Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.03.2014, 17:27   #1
Vessel
 
loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt - Standard

loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt



Seit einem Usenet.nl download gestern abend taucht immer wieder ein Fenster auf, das besagt, dass diese Version der Datei nicht mit der ausgeführten Windowsversion kompatibel ist.
Das Programm kann wohl nicht starten und damit auch keinen Schaden anrichten.


Es liegt unter c:\users.....\appdata\roaming

Allerdings erscheint es nach jedem Löschen wieder neu und erzählzt die gleiche Geschichte wie oben beschrieben.



Gesichert ist mein System mit Trend Micro Titanium Maximun Security (kein Fund angezeigt)
Habe bereits MalwareBytes über die Platte laufen lassen, keine Threads...

Meine Frage ist jetzt, wo sich die Quelldatei versteckt, die die loadit.exe immer wieder re-animiert.
Hier die notwendigen Logs:
FRST.LOG
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014
Ran by Marten (ATTENTION: The logged in user is not administrator) on DRACONIS7 on 04-03-2014 18:06:32
Running from C:\Users\Marten\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Spotify Ltd) C:\Users\Marten\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dell) C:\Users\Marten\AppData\Local\Apps\2.0\NK0CTZP8.AGW\6OK15EXD.KCA\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Marten\AppData\Local\Temp\Rar$EXa0.565\    Extreme Torture  Tits Needles Torture 3.exe
(Dropbox, Inc.) C:\Users\Marten\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Facebook) C:\Users\Marten\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 6\PdfPro6Hook.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [326760 2011-05-21] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1692264 2011-05-05] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Professional 6\pdfpro6hook.exe [2080768 2009-08-23] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF6 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Professional 6\RegistryController.exe [110880 2009-07-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance PDF Professional 6-reminder] - C:\Program Files (x86)\Nuance\PDF Professional 6\Ereg\Ereg.exe [54560 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [AllShareAgent] - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [451072 2013-12-05] (IVT Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM\...\RunOnce: [DCERegBootClean64] - C:\Windows\RegBootClean64.exe [238128 2014-03-03] ()
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [Spotify Web Helper] - C:\Users\Marten\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-11] (Spotify Ltd)
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [DellSystemDetect] - C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [Facebook Update] - C:\Users\Marten\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-27] (Facebook Inc.)
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {4ccf2fc1-eba2-11e2-816a-001c2301c021} - F:\AutoRun.exe
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {4ccf3001-eba2-11e2-816a-001c2301c021} - F:\AutoRun.exe
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {780920ab-3310-11e3-b9e8-001c23543895} - H:\AutoRun.exe
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {8d9320ec-e995-11e2-a37c-001c2301c021} - G:\setup.exe
Lsa: [Notification Packages] scecli IVTCredentialProvider
Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk -> C:\Users\Marten\AppData\Local\Temp\Rar$EXa0.565\    Extreme Torture  Tits Needles Torture 3.exe ()
Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MG4200 series Printer.lnk
ShortcutTarget: Canon IJ Status Monitor Canon MG4200 series Printer.lnk -> C:\Users\Marten\CNMSSC~1.DLL,SMStarterEntryPoint CNBJNP_180CACF31932;Canon MG4200 series Printer;cnmss Canon MG4200 series Printer (Local).dll;Canon IJ Status Monitor Canon MG4200 series Printer.lnk (No File)
Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marten\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Marten\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x67E81BD1A27DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{43984D79-143C-4611-A099-09FB894FA2AE}: [NameServer]85.214.20.141,213.73.91.35

FireFox:
========
FF ProfilePath: C:\Users\Marten\AppData\Roaming\Mozilla\Firefox\Profiles\1kn422b3.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Marten\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Marten\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Extension: Garmin Communicator - C:\Users\Marten\AppData\Roaming\Mozilla\Firefox\Profiles\1kn422b3.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-26]
FF Extension: EPUBReader - C:\Users\Marten\AppData\Roaming\Mozilla\Firefox\Profiles\1kn422b3.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-03-01]
FF Extension: DownloadHelper - C:\Users\Marten\AppData\Roaming\Mozilla\Firefox\Profiles\1kn422b3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-02-27]
FF Extension: Ghostery - C:\Users\Marten\AppData\Roaming\Mozilla\Firefox\Profiles\1kn422b3.default\Extensions\firefox@ghostery.com.xpi [2014-02-27]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Marten\AppData\Roaming\Mozilla\Firefox\Profiles\1kn422b3.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-02-27]
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-03-04]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-03-04]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-07-10]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []
FF HKLM-x32\...\Firefox\Extensions: [isend@www.bluesoleil.com] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\isend@www.bluesoleil.com
FF Extension: BlueSoleil Extension - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\isend@www.bluesoleil.com [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - D:\Program Files\WaterProof\PHPEdit\5.0.0\Tools\FirefoxExtension\unpacked
FF Extension: PHPEdit Xdebug Extension - D:\Program Files\WaterProof\PHPEdit\5.0.0\Tools\FirefoxExtension\unpacked [2014-02-21]

Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\Marten\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-20]
CHR Extension: (TrendMicro BEP Extension) - C:\Users\Marten\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2013-09-19]
CHR Extension: (TrendMicro Toolbar) - C:\Users\Marten\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj [2013-09-19]
CHR Extension: (Ghostery) - C:\Users\Marten\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-02-27]
CHR Extension: (Google Wallet) - C:\Users\Marten\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08]
CHR HKLM\...\Chrome\Extension: [cocpghbdppojfnfpjhmlcfkljjjfpika] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\Chrome\TS_Chrome.crx [2013-12-04]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Marten\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-20]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\chromeextension.crx [2013-07-10]

==================== Services (Whitelisted) =================

R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [3214216 2013-12-06] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [158456 2013-12-05] (IVT Corporation)
R2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [266752 2013-12-04] (IVT Corporation)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-07-27] (Nuance Communications, Inc.)
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
R2 TorchCrashHandler; C:\Users\Admin\AppData\Local\Torch\Update\TorchCrashHandler.exe [1205760 2013-12-21] (TorchMedia Inc.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]

