25 - 00000000 ____D () C:\Users\X-12\Desktop\Anleitungen Sound
2014-02-07 12:04 - 2014-02-07 12:24 - 00000264 _____ () C:\Users\X-12\Desktop\Stromverbrauch Büdchen.txt
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files\iTunes
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files\iPod
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-07 11:47 - 2014-02-11 16:08 - 00000000 ____D () C:\Users\X-12\Desktop\Anleitungen Lichtgeräte
2014-02-04 23:04 - 2014-02-13 15:53 - 00001042 _____ () C:\Windows\setupact.log
2014-02-04 23:04 - 2014-02-04 23:04 - 00020036 _____ () C:\Windows\LDPINST.LOG
2014-02-04 23:04 - 2014-02-04 23:04 - 00000964 _____ () C:\Windows\LkmdfCoInst.log
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 ____D () C:\Users\X-12\AppData\Local\Logishrd
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 ____D () C:\Users\Public\Documents\LogiShrd
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-04 22:50 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-04 22:50 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-04 22:50 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-02-04 22:50 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-02-04 22:43 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-02-04 22:43 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-02-04 22:42 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-04 22:42 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-04 22:42 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-02-04 22:33 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-04 22:33 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-04 22:33 - 2013-08-21 14:44 - 03315392 _____ () C:\Windows\system32\Drivers\ArcCtrl.sys
2014-02-04 22:33 - 2012-06-11 18:42 - 00080488 _____ (ArcSoft Inc.) C:\Windows\system32\MMCEDT6.exe
2014-02-04 22:32 - 2014-02-04 22:32 - 00000000 ____D () C:\Users\X-12\AppData\Local\Downloaded Installations
2014-02-04 22:26 - 2014-02-02 11:52 - 00361179 _____ () C:\Users\X-12\Downloads\OOLiveUpdate64bit_5042.zip
2014-02-04 22:26 - 2014-01-30 22:17 - 104071200 _____ (ArcSoft ) C:\Users\X-12\Downloads\totalmediatheatre6_retail_tbyb_all.exe
2014-02-04 22:26 - 2014-01-30 15:33 - 18058432 _____ () C:\Users\X-12\Downloads\DMXControl_2.12.1_Setup.exe
2014-02-04 22:26 - 2013-12-22 11:53 - 01670892 _____ () C:\Users\X-12\Downloads\using-ipad-to-control-pangolin_i615.zip
2014-02-04 22:24 - 2014-02-12 16:58 - 00000000 ____D () C:\Users\X-12\Desktop\Anita
2014-02-04 22:24 - 2014-02-04 22:24 - 00000000 ___SH () C:\Windows\S607C9546.tmp
2014-02-04 22:24 - 2014-02-02 15:21 - 01090604 _____ () C:\Users\X-12\Desktop\Schlumpf.wav
2014-02-04 22:24 - 2014-02-02 15:14 - 03262508 _____ () C:\Users\X-12\Desktop\Keine Ahnung.wav
2014-02-04 22:24 - 2014-02-01 14:21 - 27631248 _____ () C:\Users\X-12\Desktop\Karneval2014.wav

==================== One Month Modified Files and Folders =======

2014-02-13 16:54 - 2014-02-13 15:58 - 00000000 ____D () C:\FRST
2014-02-13 16:54 - 2014-02-12 12:04 - 00000000 ____D () C:\Users\X-12\Desktop\Antivir
2014-02-13 16:51 - 2014-02-13 15:59 - 00000000 ____D () C:\Users\X-12\Desktop\Posten
2014-02-13 16:45 - 2013-07-27 08:44 - 00000000 ____D () C:\Users\X-12\Desktop\Games
2014-02-13 16:43 - 2013-06-27 16:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-13 16:20 - 2014-02-12 12:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-13 16:08 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-02-13 16:08 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-02-13 16:08 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 15:58 - 2009-07-14 05:45 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 15:58 - 2009-07-14 05:45 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 15:57 - 2014-02-13 15:57 - 00000168 _____ () C:\Users\X-12\defogger_reenable
2014-02-13 15:57 - 2013-05-17 09:34 - 00000000 ____D () C:\Users\X-12
2014-02-13 15:57 - 2013-05-17 09:33 - 01249380 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 15:53 - 2014-02-04 23:04 - 00001042 _____ () C:\Windows\setupact.log
2014-02-13 15:53 - 2013-05-17 12:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-13 15:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-13 15:01 - 2013-08-15 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 15:01 - 2013-05-17 16:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 15:00 - 2013-05-17 11:56 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 14:57 - 2013-06-10 19:39 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-13 14:56 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-13 14:42 - 2013-05-17 17:02 - 00000000 ____D () C:\Users\X-12\Documents\Outlook-Dateien
2014-02-13 14:41 - 2013-05-17 16:43 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\vlc
2014-02-13 14:38 - 2013-06-27 16:45 - 00000000 ____D () C:\Users\X-12\AppData\Local\Adobe
2014-02-12 16:58 - 2014-02-04 22:24 - 00000000 ____D () C:\Users\X-12\Desktop\Anita
2014-02-12 16:06 - 2014-02-07 12:40 - 00000948 _____ () C:\Windows\PFRO.log
2014-02-12 13:28 - 2014-02-12 12:58 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-02-12 13:28 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-02-12 13:28 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-02-12 12:58 - 2014-02-12 12:58 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-02-12 12:58 - 2014-02-12 12:58 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-02-12 12:51 - 2014-02-12 12:01 - 257813336 _____ () C:\Users\X-12\Downloads\kis14.0.0.4651de-de.exe
2014-02-11 16:08 - 2014-02-07 11:47 - 00000000 ____D () C:\Users\X-12\Desktop\Anleitungen Lichtgeräte
2014-02-08 16:39 - 2014-02-08 16:39 - 30246820 _____ () C:\Users\X-12\Desktop\Karneval2014 Intro.wav
2014-02-08 16:39 - 2013-05-17 17:50 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\Audacity
2014-02-08 16:30 - 2013-06-22 09:22 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\Spotify
2014-02-08 16:16 - 2013-06-22 09:27 - 00000000 ____D () C:\Users\X-12\AppData\Local\Spotify
2014-02-07 12:42 - 2013-05-18 08:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-07 12:25 - 2014-02-07 12:25 - 00000000 ____D () C:\Users\X-12\Desktop\Anleitungen Sound
2014-02-07 12:24 - 2014-02-07 12:04 - 00000264 _____ () C:\Users\X-12\Desktop\Stromverbrauch Büdchen.txt
2014-02-07 12:03 - 2013-05-17 18:08 - 00000000 ____D () C:\ProgramData\Origin
2014-02-07 12:02 - 2013-05-17 18:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files\iTunes
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files\iPod
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-07 11:54 - 2013-05-17 16:36 - 00000000 ____D () C:\ProgramData\Apple
2014-02-07 11:19 - 2013-05-29 10:19 - 00000000 ____D () C:\Program Files (x86)\PhotoSync
2014-02-07 11:05 - 2013-05-19 10:09 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-07 10:13 - 2013-05-17 09:34 - 00000000 ___RD () C:\Users\X-12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-06 13:16 - 2014-02-13 14:56 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 14:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 14:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 14:56 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 14:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 14:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 14:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 14:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 14:56 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 14:56 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 14:56 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 14:56 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 14:56 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 14:56 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 14:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 14:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 14:56 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 14:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 14:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 14:56 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 14:56 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 14:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 14:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 14:56 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 14:56 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 14:56 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 14:56 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 14:56 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 14:56 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 14:56 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 14:56 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 14:56 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 14:56 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 14:56 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 14:56 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 14:56 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 14:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 14:56 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 14:56 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 10:03 - 2013-05-17 11:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 10:03 - 2013-05-17 11:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 23:07 - 2013-05-17 09:42 - 00089904 _____ () C:\Users\X-12\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-04 23:07 - 2009-07-14 05:45 - 00350096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-04 23:04 - 2014-02-04 23:04 - 00020036 _____ () C:\Windows\LDPINST.LOG