==================== Drivers (Whitelisted) ====================

S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)
S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)
S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.)
S3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43104 2013-10-10] (IVT Corporation.)
R3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24032 2013-10-08] (IVT Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-10] (DT Soft Ltd)
R3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
R3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25568 2013-04-26] (IVT Corporation.)
R3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R1 NvtSp50; C:\Windows\System32\DRIVERS\NvtSp50.sys [27648 2008-06-10] (Printing Novatel Wireless Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-06] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-04 18:06 - 2014-03-04 18:07 - 00024538 _____ () C:\Users\Marten\Downloads\FRST.txt
2014-03-04 18:06 - 2014-03-04 18:06 - 00000000 ____D () C:\FRST
2014-03-04 18:05 - 2014-03-04 18:05 - 02156544 _____ (Farbar) C:\Users\Marten\Downloads\FRST64.exe
2014-03-03 22:39 - 2014-03-03 23:10 - 00024088 _____ () C:\Users\Marten\AppData\Roaming\loadit.exe
2014-03-03 22:30 - 2014-03-03 22:30 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-03 22:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 22:28 - 2014-03-03 22:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marten\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-03 22:21 - 2014-03-03 22:21 - 00035939 _____ () C:\Users\Marten\Downloads\torture (1).nzb
2014-03-03 22:15 - 2014-03-03 22:15 - 00023905 _____ () C:\Users\Marten\Downloads\torture.nzb
2014-03-03 22:10 - 2014-03-03 22:39 - 00004056 _____ () C:\Windows\RegBootClean64.CFG
2014-03-03 21:58 - 2014-03-03 21:58 - 00017484 _____ () C:\Users\Marten\Downloads\Rape-and-Abuse-Movies-grope449.avi-104087kbytes.nzb
2014-03-03 21:57 - 2014-03-03 21:57 - 00024587 _____ () C:\Users\Marten\Downloads\Spontaneously raped his sister in the bathroom.rar.nzb
2014-03-03 21:50 - 2014-03-03 21:50 - 00023941 _____ () C:\Users\Marten\Downloads\Extreme Torture Tits Needles Torture 3.rar.nzb
2014-03-03 21:47 - 2014-03-03 21:47 - 00017335 _____ () C:\Users\Marten\Downloads\slave-c-Huge-needles-in-tits-then-hung-by-rope-of-them.rar.nzb
2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin.epub
2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin (1).epub
2014-02-28 15:12 - 2014-02-28 15:12 - 00009326 _____ () C:\Users\Marten\Documents\Marten_KPdatabase.kdbx
2014-02-27 22:32 - 2014-02-27 22:32 - 02079423 _____ () C:\Users\Marten\Downloads\mplayerc_20100214.zip
2014-02-27 19:48 - 2014-02-27 19:48 - 03782822 _____ (DownloadHelper ) C:\Users\Marten\Downloads\ConvertHelperSetup.exe
2014-02-26 21:24 - 2012-03-26 05:00 - 00105472 _____ (CANON INC.) C:\Users\Marten\cnmss Canon MG4200 series Printer (Local).dll
2014-02-25 23:17 - 2014-02-25 23:17 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-02-23 18:52 - 2014-02-23 18:53 - 11360969 _____ () C:\Users\Marten\Downloads\neXt Launcher 3D v3.06 Patched.apk
2014-02-23 15:24 - 2014-02-23 15:24 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann (1).epub
2014-02-23 15:21 - 2014-02-23 15:22 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann.epub
2014-02-22 01:50 - 2014-02-22 01:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-21 23:41 - 2014-02-21 23:41 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\WaterProof
2014-02-21 23:37 - 2014-02-21 23:37 - 00000955 _____ () C:\Users\Admin\Desktop\PHPEdit 5.0.0.lnk
2014-02-21 14:15 - 2014-02-21 14:15 - 00006104 _____ () C:\Users\Marten\Downloads\Der_Turm_HD-b5fqopmrbl3sf.dlc
2014-02-17 20:47 - 2014-03-04 17:07 - 00002121 _____ () C:\Windows\setupact.log
2014-02-17 20:47 - 2014-02-17 20:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-17 20:46 - 2014-03-04 17:07 - 00002558 _____ () C:\Windows\PFRO.log
2014-02-15 21:30 - 2014-02-15 21:31 - 00001127 _____ () C:\Users\Marten\Desktop\KPdatabase.lnk
2014-02-15 21:26 - 2014-02-15 21:27 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-02-15 21:09 - 2014-02-15 21:26 - 00001105 _____ () C:\Users\Admin\Desktop\KeePass 2.lnk
2014-02-15 21:08 - 2014-02-15 21:08 - 02537151 _____ (Dominik Reichl ) C:\Users\Marten\Downloads\KeePass-2.25-Setup.exe
2014-02-15 11:44 - 2014-02-15 11:44 - 04458384 _____ () C:\Users\Marten\Downloads\xirrus-wi-fi-monitor-win7gadgets-com.zip
2014-02-13 03:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:03 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:03 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:03 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:03 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:03 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:03 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:03 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:03 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:03 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:03 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:03 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:03 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:03 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:03 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:03 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:03 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:03 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:03 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:03 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:03 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:03 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:03 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:03 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:03 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:03 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:03 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:03 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:03 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:03 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:03 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:03 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:03 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:03 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:03 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:03 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:03 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:03 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:03 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:03 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 22:59 - 2014-02-18 23:27 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-02-12 15:57 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 15:57 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 15:21 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 15:21 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 15:21 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 15:21 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 14:50 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 14:50 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 14:50 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 14:50 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 14:50 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 14:50 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 14:50 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 14:50 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 14:50 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 14:50 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 14:50 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 14:50 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 14:50 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 14:50 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 14:50 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 14:50 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 14:50 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 14:50 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 12:57 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 12:57 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 12:57 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 12:57 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Mauton
2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Erxim
2014-02-11 23:13 - 2014-02-11 23:38 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Yfwaix
2014-02-11 23:13 - 2014-02-11 23:16 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Afadd
2014-02-11 22:22 - 2014-02-11 22:22 - 00000872 _____ () C:\Users\Marten\Desktop\Load.lnk
2014-02-11 18:06 - 2014-02-11 18:06 - 00127080 _____ (Spotify Ltd) C:\Users\Marten\Downloads\SpotifySetup.exe
2014-02-11 17:20 - 2014-02-11 17:22 - 13166565 _____ () C:\Users\Marten\Downloads\CandiSoft_Load!_0.7.4.rar
2014-02-08 21:44 - 2014-02-08 21:44 - 00001176 _____ () C:\7259909nbg3334n.dlc
2014-02-08 20:51 - 2014-02-08 20:51 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-02-05 16:21 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-05 16:21 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-05 16:21 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-05 16:21 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-05 16:20 - 2014-02-05 16:21 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-04 22:23 - 2014-02-04 22:23 - 00000000 ____D () C:\Users\Marten\AppData\Local\BlueSoleil BLE
2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\RapidSolution
2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\CrashRpt
2014-02-04 21:34 - 2014-02-04 21:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashRpt
2014-02-04 21:31 - 2014-02-04 21:31 - 00000000 ____D () C:\ProgramData\RapidSolution
2014-02-04 21:29 - 2014-02-04 21:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\RapidSolution
2014-02-04 18:32 - 2014-02-27 22:27 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Skype
2014-02-04 18:32 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Marten\AppData\Local\Skype
2014-02-04 18:31 - 2014-02-11 18:42 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-04 18:31 - 2014-02-11 18:42 - 00000000 ____D () C:\ProgramData\Skype
2014-02-04 18:31 - 2014-02-04 18:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-02 15:45 - 2014-02-02 15:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-02 15:45 - 2014-02-02 15:45 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-02 15:43 - 2014-02-16 22:30 - 00110176 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-02 13:23 - 2014-02-02 13:26 - 00000000 ____D () C:\Users\Admin\.JBinUp