2014-02-04 23:04 - 2014-02-04 23:04 - 00000964 _____ () C:\Windows\LkmdfCoInst.log
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 ____D () C:\Users\X-12\AppData\Local\Logishrd
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 ____D () C:\Users\Public\Documents\LogiShrd
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-04 23:04 - 2013-05-17 16:42 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-02-04 23:04 - 2013-05-17 12:26 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2014-02-04 23:03 - 2013-05-17 16:41 - 00000000 ____D () C:\ProgramData\Logitech
2014-02-04 23:03 - 2013-05-17 12:26 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-02-04 22:57 - 2013-06-27 17:35 - 00000000 ____D () C:\Users\X-12\AppData\Local\Microsoft Game Studios
2014-02-04 22:50 - 2013-05-17 09:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-04 22:44 - 2013-12-27 14:25 - 00000000 ____D () C:\Program Files (x86)\Steuer 2012
2014-02-04 22:43 - 2013-05-20 09:27 - 00000000 ____D () C:\Users\X-12\Documents\ArcSoft
2014-02-04 22:43 - 2013-05-17 17:48 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\ArcSoft
2014-02-04 22:37 - 2013-05-17 17:15 - 00000000 ____D () C:\ProgramData\firebird
2014-02-04 22:33 - 2013-05-17 17:49 - 00000000 ___HD () C:\ProgramData\ArcSoft
2014-02-04 22:33 - 2013-05-17 17:49 - 00000000 ____D () C:\Users\X-12\AppData\Local\ArcSoft
2014-02-04 22:33 - 2013-05-17 17:48 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-02-04 22:32 - 2014-02-04 22:32 - 00000000 ____D () C:\Users\X-12\AppData\Local\Downloaded Installations
2014-02-04 22:32 - 2013-10-22 18:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-04 22:32 - 2013-08-07 13:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-04 22:25 - 2013-09-12 14:53 - 00000000 ____D () C:\Users\X-12\Desktop\Homepage Friesenhof
2014-02-04 22:24 - 2014-02-04 22:24 - 00000000 ___SH () C:\Windows\S607C9546.tmp
2014-02-02 15:21 - 2014-02-04 22:24 - 01090604 _____ () C:\Users\X-12\Desktop\Schlumpf.wav
2014-02-02 15:14 - 2014-02-04 22:24 - 03262508 _____ () C:\Users\X-12\Desktop\Keine Ahnung.wav
2014-02-02 11:52 - 2014-02-04 22:26 - 00361179 _____ () C:\Users\X-12\Downloads\OOLiveUpdate64bit_5042.zip
2014-02-01 14:21 - 2014-02-04 22:24 - 27631248 _____ () C:\Users\X-12\Desktop\Karneval2014.wav
2014-01-30 22:17 - 2014-02-04 22:26 - 104071200 _____ (ArcSoft ) C:\Users\X-12\Downloads\totalmediatheatre6_retail_tbyb_all.exe
2014-01-30 15:33 - 2014-02-04 22:26 - 18058432 _____ () C:\Users\X-12\Downloads\DMXControl_2.12.1_Setup.exe
2014-01-16 09:59 - 2013-05-17 10:06 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\X-12\AppData\Local\Temp\A~NSISu_.exe
C:\Users\X-12\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\X-12\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\X-12\AppData\Local\Temp\djuced.exe
C:\Users\X-12\AppData\Local\Temp\ICReinstall_ImageEditorSetup.exe
C:\Users\X-12\AppData\Local\Temp\jinstaller142_19.exe
C:\Users\X-12\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\X-12\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\X-12\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\X-12\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\X-12\AppData\Local\Temp\Quarantine.exe
C:\Users\X-12\AppData\Local\Temp\setup.exe
C:\Users\X-12\AppData\Local\Temp\sonarinst.exe
C:\Users\X-12\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\X-12\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\X-12\AppData\Local\Temp\_is9667.exe
C:\Users\X-12\AppData\Local\Temp\_isAE8B.exe
C:\Users\X-12\AppData\Local\Temp\_isD849.exe
C:\Users\X-12\AppData\Local\Temp\_isE3CD.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-31 15:30

==================== End Of Log ============================
         
--- --- ---

Alt 13.02.2014, 17:41   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.02.2014, 20:16   #6
Westwest75
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



Bis jetzt ist die Umleitung auf marketpingloui noch vorhanden.

Log nach erstem Scan:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.13.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
X-12 :: X-12-PC [administrator]

13.02.2014 20:15:03
mbar-log-2014-02-13 (20-15-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 276859
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST2000DM001-9YN164_S1E09Z48XXXXS1E09Z48&ts=1377346837) Good: (hxxp://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST2000DM001-9YN164_S1E09Z48XXXXS1E09Z48&ts=1377346837) Good: (hxxp://www.google.com) -> Replace on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Log nach 2. Scan :

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.13.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
X-12 :: X-12-PC [administrator]

13.02.2014 20:31:19
mbar-log-2014-02-13 (20-31-19).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 276651
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 13.02.2014, 23:18   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.02.2014, 08:34   #8
Westwest75
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



Adwcleaner :

Code:
ATTFilter
# AdwCleaner v3.018 - Bericht erstellt am 14/02/2014 um 09:14:20
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : X-12 - X-12-PC
# Gestartet von : C:\Users\X-12\Desktop\Antivir\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\LyriXeeker

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Profiles\bpuq7anx.default\prefs.js ]