==================== One Month Modified Files and Folders =======

2014-03-04 18:07 - 2014-03-04 18:06 - 00024538 _____ () C:\Users\Marten\Downloads\FRST.txt
2014-03-04 18:06 - 2014-03-04 18:06 - 00000000 ____D () C:\FRST
2014-03-04 18:05 - 2014-03-04 18:05 - 02156544 _____ (Farbar) C:\Users\Marten\Downloads\FRST64.exe
2014-03-04 18:01 - 2013-12-27 23:03 - 00000000 ___RD () C:\Users\Marten\Dropbox
2014-03-04 18:01 - 2013-12-27 22:59 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Dropbox
2014-03-04 17:48 - 2013-08-12 20:55 - 00000000 ___RD () C:\Users\Marten\Google Drive
2014-03-04 17:47 - 2013-07-10 20:01 - 01100540 _____ () C:\Windows\WindowsUpdate.log
2014-03-04 17:43 - 2013-07-17 07:20 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\vlc
2014-03-04 17:30 - 2013-07-30 17:24 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Media Player Classic
2014-03-04 17:27 - 2013-07-25 16:14 - 00000000 ____D () C:\Users\Marten\AppData\Local\Deployment
2014-03-04 17:25 - 2013-08-12 20:52 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-04 17:24 - 2013-08-12 20:52 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-04 17:13 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 17:13 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 17:11 - 2013-09-24 22:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-04 17:08 - 2013-12-09 10:22 - 00001197 _____ () C:\Windows\SysWOW64\bscs.ini
2014-03-04 17:08 - 2013-10-02 17:29 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2014-03-04 17:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-04 17:07 - 2014-02-17 20:47 - 00002121 _____ () C:\Windows\setupact.log
2014-03-04 17:07 - 2014-02-17 20:46 - 00002558 _____ () C:\Windows\PFRO.log
2014-03-04 17:07 - 2013-09-16 16:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-04 16:49 - 2013-08-27 21:43 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3920700807-174084792-717808922-1000UA.job
2014-03-04 02:00 - 2013-09-19 18:42 - 00000000 ____D () C:\Users\Marten\AppData\Local\Adobe
2014-03-03 23:10 - 2014-03-03 22:39 - 00024088 _____ () C:\Users\Marten\AppData\Roaming\loadit.exe
2014-03-03 22:48 - 2013-08-27 21:43 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3920700807-174084792-717808922-1000Core.job
2014-03-03 22:39 - 2014-03-03 22:10 - 00004056 _____ () C:\Windows\RegBootClean64.CFG
2014-03-03 22:39 - 2013-07-10 20:53 - 00238128 _____ () C:\Windows\RegBootClean64.exe
2014-03-03 22:30 - 2014-03-03 22:30 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-03 22:29 - 2013-07-10 20:20 - 00000000 ____D () C:\Users\Admin
2014-03-03 22:28 - 2014-03-03 22:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marten\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-03 22:28 - 2014-01-12 11:52 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Usenet.nl
2014-03-03 22:21 - 2014-03-03 22:21 - 00035939 _____ () C:\Users\Marten\Downloads\torture (1).nzb
2014-03-03 22:15 - 2014-03-03 22:15 - 00023905 _____ () C:\Users\Marten\Downloads\torture.nzb
2014-03-03 22:10 - 2013-07-10 20:05 - 00000000 ___RD () C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-03 22:03 - 2013-03-12 20:24 - 00000000 ____D () C:\Windows\Panther
2014-03-03 21:58 - 2014-03-03 21:58 - 00017484 _____ () C:\Users\Marten\Downloads\Rape-and-Abuse-Movies-grope449.avi-104087kbytes.nzb
2014-03-03 21:57 - 2014-03-03 21:57 - 00024587 _____ () C:\Users\Marten\Downloads\Spontaneously raped his sister in the bathroom.rar.nzb
2014-03-03 21:50 - 2014-03-03 21:50 - 00023941 _____ () C:\Users\Marten\Downloads\Extreme Torture Tits Needles Torture 3.rar.nzb
2014-03-03 21:47 - 2014-03-03 21:47 - 00017335 _____ () C:\Users\Marten\Downloads\slave-c-Huge-needles-in-tits-then-hung-by-rope-of-them.rar.nzb
2014-03-03 21:16 - 2013-07-10 22:56 - 00000000 ____D () C:\Users\Marten\Documents\Outlook-Dateien
2014-03-02 21:54 - 2014-01-14 19:09 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-02 21:54 - 2013-07-10 22:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\JDownloader v2.0
2014-03-02 19:58 - 2011-04-12 08:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-03-02 19:58 - 2011-04-12 08:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-03-02 19:58 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-02 19:54 - 2013-09-07 11:53 - 00000600 _____ () C:\Users\Marten\AppData\Roaming\winscp.rnd
2014-03-02 16:58 - 2013-08-12 18:56 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\MyPhoneExplorer
2014-03-02 14:44 - 2013-07-25 15:50 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\KeePass
2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin.epub
2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin (1).epub
2014-02-28 15:12 - 2014-02-28 15:12 - 00009326 _____ () C:\Users\Marten\Documents\Marten_KPdatabase.kdbx
2014-02-27 22:32 - 2014-02-27 22:32 - 02079423 _____ () C:\Users\Marten\Downloads\mplayerc_20100214.zip
2014-02-27 22:27 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Skype
2014-02-27 19:48 - 2014-02-27 19:48 - 03782822 _____ (DownloadHelper ) C:\Users\Marten\Downloads\ConvertHelperSetup.exe
2014-02-27 17:45 - 2013-09-13 11:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
2014-02-27 03:22 - 2013-07-10 20:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-27 03:03 - 2013-03-12 20:39 - 01593564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 21:26 - 2014-01-21 21:22 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Canon
2014-02-26 21:24 - 2013-07-10 20:05 - 00000000 ____D () C:\Users\Marten
2014-02-25 23:17 - 2014-02-25 23:17 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-02-24 23:33 - 2013-12-25 23:45 - 00000000 ____D () C:\Users\Marten\AppData\Local\bluesoleil
2014-02-24 23:14 - 2013-12-25 23:45 - 00006176 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-02-24 23:14 - 2013-12-25 23:45 - 00000101 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-02-23 18:53 - 2014-02-23 18:52 - 11360969 _____ () C:\Users\Marten\Downloads\neXt Launcher 3D v3.06 Patched.apk
2014-02-23 15:24 - 2014-02-23 15:24 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann (1).epub
2014-02-23 15:22 - 2014-02-23 15:21 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann.epub
2014-02-22 01:50 - 2014-02-22 01:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-21 23:41 - 2014-02-21 23:41 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\WaterProof
2014-02-21 23:37 - 2014-02-21 23:37 - 00000955 _____ () C:\Users\Admin\Desktop\PHPEdit 5.0.0.lnk
2014-02-21 20:12 - 2013-07-11 17:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 20:12 - 2013-07-11 17:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 17:45 - 2013-07-10 22:39 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\DAEMON Tools Lite
2014-02-21 14:15 - 2014-02-21 14:15 - 00006104 _____ () C:\Users\Marten\Downloads\Der_Turm_HD-b5fqopmrbl3sf.dlc
2014-02-18 23:27 - 2014-02-12 22:59 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-02-17 20:47 - 2014-02-17 20:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-16 22:36 - 2013-07-13 11:05 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner
2014-02-16 22:30 - 2014-02-02 15:43 - 00110176 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-16 22:28 - 2013-12-16 20:25 - 00000000 ____D () C:\Program Files (x86)\HD Tune Pro
2014-02-15 23:04 - 2013-07-15 18:39 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Spotify
2014-02-15 22:17 - 2013-07-15 18:40 - 00000000 ____D () C:\Users\Marten\AppData\Local\Spotify
2014-02-15 21:31 - 2014-02-15 21:30 - 00001127 _____ () C:\Users\Marten\Desktop\KPdatabase.lnk
2014-02-15 21:27 - 2014-02-15 21:26 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-02-15 21:26 - 2014-02-15 21:09 - 00001105 _____ () C:\Users\Admin\Desktop\KeePass 2.lnk
2014-02-15 21:08 - 2014-02-15 21:08 - 02537151 _____ (Dominik Reichl ) C:\Users\Marten\Downloads\KeePass-2.25-Setup.exe
2014-02-15 17:50 - 2013-11-10 15:14 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-02-15 17:50 - 2013-11-10 15:14 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-15 11:44 - 2014-02-15 11:44 - 04458384 _____ () C:\Users\Marten\Downloads\xirrus-wi-fi-monitor-win7gadgets-com.zip
2014-02-14 16:53 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-13 19:01 - 2013-07-11 17:56 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-13 18:21 - 2013-07-23 17:20 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\XnView
2014-02-13 04:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 03:28 - 2014-01-31 20:19 - 05036800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-13 03:10 - 2013-07-10 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 03:05 - 2009-07-14 03:34 - 00000551 _____ () C:\Windows\win.ini
2014-02-12 23:00 - 2013-07-13 12:29 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\TeamViewer
2014-02-12 22:59 - 2013-07-13 11:13 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-02-12 15:40 - 2014-01-17 23:12 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\tor
2014-02-11 23:38 - 2014-02-11 23:13 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Yfwaix
2014-02-11 23:16 - 2014-02-11 23:13 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Afadd
2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Mauton
2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Erxim
2014-02-11 22:22 - 2014-02-11 22:22 - 00000872 _____ () C:\Users\Marten\Desktop\Load.lnk
2014-02-11 18:42 - 2014-02-04 18:31 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-11 18:42 - 2014-02-04 18:31 - 00000000 ____D () C:\ProgramData\Skype
2014-02-11 18:06 - 2014-02-11 18:06 - 00127080 _____ (Spotify Ltd) C:\Users\Marten\Downloads\SpotifySetup.exe
2014-02-11 17:22 - 2014-02-11 17:20 - 13166565 _____ () C:\Users\Marten\Downloads\CandiSoft_Load!_0.7.4.rar
2014-02-08 21:44 - 2014-02-08 21:44 - 00001176 _____ () C:\7259909nbg3334n.dlc
2014-02-08 20:52 - 2013-09-07 15:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-08 20:51 - 2014-02-08 20:51 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-02-08 20:51 - 2013-09-07 15:28 - 00000000 ____D () C:\ProgramData\Garmin
2014-02-08 20:51 - 2013-09-07 15:28 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-02-06 13:16 - 2014-02-13 03:03 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 13:11 - 2013-07-25 16:18 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-06 13:11 - 2013-07-25 16:17 - 00000000 ____D () C:\Program Files\My Dell
2014-02-06 12:30 - 2014-02-13 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 03:03 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 03:03 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 03:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 03:03 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 03:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 03:03 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 03:03 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 03:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 03:03 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 03:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 03:03 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 03:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 03:03 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 03:03 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 03:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 03:03 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 03:03 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 03:03 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 03:03 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 16:21 - 2014-02-05 16:20 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-05 16:21 - 2013-07-10 22:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-04 22:42 - 2013-07-11 17:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-02-04 22:26 - 2013-12-31 16:39 - 00001734 _____ () C:\Windows\SysWOW64\SHORTCUT.INI
2014-02-04 22:23 - 2014-02-04 22:23 - 00000000 ____D () C:\Users\Marten\AppData\Local\BlueSoleil BLE
2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\RapidSolution
2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\CrashRpt
2014-02-04 21:34 - 2014-02-04 21:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashRpt
2014-02-04 21:31 - 2014-02-04 21:31 - 00000000 ____D () C:\ProgramData\RapidSolution
2014-02-04 21:29 - 2014-02-04 21:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\RapidSolution
2014-02-04 19:09 - 2013-03-12 21:48 - 88567024 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-04 18:32 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Marten\AppData\Local\Skype
2014-02-04 18:31 - 2014-02-04 18:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-03 17:23 - 2013-07-10 20:05 - 00000000 ___RD () C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-03 16:50 - 2013-12-31 16:39 - 00000289 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI
2014-02-02 15:47 - 2014-02-02 15:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-02 15:45 - 2014-02-02 15:45 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-02 15:42 - 2013-07-11 19:38 - 00000000 ____D () C:\Users\Downloader
2014-02-02 13:26 - 2014-02-02 13:23 - 00000000 ____D () C:\Users\Admin\.JBinUp