*************************

AdwCleaner[R2].txt - [1116 octets] - [14/02/2014 09:13:01]
AdwCleaner[S1].txt - [1036 octets] - [14/02/2014 09:14:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1096 octets] ##########
         
JRT :

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x64
Ran by X-12 on 14.02.2014 at  9:17:46,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.02.2014 at  9:22:08,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST :


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by X-12 (administrator) on X-12-PC on 14-02-2014 09:29:39
Running from C:\Users\X-12\Desktop\Antivir
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtWlan.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\ooditray.exe
(Hercules®) C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\X-12\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\cpl2\HDJSeries2CPL.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-03] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [OODITRAY.EXE] - C:\Program Files\OO Software\DiskImage\ooditray.exe [4986672 2013-09-09] (O&O Software GmbH)
HKLM\...\Run: [Hercules DJ Series TrayAgent] - C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe [3572048 2013-05-10] (Hercules®)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-12] (VIA)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-17] (Microsoft Corporation)
HKU\S-1-5-21-3062806104-2644068550-1530919491-1000\...\Run: [Spotify Web Helper] - C:\Users\X-12\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-10] (Spotify Ltd)
HKU\S-1-5-21-3062806104-2644068550-1530919491-1000\...\MountPoints2: {606ac54c-bedd-11e2-b707-902b34343b1c} - H:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9971BB55DB52CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IE.PerformancePack - {7adefb8e-b723-45e6-86e2-2b7841f5d6a5} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Profiles\bpuq7anx.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate
FF Extension: Total Browser Security - C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate [2013-05-17]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-04]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-12]
FF HKCU\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate
FF Extension: Total Browser Security - C:\Users\X-12\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate [2013-05-17]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 Creative Dolby Digital Live Pack Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [79360 2013-05-17] (Creative Labs)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [47104 2013-05-21] (Hercules®)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [6258480 2013-09-09] (O&O Software GmbH)
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2155848 2011-11-15] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-06-19] ()
R2 RealtekSE; C:\Program Files (x86)\Edimax\PCIe Wireless LAN\RtlService.exe [36864 2010-04-16] (Realtek)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [3315392 2013-08-21] ()
R1 archlp; C:\Windows\System32\drivers\archlp.sys [139840 2011-11-18] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-17] (DT Soft Ltd)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [14032 2007-02-16] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\SysWOW64\Drivers\ElbyDelay.sys [14032 2007-02-16] (Elaborate Bytes AG)
S3 HDJusbaudio; C:\Windows\System32\DRIVERS\HDJusbaudio_x64.sys [425776 2013-05-21] ( Hercules)
S3 HDJusbaudioks; C:\Windows\System32\DRIVERS\HDJusbaudioks_x64.sys [110896 2013-05-21] ( Hercules)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-12] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620640 2014-02-12] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-12] (Kaspersky Lab ZAO)
S3 MCHPUSB; C:\Windows\System32\DRIVERS\mchpusb64.sys [64512 2011-11-16] (Microchip Technology, Inc.)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [116936 2013-09-09] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [41160 2013-09-09] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255688 2013-09-09] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44744 2013-09-09] (O&O Software GmbH)
R0 oodrvled; C:\Windows\System32\DRIVERS\oodrvled.sys [30800 2011-03-02] (O&O Software GmbH)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2013-11-26] (Audials AG)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-14 09:22 - 2014-02-14 09:22 - 00000694 _____ () C:\Users\X-12\Desktop\JRT.txt
2014-02-14 09:17 - 2014-02-14 09:17 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 09:12 - 2014-02-14 09:14 - 00000000 ____D () C:\AdwCleaner
2014-02-13 20:15 - 2014-02-13 21:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-13 20:15 - 2014-02-13 20:31 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-13 20:15 - 2014-02-13 20:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-13 20:13 - 2014-02-13 20:31 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-13 16:54 - 2014-02-14 09:25 - 00053498 _____ () C:\Users\X-12\Desktop\FRST.txt
2014-02-13 15:59 - 2014-02-13 16:51 - 00000000 ____D () C:\Users\X-12\Desktop\Posten
2014-02-13 15:58 - 2014-02-14 09:29 - 00000000 ____D () C:\FRST
2014-02-13 15:57 - 2014-02-13 15:57 - 00000168 _____ () C:\Users\X-12\defogger_reenable
2014-02-13 15:00 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-13 15:00 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-13 15:00 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-13 15:00 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-13 15:00 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-13 15:00 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-13 15:00 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-13 15:00 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-13 15:00 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-13 15:00 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-13 15:00 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-13 15:00 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-13 15:00 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-13 15:00 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-13 15:00 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-13 15:00 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-13 15:00 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-13 15:00 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-13 14:56 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 14:56 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 14:56 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 14:56 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 14:56 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 14:56 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 14:56 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 14:56 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 14:56 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 14:56 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 14:56 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 14:56 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 14:56 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 14:56 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 14:56 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 14:56 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 14:56 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 14:56 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 14:56 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 14:56 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 14:56 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 14:56 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 14:56 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 14:56 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 14:56 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 14:56 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 14:56 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 14:56 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 14:56 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 14:56 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 14:56 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 14:56 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 14:56 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 14:56 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 14:56 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 14:56 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 14:56 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 14:56 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 14:56 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 14:56 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 14:56 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 14:35 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 14:35 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 14:35 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 14:35 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 14:34 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 14:34 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 14:34 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 14:34 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 14:34 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 14:34 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 14:34 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 14:34 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 14:34 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 14:34 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 14:34 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 14:34 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 14:34 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 14:34 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 14:34 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 14:34 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 14:34 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 14:34 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 14:27 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-13 14:27 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-13 14:26 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 14:26 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 14:26 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 14:26 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 14:25 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 14:25 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 12:58 - 2014-02-14 09:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-12 12:58 - 2014-02-12 13:28 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-02-12 12:58 - 2014-02-12 12:58 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-02-12 12:58 - 2014-02-12 12:58 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-02-12 12:58 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-02-12 12:58 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-02-12 12:04 - 2014-02-14 09:29 - 00000000 ____D () C:\Users\X-12\Desktop\Antivir
2014-02-12 12:01 - 2014-02-12 12:51 - 257813336 _____ () C:\Users\X-12\Downloads\kis14.0.0.4651de-de.exe
2014-02-08 16:39 - 2014-02-08 16:39 - 30246820 _____ () C:\Users\X-12\Desktop\Karneval2014 Intro.wav
2014-02-07 12:40 - 2014-02-13 20:07 - 00001322 _____ () C:\Windows\PFRO.log
2014-02-07 12:25 - 2014-02-07 12:25 - 00000000 ____D () C:\Users\X-12\Desktop\Anleitungen Sound
2014-02-07 12:04 - 2014-02-07 12:24 - 00000264 _____ () C:\Users\X-12\Desktop\Stromverbrauch Büdchen.txt
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files\iTunes
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files\iPod
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-07 11:47 - 2014-02-11 16:08 - 00000000 ____D () C:\Users\X-12\Desktop\Anleitungen Lichtgeräte
2014-02-04 23:04 - 2014-02-14 09:27 - 00001322 _____ () C:\Windows\setupact.log
2014-02-04 23:04 - 2014-02-04 23:04 - 00020036 _____ () C:\Windows\LDPINST.LOG
2014-02-04 23:04 - 2014-02-04 23:04 - 00000964 _____ () C:\Windows\LkmdfCoInst.log
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 ____D () C:\Users\X-12\AppData\Local\Logishrd
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 ____D () C:\Users\Public\Documents\LogiShrd
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-04 22:50 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-04 22:50 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-04 22:50 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-02-04 22:50 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-02-04 22:43 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-02-04 22:43 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-02-04 22:42 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-04 22:42 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-04 22:42 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-02-04 22:33 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-04 22:33 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-04 22:33 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-04 22:33 - 2013-08-21 14:44 - 03315392 _____ () C:\Windows\system32\Drivers\ArcCtrl.sys
2014-02-04 22:33 - 2012-06-11 18:42 - 00080488 _____ (ArcSoft Inc.) C:\Windows\system32\MMCEDT6.exe
2014-02-04 22:32 - 2014-02-04 22:32 - 00000000 ____D () C:\Users\X-12\AppData\Local\Downloaded Installations
2014-02-04 22:26 - 2014-02-02 11:52 - 00361179 _____ () C:\Users\X-12\Downloads\OOLiveUpdate64bit_5042.zip
2014-02-04 22:26 - 2014-01-30 22:17 - 104071200 _____ (ArcSoft ) C:\Users\X-12\Downloads\totalmediatheatre6_retail_tbyb_all.exe
2014-02-04 22:26 - 2014-01-30 15:33 - 18058432 _____ () C:\Users\X-12\Downloads\DMXControl_2.12.1_Setup.exe
2014-02-04 22:26 - 2013-12-22 11:53 - 01670892 _____ () C:\Users\X-12\Downloads\using-ipad-to-control-pangolin_i615.zip
2014-02-04 22:24 - 2014-02-12 16:58 - 00000000 ____D () C:\Users\X-12\Desktop\Anita
2014-02-04 22:24 - 2014-02-04 22:24 - 00000000 ___SH () C:\Windows\S607C9546.tmp
2014-02-04 22:24 - 2014-02-02 15:21 - 01090604 _____ () C:\Users\X-12\Desktop\Schlumpf.wav
2014-02-04 22:24 - 2014-02-02 15:14 - 03262508 _____ () C:\Users\X-12\Desktop\Keine Ahnung.wav
2014-02-04 22:24 - 2014-02-01 14:21 - 27631248 _____ () C:\Users\X-12\Desktop\Karneval2014.wav