Files to move or delete:
====================
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Marten\cnmss Canon MG4200 series Printer (Local).dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
Addition.log
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2014
Ran by Marten at 2014-03-04 18:08:08
Running from C:\Users\Marten\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Altap Salamander 2.52 (HKLM-x32\...\Altap Salamander 2.52) (Version: 2.52 - ALTAP)
BlueSoleil 10.0.470.0 (HKLM\...\{A2564C04-D65E-47FA-B611-128627C060C2}) (Version: 10.0.470.0 - IVT Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG4200 series Benutzerregistrierung (HKLM-x32\...\Canon MG4200 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.1.6.2 - Dell)
Dell Mobile Broadband Utility (HKLM-x32\...\Dell Mobile Broadband Utility) (Version: 3.00.25.003 - Novatel Wireless)
Dell Mobile Broadband Utility (x32 Version: 3.00.25.003 - Novatel Wireless Inc.) Hidden
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell System Detect Bootstrapper (HKCU\...\8e3135b376bd523e) (Version: 1.1.0.15 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.115.102 - ALPS ELECTRIC CO., LTD.)
DivxToDVD 0.5.2b (HKLM-x32\...\VSO DivxToDVD_is1) (Version: 0.5.2b - VSO-Software SARL)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EasyGPS 4.93.0.0 (HKLM-x32\...\EasyGPS_is1) (Version: 4.93.0.0 - TopoGrafix)
Elevated Installer (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
FlashFXP (HKLM-x32\...\FlashFXP) (Version: 4.3.1.1960 - OpenSight Software LLC)
Garmin Express (HKLM-x32\...\{0904cc72-1b29-426a-b0f0-228d2744a4f6}) (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Earth (HKLM-x32\...\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}) (Version: 7.0.2.8415 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{D4C4A751-F7F3-4DCA-B825-9AC391BFFC3F}) (Version: 1.0.19.76 - Google)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)
LeechFTP  (HKLM-x32\...\LeechFTP) (Version:  - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830 (HKLM-x32\...\{9dba0447-b749-41ea-90bc-2aa19a9eb580}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830 (x32 Version: 11.0.60830 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830 (x32 Version: 11.0.60830 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MOBackup - Datensicherung für Outlook (Vollversion) (HKLM-x32\...\MOBackup-DatensicherungfürOutlook) (Version: 7.0 - Heiko Schröder)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NfoDiz 6.0 Setup (HKLM-x32\...\NfoDiz 6.0 Setup) (Version: 6.0 - Cristian Zaharia)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.0 - Nikon)
Nokia Connectivity Cable Driver (HKLM-x32\...\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}) (Version: 7.0.2.0 - Nokia)
Nuance PDF Professional 6 (HKLM\...\{A39BDD06-3F65-43B7-8C85-28FDC6F0982C}) (Version: 6.00.6401 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 275.33 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 275.33 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9716 - NVIDIA Corporation)
NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.275.80.0 - NVIDIA Corporation) Hidden
NVIDIA nView 135.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.85 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.7533 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 275.33 (Version: 275.33 - NVIDIA Corporation) Hidden
One-click FLAC to MP3 Converter (x64 add-on) (HKLM\...\{64DFC00F-2502-41AE-8E92-B6E7F10F9A62}) (Version: 4.3.0 - Streamware Development)
Opera Stable 19.0.1326.63 (HKCU\...\Opera 19.0.1326.63) (Version: 19.0.1326.63 - Opera Software ASA)
Opera Stable 19.0.1326.63 (HKLM-x32\...\Opera 19.0.1326.63) (Version: 19.0.1326.63 - Opera Software ASA)
Passware Kit Professional 12.3 (HKLM-x32\...\{FFFF4FFA-3CC9-4EC1-845A-8B24027820E3}) (Version: 12.3.6332 - Passware)
PC Connectivity Solution (HKLM-x32\...\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}) (Version: 8.22.7.0 - Nokia)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Photo to Cartoon (HKLM-x32\...\{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}) (Version: 1.0.0 - Caricature Software)
PHPEdit 5.0.0 (HKLM-x32\...\PHPEdit) (Version: 5.0.0 - WaterProof SARL)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.14 - Nikon)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.37 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SigmaTel Audio (HKLM-x32\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Trend Micro Titanium (Version: 6.00 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 6.0 - Trend Micro Inc.)
UnLock Root Pro 4.12 (HKLM-x32\...\UnLock Root Pro) (Version: 4.12 - Unlcokroot)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version:  - )
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.8.1 - Nikon)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinX Free WMV to AVI Converter 2.0.5 (HKLM-x32\...\WinX Free WMV to AVI Converter_is1) (Version:  - Digiarty Software,Inc.)
Wireshark 1.10.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.3 - The Wireshark developer community, hxxp://www.wireshark.org)
XMedia Recode Version 3.1.6.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.6.9 - XMedia Recode)
XnView 2.04 (HKLM-x32\...\XnView_is1) (Version: 2.04 - Gougelet Pierre-e)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-02-08 12:09 - 00001414 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.retdube.net
127.0.0.1 www.retdube.com
127.0.0.1 retdube.net
127.0.0.1 retdube.com
127.0.0.1 movfile.net
127.0.0.1 trafficholder.com
127.0.0.1 www.trafficholder.com
127.0.0.1 www.pornup.me
127.0.0.1 optimizely.com
127.0.0.1 yieldlab.net
127.0.0.1 doubleclick.net
127.0.0.1 wunderloop.net
127.0.0.1 plista.com
127.0.0.1 chartbeat.com
127.0.0.1 ligatus.com
127.0.0.1 xing-share.com
127.0.0.1 agitos.de
127.0.0.1 cloudfront.net
127.0.0.1 nuggad.com
127.0.0.1 intellitxt.com
127.0.0.1 webtrekk.net
127.0.0.1 krxd.net
127.0.0.1 llnwd.net
127.0.0.1 adition.com


==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3920700807-174084792-717808922-1000Core.job => C:\Users\Marten\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3920700807-174084792-717808922-1000UA.job => C:\Users\Marten\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2013-07-10 20:43 - 2012-05-02 20:27 - 00049664 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll
2013-07-10 20:43 - 2012-05-02 20:24 - 00064512 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll
2014-03-03 21:55 - 2014-03-02 23:56 - 81646269 _____ () C:\Users\Marten\AppData\Local\Temp\Rar$EXa0.565\    Extreme Torture  Tits Needles Torture 3.exe
2013-12-04 18:19 - 2013-12-04 18:19 - 00022016 _____ () C:\Windows\system32\BsTrace.dll
2013-07-26 07:58 - 2011-10-26 16:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2009-09-15 02:56 - 2009-09-15 02:56 - 00167936 _____ () D:\Program Files (x86)\File Renamer Turbo\shell.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:8E55808C

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2014 05:29:54 PM) (Source: Windows Search Service) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3920700807-174084792-717808922-1000}/">.

Error: (03/04/2014 05:28:17 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7d0

Startzeit: 01cf37c6554fab27

Endzeit: 140

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: f84f68f8-a3b9-11e3-923b-001c23543895

Error: (03/04/2014 05:09:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 04:49:58 PM) (Source: Google Update) (User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (03/04/2014 01:49:58 PM) (Source: Google Update) (User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (03/04/2014 10:50:18 AM) (Source: Google Update) (User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (03/04/2014 07:50:21 AM) (Source: Google Update) (User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (03/04/2014 04:52:13 AM) (Source: Google Update) (User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2

Error: (03/04/2014 00:31:09 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (03/04/2014 00:31:09 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


System errors:
=============
Error: (03/03/2014 09:21:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Samsung AllShare PC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/03/2014 09:21:41 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Samsung AllShare PC erreicht.

Error: (02/26/2014 07:53:12 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.

Error: (02/26/2014 07:53:11 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.

Error: (02/26/2014 07:53:10 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.

Error: (02/26/2014 06:05:35 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (02/26/2014 06:05:35 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (02/26/2014 06:05:34 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (02/25/2014 04:44:53 PM) (Source: cdrom) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (02/25/2014 04:44:53 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.


Microsoft Office Sessions:
=========================
Error: (03/04/2014 05:29:54 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-3920700807-174084792-717808922-1000}/

Error: (03/04/2014 05:28:17 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.175677d001cf37c6554fab27140C:\Windows\Explorer.EXEf84f68f8-a3b9-11e3-923b-001c23543895

Error: (03/04/2014 05:09:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 04:49:58 PM) (Source: Google Update)(User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (03/04/2014 01:49:58 PM) (Source: Google Update)(User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (03/04/2014 10:50:18 AM) (Source: Google Update)(User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (03/04/2014 07:50:21 AM) (Source: Google Update)(User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (03/04/2014 04:52:13 AM) (Source: Google Update)(User: DRACONIS7)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2

Error: (03/04/2014 00:31:09 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ivt corporation\bluesoleil\MAP_BsSMSEditor.exe

Error: (03/04/2014 00:31:09 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ivt corporation\bluesoleil\BsSMSEditor.exe


CodeIntegrity Errors:
===================================
  Date: 2014-02-24 18:27:41.263
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\daa31c31e88b2dd22a0fa0\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-12 07:24:31.364
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-12 07:19:02.060
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-12 07:08:11.436
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-12 07:01:51.976
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-12 06:56:19.427
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-12 06:50:09.175
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-12 06:00:46.418
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-12 05:21:15.246
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-11 18:06:23.391
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 55%
Total physical RAM: 4093.96 MB
Available physical RAM: 1832.55 MB
Total Pagefile: 8186.1 MB
Available Pagefile: 5478.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:102.17 GB) (Free:48.97 GB) NTFS
Drive d: (Laufwerk) (Fixed) (Total:363.49 GB) (Free:201.9 GB) NTFS
Drive g: (WIN7) (CDROM) (Total:4 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         

Alt 04.03.2014, 17:37   #2
schrauber
/// the machine
/// TB-Ausbilder
 

loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt - Standard

loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt



Hi,

FRST bitte nochmal. Unsere Tools brauchen immer Adminrechte.
__________________

__________________

Alt 04.03.2014, 17:51   #3
Vessel
 
loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt - Standard

loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt



Als Admin ausgeführt, ok so?