==================== One Month Modified Files and Folders =======

2014-02-14 09:29 - 2014-02-13 15:58 - 00000000 ____D () C:\FRST
2014-02-14 09:29 - 2014-02-12 12:04 - 00000000 ____D () C:\Users\X-12\Desktop\Antivir
2014-02-14 09:27 - 2014-02-12 12:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-14 09:27 - 2014-02-04 23:04 - 00001322 _____ () C:\Windows\setupact.log
2014-02-14 09:27 - 2013-05-17 12:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-14 09:27 - 2013-05-17 09:33 - 01268625 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 09:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 09:25 - 2014-02-13 16:54 - 00053498 _____ () C:\Users\X-12\Desktop\FRST.txt
2014-02-14 09:22 - 2014-02-14 09:22 - 00000694 _____ () C:\Users\X-12\Desktop\JRT.txt
2014-02-14 09:22 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-02-14 09:22 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-02-14 09:22 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-14 09:22 - 2009-07-14 05:45 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-14 09:22 - 2009-07-14 05:45 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 09:17 - 2014-02-14 09:17 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 09:14 - 2014-02-14 09:12 - 00000000 ____D () C:\AdwCleaner
2014-02-14 09:12 - 2013-06-27 16:45 - 00000000 ____D () C:\Users\X-12\AppData\Local\Adobe
2014-02-13 21:14 - 2014-02-13 20:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-13 20:31 - 2014-02-13 20:15 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-13 20:31 - 2014-02-13 20:13 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-13 20:15 - 2014-02-13 20:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-13 20:07 - 2014-02-07 12:40 - 00001322 _____ () C:\Windows\PFRO.log
2014-02-13 20:07 - 2009-07-14 05:45 - 00349376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-13 17:08 - 2013-05-17 17:02 - 00000000 ____D () C:\Users\X-12\Documents\Outlook-Dateien
2014-02-13 17:08 - 2013-05-17 09:42 - 00089136 _____ () C:\Users\X-12\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-13 17:00 - 2013-07-27 08:44 - 00000000 ____D () C:\Users\X-12\Desktop\Games
2014-02-13 16:51 - 2014-02-13 15:59 - 00000000 ____D () C:\Users\X-12\Desktop\Posten
2014-02-13 16:43 - 2013-06-27 16:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-13 15:57 - 2014-02-13 15:57 - 00000168 _____ () C:\Users\X-12\defogger_reenable
2014-02-13 15:57 - 2013-05-17 09:34 - 00000000 ____D () C:\Users\X-12
2014-02-13 15:01 - 2013-08-15 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 15:01 - 2013-05-17 16:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 15:00 - 2013-05-17 11:56 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 14:57 - 2013-06-10 19:39 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-13 14:56 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-13 14:41 - 2013-05-17 16:43 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\vlc
2014-02-12 16:58 - 2014-02-04 22:24 - 00000000 ____D () C:\Users\X-12\Desktop\Anita
2014-02-12 13:28 - 2014-02-12 12:58 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-02-12 13:28 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-02-12 13:28 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-02-12 12:58 - 2014-02-12 12:58 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-02-12 12:58 - 2014-02-12 12:58 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-02-12 12:51 - 2014-02-12 12:01 - 257813336 _____ () C:\Users\X-12\Downloads\kis14.0.0.4651de-de.exe
2014-02-11 16:08 - 2014-02-07 11:47 - 00000000 ____D () C:\Users\X-12\Desktop\Anleitungen Lichtgeräte
2014-02-08 16:39 - 2014-02-08 16:39 - 30246820 _____ () C:\Users\X-12\Desktop\Karneval2014 Intro.wav
2014-02-08 16:39 - 2013-05-17 17:50 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\Audacity
2014-02-08 16:30 - 2013-06-22 09:22 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\Spotify
2014-02-08 16:16 - 2013-06-22 09:27 - 00000000 ____D () C:\Users\X-12\AppData\Local\Spotify
2014-02-07 12:42 - 2013-05-18 08:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-07 12:25 - 2014-02-07 12:25 - 00000000 ____D () C:\Users\X-12\Desktop\Anleitungen Sound
2014-02-07 12:24 - 2014-02-07 12:04 - 00000264 _____ () C:\Users\X-12\Desktop\Stromverbrauch Büdchen.txt
2014-02-07 12:03 - 2013-05-17 18:08 - 00000000 ____D () C:\ProgramData\Origin
2014-02-07 12:02 - 2013-05-17 18:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files\iTunes
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files\iPod
2014-02-07 11:55 - 2014-02-07 11:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-07 11:54 - 2013-05-17 16:36 - 00000000 ____D () C:\ProgramData\Apple
2014-02-07 11:19 - 2013-05-29 10:19 - 00000000 ____D () C:\Program Files (x86)\PhotoSync
2014-02-07 11:05 - 2013-05-19 10:09 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-07 10:13 - 2013-05-17 09:34 - 00000000 ___RD () C:\Users\X-12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-06 13:16 - 2014-02-13 14:56 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 14:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 14:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 14:56 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 14:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 14:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 14:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 14:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 14:56 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 14:56 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 14:56 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 14:56 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 14:56 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 14:56 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 14:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 14:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 14:56 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 14:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 14:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 14:56 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 14:56 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 14:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 14:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 14:56 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 14:56 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 14:56 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 14:56 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 14:56 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 14:56 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 14:56 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 14:56 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 14:56 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 14:56 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 14:56 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 14:56 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 14:56 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 14:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 14:56 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 14:56 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 10:03 - 2013-05-17 11:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 10:03 - 2013-05-17 11:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 23:04 - 2014-02-04 23:04 - 00020036 _____ () C:\Windows\LDPINST.LOG
2014-02-04 23:04 - 2014-02-04 23:04 - 00000964 _____ () C:\Windows\LkmdfCoInst.log
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 ____D () C:\Users\X-12\AppData\Local\Logishrd
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 ____D () C:\Users\Public\Documents\LogiShrd
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-04 23:04 - 2013-05-17 16:42 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-02-04 23:04 - 2013-05-17 12:26 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2014-02-04 23:03 - 2013-05-17 16:41 - 00000000 ____D () C:\ProgramData\Logitech
2014-02-04 23:03 - 2013-05-17 12:26 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-02-04 22:57 - 2013-06-27 17:35 - 00000000 ____D () C:\Users\X-12\AppData\Local\Microsoft Game Studios
2014-02-04 22:50 - 2013-05-17 09:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-04 22:44 - 2013-12-27 14:25 - 00000000 ____D () C:\Program Files (x86)\Steuer 2012
2014-02-04 22:43 - 2013-05-20 09:27 - 00000000 ____D () C:\Users\X-12\Documents\ArcSoft
2014-02-04 22:43 - 2013-05-17 17:48 - 00000000 ____D () C:\Users\X-12\AppData\Roaming\ArcSoft
2014-02-04 22:37 - 2013-05-17 17:15 - 00000000 ____D () C:\ProgramData\firebird
2014-02-04 22:33 - 2013-05-17 17:49 - 00000000 ___HD () C:\ProgramData\ArcSoft
2014-02-04 22:33 - 2013-05-17 17:49 - 00000000 ____D () C:\Users\X-12\AppData\Local\ArcSoft
2014-02-04 22:33 - 2013-05-17 17:48 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-02-04 22:32 - 2014-02-04 22:32 - 00000000 ____D () C:\Users\X-12\AppData\Local\Downloaded Installations
2014-02-04 22:32 - 2013-10-22 18:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-04 22:32 - 2013-08-07 13:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-04 22:25 - 2013-09-12 14:53 - 00000000 ____D () C:\Users\X-12\Desktop\Homepage Friesenhof
2014-02-04 22:24 - 2014-02-04 22:24 - 00000000 ___SH () C:\Windows\S607C9546.tmp
2014-02-02 15:21 - 2014-02-04 22:24 - 01090604 _____ () C:\Users\X-12\Desktop\Schlumpf.wav
2014-02-02 15:14 - 2014-02-04 22:24 - 03262508 _____ () C:\Users\X-12\Desktop\Keine Ahnung.wav
2014-02-02 11:52 - 2014-02-04 22:26 - 00361179 _____ () C:\Users\X-12\Downloads\OOLiveUpdate64bit_5042.zip
2014-02-01 14:21 - 2014-02-04 22:24 - 27631248 _____ () C:\Users\X-12\Desktop\Karneval2014.wav
2014-01-30 22:17 - 2014-02-04 22:26 - 104071200 _____ (ArcSoft ) C:\Users\X-12\Downloads\totalmediatheatre6_retail_tbyb_all.exe
2014-01-30 15:33 - 2014-02-04 22:26 - 18058432 _____ () C:\Users\X-12\Downloads\DMXControl_2.12.1_Setup.exe
2014-01-16 09:59 - 2013-05-17 10:06 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\X-12\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\X-12\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\X-12\AppData\Local\Temp\djuced.exe
C:\Users\X-12\AppData\Local\Temp\ICReinstall_ImageEditorSetup.exe
C:\Users\X-12\AppData\Local\Temp\jinstaller142_19.exe
C:\Users\X-12\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\X-12\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\X-12\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\X-12\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\X-12\AppData\Local\Temp\Quarantine.exe
C:\Users\X-12\AppData\Local\Temp\setup.exe
C:\Users\X-12\AppData\Local\Temp\sonarinst.exe
C:\Users\X-12\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\X-12\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\X-12\AppData\Local\Temp\_is9667.exe
C:\Users\X-12\AppData\Local\Temp\_isAE8B.exe
C:\Users\X-12\AppData\Local\Temp\_isD849.exe
C:\Users\X-12\AppData\Local\Temp\_isE3CD.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-31 15:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by X-12 at 2014-02-14 09:29:59
Running from C:\Users\X-12\Desktop\Antivir
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
A Vampyre Story (x32 Version:  - )
Acronis*Disk*Director*11*Home (x32 Version: 11.0.2343 - Acronis)
Adobe Creative Cloud (x32 Version: 2.1.1.220 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Advanced Fix 2013 version 2.0.1.108 (x32 Version: 2.0.1.108 - Advanced Fix, Inc.)
Advanced Renamer (x32 Version: 3.59 - Hulubulu Software)
Age of Empires II: HD Edition (x32 Version:  - Hidden Path Entertainment, Ensemble Studios)
Alan Wake (x32 Version:  - Remedy Entertainment)
Alan Wake's American Nightmare (x32 Version:  - Remedy Entertainment)
Anleitung für Epson Connect (x32 Version:  - )
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaConverter 7 (x32 Version: 7.1.0.98 - ArcSoft)
ArcSoft TotalMedia Theatre 3 (x32 Version: 3.0.1.120 - ArcSoft) Hidden
ArcSoft TotalMedia Theatre 3 (x32 Version: 3.0.1.195 - ArcSoft)
ArcSoft TotalMedia Theatre 6 (x32 Version: 6.5.1.150 - ArcSoft)
ArcSoft TotalMedia Theatre 6 (x32 Version: 6.5.1.150 - ArcSoft) Hidden
Ashampoo Burning Studio 2013 v.11.0.6 (x32 Version: 11.0.6 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.4.4 - Atheros Communications Inc.)
Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team)
Audials (x32 Version: 11.0.48200.0 - Audials AG)
Battlefield 3™ (x32 Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.0 - EA Digital Illusions CE AB)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
BioShock 2 (x32 Version: 1.00.0000 - 2K Games)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
CloneDVD2 (x32 Version:  - Elaborate Bytes)
Company of Heroes 2 (x32 Version:  - Relic Entertainment)
Creative Audio-Systemsteuerung (x32 Version: 2.00 - Creative Technology Limited)
Creative Konsole Starter (x32 Version:  - )
Creative Software AutoUpdate (x32 Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (x32 Version:  - )
DAEMON Tools Lite (x32 Version: 4.47.1.0333 - Disc Soft Ltd)
DDL und DTS Connect-Lizenzaktivierung (x32 Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (Version:  - Microsoft)
Deus Ex: Human Revolution (x32 Version:  - Eidos Montreal)
Dolby Digital Live Pack (x32 Version:  - )
Download Navigator (x32 Version: 3.4.2 - SEIKO EPSON CORPORATION)
Druckerdeinstallation für EPSON XP-600 Series (Version:  - SEIKO EPSON Corporation)
DTS Connect Pack (x32 Version:  - )
DVDFab 9.0.1.6 (14/12/2012) Qt (x32 Version:  - Fengtao Software Inc.)
Edimax Wireless LAN Driver and Utility (x32 Version: 1.00.0184 - Edimax Technology Co.)
Epson Benutzerhandbuch XP-600 Series (x32 Version:  - )
Epson Event Manager (x32 Version: 3.01.0005 - Seiko Epson Corporation)
Epson Netzwerkhandbuch XP-600 Series (x32 Version:  - )
EPSON Printer Finder (x32 Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (x32 Version:  - Seiko Epson Corporation)
EpsonNet Print (x32 Version: 2.6.0 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
GIMP 2.8.6 (Version: 2.8.6 - The GIMP Team)
HandBrake 0.9.9 (x32 Version: 0.9.9 - )
Hercules DJ Products Series drivers (x32 Version: 2.HDJS.2013 - Hercules)
ID3-TagIT 3 (x32 Version: 3 - Michael Pluemper)
Image Data Converter (x32 Version: 4.2.02.10112 - Sony Corporation)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)
Logitech Solar App 1.10 (Version: 1.10.3 - Logitech)
marvell 91xx driver (x32 Version: 1.2.0.1010 - Marvell)
Metro Last Light Update 3 Plus limited First Edition DLCs 1.00 (x32 Version: 1.00 - .x.X.RIDDICK.X.x.)
Metro: Last Light (c) Deep Silver version 1 (x32 Version: 1 - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 23.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5.1 (Version: 1.5.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 6.4.23 (Version: 6.4.23 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 6.4.23 - NVIDIA Corporation) Hidden
O&O DiskImage Professional (Version: 7.81.6 - O&O Software GmbH)
O&O DiskRecovery (Version: 8.0.335 - O&O Software GmbH)
O&O DriveLED Professional (Version: 4.2.157 - O&O Software GmbH)
ON_OFF Charge B11.1102.1 (x32 Version: 1.00.0001 - GIGABYTE)
OpenAL (x32 Version:  - )
OpenTTD 1.3.2 (x32 Version: 1.3.2 - OpenTTD)
Origin (x32 Version: 9.1.15.109 - Electronic Arts, Inc.)
PhoneBrowse 2.0.3 (x32 Version: 2.0.3 - iMobie Inc.)
PhotoSync (Version: 2.1.2 - touchbyte GmbH)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Simple Shutdown Timer (x32 Version: 1.1.2 - PcWinTech.com)
Sony PC Companion 2.10.165 (x32 Version: 2.10.165 - Sony)
Sony RAW Driver (x32 Version: 2.0.00.08130 - Sony Corporation)
SoundFont-Bank-Manager (x32 Version:  - )
Splinter Cell Pandora Tomorrow (x32 Version: 1.00.000 - )
Spotify (HKCU Version: 0.9.6.81.gd359a796 - Spotify AB)
StarCraft II (x32 Version:  - Blizzard Entertainment)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Steuer 2012 (x32 Version: 20.00.8137 - Buhl Data Service GmbH)
SumatraPDF (x32 Version: 2.4 - Krzysztof Kowalczyk)
THX-Einrichtungskonsole (x32 Version:  - )
UnLock Root 3.1.3 (x32 Version: 3.1.3 - Unlcokroot)
UnLock Root Pro 3.41 (x32 Version: 3.41 - Unlcokroot)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (Version:  - Microsoft)
VIA Plattform-Geräte-Manager (x32 Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.1.1 (x32 Version: 2.1.1 - VideoLAN)
Winamp (x32 Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-02-13 16:49 - 00000834 ____A C:\Windows\system32\Drivers\etc\hosts
  