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014
Ran by Admin (administrator) on DRACONIS7 on 04-03-2014 18:50:32
Running from C:\Users\Marten\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TorchMedia Inc.) C:\Users\Admin\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Spotify Ltd) C:\Users\Marten\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dell) C:\Users\Marten\AppData\Local\Apps\2.0\NK0CTZP8.AGW\6OK15EXD.KCA\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Marten\AppData\Local\Temp\Rar$EXa0.565\    Extreme Torture  Tits Needles Torture 3.exe
(Dropbox, Inc.) C:\Users\Marten\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Facebook) C:\Users\Marten\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 6\PdfPro6Hook.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\system32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [326760 2011-05-21] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1692264 2011-05-05] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Professional 6\pdfpro6hook.exe [2080768 2009-08-23] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF6 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Professional 6\RegistryController.exe [110880 2009-07-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance PDF Professional 6-reminder] - C:\Program Files (x86)\Nuance\PDF Professional 6\Ereg\Ereg.exe [54560 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [AllShareAgent] - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [451072 2013-12-05] (IVT Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM\...\RunOnce: [DCERegBootClean64] - C:\Windows\RegBootClean64.exe [238128 2014-03-03] ()
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [Spotify Web Helper] - C:\Users\Marten\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-11] (Spotify Ltd)
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [DellSystemDetect] - C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\Run: [Facebook Update] - C:\Users\Marten\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-27] (Facebook Inc.)
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {4ccf2fc1-eba2-11e2-816a-001c2301c021} - F:\AutoRun.exe
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {4ccf3001-eba2-11e2-816a-001c2301c021} - F:\AutoRun.exe
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {780920ab-3310-11e3-b9e8-001c23543895} - H:\AutoRun.exe
HKU\S-1-5-21-3920700807-174084792-717808922-1000\...\MountPoints2: {8d9320ec-e995-11e2-a37c-001c2301c021} - G:\setup.exe
HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\Run: [DellSystemDetect] - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner64.exe [6087448 2014-01-21] (Piriform Ltd)
HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\MountPoints2: {4ccf2fc1-eba2-11e2-816a-001c2301c021} - F:\AutoRun.exe
HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\MountPoints2: {4ccf3001-eba2-11e2-816a-001c2301c021} - F:\AutoRun.exe
HKU\S-1-5-21-3920700807-174084792-717808922-1003\...\MountPoints2: {8d9320ec-e995-11e2-a37c-001c2301c021} - G:\setup.exe
Lsa: [Notification Packages] scecli IVTCredentialProvider
Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk -> C:\Users\Marten\AppData\Local\Temp\Rar$EXa0.565\    Extreme Torture  Tits Needles Torture 3.exe ()
Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MG4200 series Printer.lnk
ShortcutTarget: Canon IJ Status Monitor Canon MG4200 series Printer.lnk -> C:\Users\Marten\CNMSSC~1.DLL,SMStarterEntryPoint CNBJNP_180CACF31932;Canon MG4200 series Printer;cnmss Canon MG4200 series Printer (Local).dll;Canon IJ Status Monitor Canon MG4200 series Printer.lnk (No File)
Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marten\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Marten\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x67E81BD1A27DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{43984D79-143C-4611-A099-09FB894FA2AE}: [NameServer]85.214.20.141,213.73.91.35

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ef7zloa1.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Garmin Communicator - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ef7zloa1.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-12-14]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ef7zloa1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-10]
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-03-04]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-03-04]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-07-10]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []
FF HKLM-x32\...\Firefox\Extensions: [isend@www.bluesoleil.com] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\isend@www.bluesoleil.com
FF Extension: BlueSoleil Extension - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\FireFox\isend@www.bluesoleil.com [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - D:\Program Files\WaterProof\PHPEdit\5.0.0\Tools\FirefoxExtension\unpacked
FF Extension: PHPEdit Xdebug Extension - D:\Program Files\WaterProof\PHPEdit\5.0.0\Tools\FirefoxExtension\unpacked [2014-02-21]
FF HKCU\...\Firefox\Extensions: [PHPEditXdebugExtension@waterproof.fr] - D:\Program Files\WaterProof\PHPEdit\5.0.0\Tools\FirefoxExtension\unpacked
FF Extension: PHPEdit Xdebug Extension - D:\Program Files\WaterProof\PHPEdit\5.0.0\Tools\FirefoxExtension\unpacked [2014-02-21]

Chrome: 
=======
CHR Extension: (TrendMicro BEP Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2013-11-30]
CHR Extension: (TrendMicro Toolbar) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj [2013-11-30]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08]
CHR HKLM\...\Chrome\Extension: [cocpghbdppojfnfpjhmlcfkljjjfpika] - C:\Program Files (x86)\IVT Corporation\BlueSoleil\TransSend\Chrome\TS_Chrome.crx [2013-12-04]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\chromeextension.crx [2013-07-10]

==================== Services (Whitelisted) =================

R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [3214216 2013-12-06] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [158456 2013-12-05] (IVT Corporation)
R2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [266752 2013-12-04] (IVT Corporation)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-07-27] (Nuance Communications, Inc.)
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
R2 TorchCrashHandler; C:\Users\Admin\AppData\Local\Torch\Update\TorchCrashHandler.exe [1205760 2013-12-21] (TorchMedia Inc.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]