    

==================== Scheduled Tasks (whitelisted) =============

Task: {095AA1BD-66BC-4E56-AEA5-95FB39F11898} - System32\Tasks\{49F7F33A-3453-41AE-9D6D-5218B2054F09} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {172280B1-900C-4710-AD46-6FC4740D5960} - System32\Tasks\{F151AB69-7C49-4DDA-ACBA-EC9674525E36} => C:\Program Files (x86)\Ubisoft\Splinter Cell Pandora Tomorrow\logo_ubi.exe [2004-02-24] ()
Task: {174584AC-7BA2-40AA-B96F-5E1B1ECDB8DC} - System32\Tasks\{A3299292-A33E-41CA-A5C5-D087FD6CE5F9} => C:\Program Files (x86)\Ubisoft\Splinter Cell Pandora Tomorrow\logo_ubi.exe [2004-02-24] ()
Task: {1F2F3351-0E18-452D-8905-132765E3C1CA} - System32\Tasks\{D8FCFFC0-2CCA-4A89-A4DE-899311F4FF09} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {25EB042B-3A77-4057-B32D-8082DC3362B4} - System32\Tasks\{28A60DDB-95F1-4684-AFDB-2E3FCF5645DC} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {2E00A0C4-97C0-466E-ACB4-D935FA48A38E} - System32\Tasks\{832B11BC-E0AC-4D3A-9A3D-F4DCCC2E7D1F} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {3764DC09-1C69-4812-A716-F1FBB33FA730} - System32\Tasks\{A8C447FA-016F-4F3C-BE25-379CCDADEC29} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {3EF294AF-96D9-4436-87DF-61546D02FB53} - System32\Tasks\{3C52D359-4107-45D4-9314-C0B7E4DB1D5C} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {501F3619-5F1F-42FF-A793-2A99E410A5C7} - System32\Tasks\{C83304AD-9627-4225-A287-7EE65BAE9CA6} => C:\Program Files (x86)\Ubisoft\Splinter Cell Pandora Tomorrow\logo_ubi.exe [2004-02-24] ()
Task: {58843666-8584-411F-ADE7-14B9E18FF2EA} - System32\Tasks\{D7464779-F5B8-4D63-B260-741498016A87} => C:\Program Files (x86)\Syncios\Syncios.exe
Task: {5B6A0D35-6552-4405-9DC6-AA78E656F2F5} - System32\Tasks\{4D5CD932-6887-4CA1-A362-3B49AF5488FC} => C:\Program Files (x86)\Ubisoft\Splinter Cell Pandora Tomorrow\logo_ubi.exe [2004-02-24] ()
Task: {770CA5B8-9260-4681-8C43-03B611943DB0} - System32\Tasks\{ED793F9F-89AD-483A-96A4-FE4FCCA0D777} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {919B1150-9DA4-496A-B7B4-16FAE1C802DA} - System32\Tasks\{C650B9EE-5930-43A2-96CA-9CFFCA0B1F32} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {A4BF9911-61C6-44FA-BDB0-5617EB284345} - System32\Tasks\{F4392386-C87D-4EFB-93E6-3DB93E157B28} => C:\Program Files (x86)\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe
Task: {B60681D7-E131-45D9-B54D-DFF814A496A7} - System32\Tasks\AdobeAAMUpdater-1.0-X-12-PC-X-12 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {E96AAC9F-95A4-4C48-BFA7-641860693DF6} - System32\Tasks\{B28C42DD-BBAF-4A39-AE96-80C391293FF6} => C:\Program Files (x86)\Syncios\Syncios.exe

==================== Loaded Modules (whitelisted) =============

2013-08-16 23:32 - 2013-08-16 23:32 - 03357040 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-09 16:35 - 2013-09-09 16:35 - 00344880 _____ () C:\Program Files\OO Software\DiskImage\oodishrs.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-09-09 16:35 - 2013-09-09 16:35 - 00537904 _____ () C:\Program Files\OO Software\DiskImage\ooditrrs.dll
2013-09-09 16:36 - 2013-09-09 16:36 - 00069936 _____ () C:\Program Files\OO Software\DiskImage\oodiagpsx64.dll
2013-05-17 09:39 - 2012-01-12 14:21 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-05-17 09:39 - 2012-01-12 14:21 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-08-16 23:32 - 2013-08-16 23:32 - 04578672 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-06-18 18:03 - 2013-06-19 09:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-05-17 09:44 - 2009-12-09 20:20 - 00126976 _____ () C:\Program Files (x86)\Edimax\PCIe Wireless LAN\EnumDevLib.dll
2011-11-15 17:44 - 2011-11-15 17:44 - 02155848 _____ () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
2013-08-19 21:12 - 2013-08-19 21:12 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-08-16 23:32 - 2013-08-16 23:32 - 00381808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
2014-02-13 20:24 - 2014-02-13 20:24 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2013-05-17 09:39 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-05-17 09:38 - 2011-12-16 09:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-24 00:30:53.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 00:30:53.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 00:30:53.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 00:30:53.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 00:30:53.027
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-24 00:30:53.011
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-22 12:12:38.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-22 12:12:38.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-22 12:12:38.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-22 12:12:38.973
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 16345.82 MB
Available physical RAM: 14108.13 MB
Total Pagefile: 32689.82 MB
Available Pagefile: 30016.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.35 GB) (Free:14.24 GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:237.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B7C01430)
Partition 2: (Active) - (Size=-198635159552) - (Type=05)

========================================================
Disk: 1 (Size: 224 GB) (Disk ID: DA8015DC)

Partition: GPT Partition Type
========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
==================== End Of Log ============================
         

Alt 14.02.2014, 09:23   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.02.2014, 19:24   #10
Westwest75
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



AnitMalware log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
X-12 :: X-12-PC [Administrator]

14.02.2014 17:35:36
MBAM-log-2014-02-14 (17-38-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 248812
Laufzeit: 2 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\X-12\AppData\Local\Temp\ICReinstall_ImageEditorSetup.exe (PUP.Optional.InstallCore) -> Keine Aktion durchgeführt.
C:\Users\X-12\AppData\Local\Temp\is1177715538\172867_Setup.EXE (PUP.Optional.LyricXeeker.A) -> Keine Aktion durchgeführt.
C:\User Data\Default\Extensions\newtab.crx (PUP.Optional.Elex.A) -> Keine Aktion durchgeführt.

(Ende)
         
Eset:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2b4a84b89182f54c9e2af9f053056c2f
# engine=17078
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-14 07:03:22
# local_time=2014-02-14 08:03:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 41320 144034452 0 0
# scanned=336769
# found=17
# cleaned=0
# scan_time=7685
sh=8ED83B4379C74ACA317D171ACAAFFC5D35C3DD71 ft=1 fh=504587a7fa6a6961 vn="a variant of Win32/RegistryNuke application" ac=I fn="C:\Program Files (x86)\Advanced Fix 2013\AdvancedFix.exe"
sh=00CB3402BBA3EE61B53F3A2EAA81B021BAE00B4D ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\03ZBS1MQ\firstload_com[1].htm"
sh=5026ACE7FEEEA8B63669367DB6F8C6B522467EBC ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\03ZBS1MQ\firstload_com[2].htm"
sh=185F5B550D83FD0D4302024BB4EDD75CB51E04E6 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0EV67XKE\firstload_com[1].htm"
sh=C10FBD2266B3F43E88E1D8E440E6C13CD3A98075 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0EV67XKE\firstload_com[2].htm"
sh=ABC65F6EFD637498097D8D33F2004A881C35FA9B ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2UT3ARWR\firstload_com[1].htm"
sh=214BF5F9457C418851CDF33193B1DB57BED349D1 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6M2ZY3YU\firstload_com[1].htm"
sh=A7499A85BE2A44F28A11C84B5EA2639E45B6E9AE ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9XI350B3\firstload_com[1].htm"
sh=75DD4AC752B0EA257452D53FDEFBD853CACAB8C0 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KUCFN9FX\firstload_com[1].htm"
sh=1932D14F12AF08E879205FF246F7D6200D6D813B ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OUIWOZ8C\firstload_com[1].htm"
sh=AD25F42DEC122E6BE9ED5B6E6A34F26C1B13891C ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OUIWOZ8C\firstload_com[2].htm"
sh=E8AFFDAF48C02AF647CABE11649DC1C97563B0B3 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XBBN8M2O\firstload_com[1].htm"
sh=5825C0969DAD555680B1FFB07040CDA764808545 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z6YF5K1N\firstload_com[1].htm"
sh=5571FB4E01942C5F8D7A30544597845CE7CE6A68 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z6YF5K1N\firstload_com[2].htm"
sh=4605A81B35A0DB24108DB898E6C62E3CD7EEC843 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQWBFNIW\firstload_com[1].htm"
sh=1932D14F12AF08E879205FF246F7D6200D6D813B ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\X-12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQWBFNIW\firstload_com[3].htm"
sh=09C59868AAFA15C0AF2F9A138437088BFC04388F ft=1 fh=e0c447245419e0f7 vn="a variant of Win32/RegistryNuke application" ac=I fn="C:\Users\X-12\Downloads\Windows7 64 Programme\AdvancedFix_Setup.exe"
         

Geändert von Westwest75 (14.02.2014 um 19:34 Uhr)

Alt 15.02.2014, 14:04   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\Advanced Fix 2013
C:\Users\X-12\Downloads\Windows7 64 Programme\AdvancedFix_Setup.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.02.2014, 19:53   #12
Westwest75
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by X-12 at 2014-02-15 20:51:54 Run:1
Running from C:\Users\X-12\Desktop\Antivir
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Advanced Fix 2013
C:\Users\X-12\Downloads\Windows7 64 Programme\AdvancedFix_Setup.exe
*****************

C:\Program Files (x86)\Advanced Fix 2013 => Moved successfully.
C:\Users\X-12\Downloads\Windows7 64 Programme\AdvancedFix_Setup.exe => Moved successfully.

==== End of Fixlog ====
         

Alt 16.02.2014, 20:50   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.




Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.02.2014, 17:47   #14
Westwest75
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



Hallo Cosinus, ertsmal vielen Dank für die Hilfe bisher!

Ich habe den TFC laufen lassen. Danach n Neustart.

Sobald ich auf Amazon.de gehe kommt nach ca. 3-4 Sekunden die Weiterleitung auf marketpingloui.com.

Das passiert jetzt nur noch ausschliesslich auf der Amazon.de Website.

Das Kaspersky meldet bei anderen Websites, die ich aufrufe folgende Meldung :

Code:
ATTFilter
Aufgabe wurde gestartet	Web-Anti-Virus	Heute, 18:31
Gefährliche URL-Adresse wurde gesperrt	hxxp://marketpingloui.com/MUpdate/VersionRequest.ashx?codename=s10&version=5&uid=395e6c12-6aad-4ba1-801e-28a720ccafb2&country=Germany&browser=IE	Schädlicher Link	Der Link wurde in der Datenbank für schädliche Adressen gefunden	Heute, 18:34
         
und schafft es, die Weiterleitung auf marketpingloui.com zu unterbinden, jedoch nicht bei Amazon.de.

Ich würde gerne diese Pest komplett ausmerzen , sodass das Kaspersky erst gar nicht mehr
darauf zu reagieren braucht.

Alt 17.02.2014, 20:36   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Standard

Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um



Erstell dir mal ein neues Profil und teste => Firefox-Profile erstellen und löschen | Hilfe zu Firefox
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um
adobe, blockiert, bonjour, browser security, desktop, ebanking, explorer, hijack.startpage, homepage, html/scrinject.b.gen, icreinstall, internet, internet explorer, kis, launch, mozilla, msiinstaller, pup.optional.elex.a, pup.optional.installcore, pup.optional.lyricxeeker.a, registry, scan, services.exe, software, spotify web helper, system, temp, windows, winlogon.exe



Ähnliche Themen: Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um


  1. Windows 7 - Internet leitet zu Viren-Page um
    Log-Analyse und Auswertung - 09.09.2014 (9)
  2. Windows 8: Internet leitet auf andere Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 03.08.2014 (1)
  3. Windows 7 Internet Explorer langsam Internet Explorer reagiert lahm oder gar nicht
    Log-Analyse und Auswertung - 28.05.2014 (15)
  4. Windows 7, Browser leitet immer wieder auf falsche Java Seite um
    Log-Analyse und Auswertung - 27.05.2014 (9)
  5. Windows 7: Firefox leitet immer auf vermeintliche Updateseite um
    Plagegeister aller Art und deren Bekämpfung - 22.12.2013 (21)
  6. Windows XP: Internet Explorer öffnet sich immer wieder selbstständig
    Log-Analyse und Auswertung - 29.08.2013 (7)
  7. Internet Explorer leitet falsch weiter -> seit Delta Search
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (9)
  8. Internet Explorer leitet mich immer auf andere Seiten um, Trojaner gefunden
    Log-Analyse und Auswertung - 06.12.2011 (10)
  9. C:\Program Files\Internet Explorer\1906\8AE.exe und bds/gbot.gatk Browser leitet auf andere Seiten
    Log-Analyse und Auswertung - 10.11.2011 (37)
  10. Internet Explorer leitet auf mir unbekannte Seiten um
    Log-Analyse und Auswertung - 13.05.2011 (30)
  11. Internet Explorer: Google leitet auf falsche Seiten um - Nach Malwarebytes Scan neues Problem
    Plagegeister aller Art und deren Bekämpfung - 08.04.2011 (11)
  12. svchost.exe / Internet Explorer/Google leitet um
    Log-Analyse und Auswertung - 25.02.2011 (7)
  13. Internet Explorer öffnet russische Seiten und Windows dienste werden immer beendet
    Log-Analyse und Auswertung - 08.01.2011 (37)
  14. Windows neuinstalliert, internet explorer öffnet sich immer noch selbsständig
    Plagegeister aller Art und deren Bekämpfung - 20.07.2010 (0)
  15. Internet Explorer leitet auf every-game.de etc. um und ist langsam
    Plagegeister aller Art und deren Bekämpfung - 05.08.2007 (6)
  16. Internet Explorer: Google leitet auf falsche Seiten um.
    Log-Analyse und Auswertung - 12.06.2007 (3)
  17. Internet Explorer stürzt immer ab
    Log-Analyse und Auswertung - 05.10.2004 (1)

Zum Thema Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um - Hallo, seit 3 Tagen ca. leitet mein Internetexplorer andauernd auf die Seite "marketpingloui.com" um. Im Detail : hxxp://marketpingloui.com/MRoute/amazon als Beispiel, wenn man sich vorher auf Amazon befand. Kaspersky Antivirus meldet - Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um...
Archiv
Du betrachtest: Windows 7 64 Prof : Internet Explorer leitet immer auf marketpingloui.com um auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.