==================== Drivers (Whitelisted) ====================

S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)
S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)
S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.)
S3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43104 2013-10-10] (IVT Corporation.)
R3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24032 2013-10-08] (IVT Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-10] (DT Soft Ltd)
R3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
R3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25568 2013-04-26] (IVT Corporation.)
R3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R1 NvtSp50; C:\Windows\System32\DRIVERS\NvtSp50.sys [27648 2008-06-10] (Printing Novatel Wireless Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-06] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-04 18:18 - 2014-03-04 18:18 - 00110176 _____ () C:\Users\Marten\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-04 18:08 - 2014-03-04 18:08 - 00045931 _____ () C:\Users\Marten\Downloads\Addition.txt
2014-03-04 18:06 - 2014-03-04 18:50 - 00026640 _____ () C:\Users\Marten\Downloads\FRST.txt
2014-03-04 18:06 - 2014-03-04 18:50 - 00000000 ____D () C:\FRST
2014-03-04 18:05 - 2014-03-04 18:05 - 02156544 _____ (Farbar) C:\Users\Marten\Downloads\FRST64.exe
2014-03-03 22:39 - 2014-03-04 18:17 - 00024089 _____ () C:\Users\Marten\AppData\Roaming\loadit.exe
2014-03-03 22:30 - 2014-03-03 22:30 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-03 22:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 22:28 - 2014-03-03 22:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marten\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-03 22:21 - 2014-03-03 22:21 - 00035939 _____ () C:\Users\Marten\Downloads\torture (1).nzb
2014-03-03 22:15 - 2014-03-03 22:15 - 00023905 _____ () C:\Users\Marten\Downloads\torture.nzb
2014-03-03 22:11 - 2014-03-03 22:11 - 00003062 _____ () C:\Windows\System32\Tasks\{C6524D39-E9B8-48CB-A29C-BE2DB6DD7229}
2014-03-03 22:10 - 2014-03-03 22:39 - 00004056 _____ () C:\Windows\RegBootClean64.CFG
2014-03-03 21:58 - 2014-03-03 21:58 - 00017484 _____ () C:\Users\Marten\Downloads\Rape-and-Abuse-Movies-grope449.avi-104087kbytes.nzb
2014-03-03 21:57 - 2014-03-03 21:57 - 00024587 _____ () C:\Users\Marten\Downloads\Spontaneously raped his sister in the bathroom.rar.nzb
2014-03-03 21:50 - 2014-03-03 21:50 - 00023941 _____ () C:\Users\Marten\Downloads\Extreme Torture Tits Needles Torture 3.rar.nzb
2014-03-03 21:47 - 2014-03-03 21:47 - 00017335 _____ () C:\Users\Marten\Downloads\slave-c-Huge-needles-in-tits-then-hung-by-rope-of-them.rar.nzb
2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin.epub
2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin (1).epub
2014-02-28 15:12 - 2014-02-28 15:12 - 00009326 _____ () C:\Users\Marten\Documents\Marten_KPdatabase.kdbx
2014-02-27 22:32 - 2014-02-27 22:32 - 02079423 _____ () C:\Users\Marten\Downloads\mplayerc_20100214.zip
2014-02-27 19:48 - 2014-02-27 19:48 - 03782822 _____ (DownloadHelper ) C:\Users\Marten\Downloads\ConvertHelperSetup.exe
2014-02-26 21:24 - 2012-03-26 05:00 - 00105472 _____ (CANON INC.) C:\Users\Marten\cnmss Canon MG4200 series Printer (Local).dll
2014-02-25 23:17 - 2014-02-25 23:17 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-02-23 18:52 - 2014-02-23 18:53 - 11360969 _____ () C:\Users\Marten\Downloads\neXt Launcher 3D v3.06 Patched.apk
2014-02-23 15:24 - 2014-02-23 15:24 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann (1).epub
2014-02-23 15:21 - 2014-02-23 15:22 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann.epub
2014-02-22 01:50 - 2014-02-22 01:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-21 23:41 - 2014-02-21 23:41 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\WaterProof
2014-02-21 23:37 - 2014-02-21 23:37 - 00000955 _____ () C:\Users\Admin\Desktop\PHPEdit 5.0.0.lnk
2014-02-21 14:15 - 2014-02-21 14:15 - 00006104 _____ () C:\Users\Marten\Downloads\Der_Turm_HD-b5fqopmrbl3sf.dlc
2014-02-17 20:47 - 2014-03-04 17:07 - 00002121 _____ () C:\Windows\setupact.log
2014-02-17 20:47 - 2014-02-17 20:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-17 20:46 - 2014-03-04 17:07 - 00002558 _____ () C:\Windows\PFRO.log
2014-02-15 21:30 - 2014-02-15 21:31 - 00001127 _____ () C:\Users\Marten\Desktop\KPdatabase.lnk
2014-02-15 21:26 - 2014-02-15 21:27 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-02-15 21:09 - 2014-02-15 21:26 - 00001105 _____ () C:\Users\Admin\Desktop\KeePass 2.lnk
2014-02-15 21:08 - 2014-02-15 21:08 - 02537151 _____ (Dominik Reichl ) C:\Users\Marten\Downloads\KeePass-2.25-Setup.exe
2014-02-15 11:44 - 2014-02-15 11:44 - 04458384 _____ () C:\Users\Marten\Downloads\xirrus-wi-fi-monitor-win7gadgets-com.zip
2014-02-13 03:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:03 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:03 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:03 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:03 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:03 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:03 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:03 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:03 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:03 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:03 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:03 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:03 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:03 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:03 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:03 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:03 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:03 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:03 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:03 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:03 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:03 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:03 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:03 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:03 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:03 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:03 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:03 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:03 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:03 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:03 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:03 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:03 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:03 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:03 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:03 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:03 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:03 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:03 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:03 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 22:59 - 2014-02-18 23:27 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-02-12 15:57 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 15:57 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 15:21 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 15:21 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 15:21 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 15:21 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 14:50 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 14:50 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 14:50 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 14:50 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 14:50 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 14:50 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 14:50 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 14:50 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 14:50 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 14:50 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 14:50 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 14:50 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 14:50 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 14:50 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 14:50 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 14:50 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 14:50 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 14:50 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 12:57 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 12:57 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 12:57 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 12:57 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Mauton
2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Erxim
2014-02-11 23:13 - 2014-02-11 23:38 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Yfwaix
2014-02-11 23:13 - 2014-02-11 23:16 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Afadd
2014-02-11 22:22 - 2014-02-11 22:22 - 00000872 _____ () C:\Users\Marten\Desktop\Load.lnk
2014-02-11 18:06 - 2014-02-11 18:06 - 00127080 _____ (Spotify Ltd) C:\Users\Marten\Downloads\SpotifySetup.exe
2014-02-11 17:20 - 2014-02-11 17:22 - 13166565 _____ () C:\Users\Marten\Downloads\CandiSoft_Load!_0.7.4.rar
2014-02-08 21:44 - 2014-02-08 21:44 - 00001176 _____ () C:\7259909nbg3334n.dlc
2014-02-08 20:51 - 2014-02-08 20:51 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-02-05 16:21 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-05 16:21 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-05 16:21 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-05 16:21 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-05 16:20 - 2014-02-05 16:21 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-04 22:23 - 2014-02-04 22:23 - 00000000 ____D () C:\Users\Marten\AppData\Local\BlueSoleil BLE
2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\RapidSolution
2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\CrashRpt
2014-02-04 21:34 - 2014-02-04 21:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashRpt
2014-02-04 21:31 - 2014-02-04 21:31 - 00000000 ____D () C:\ProgramData\RapidSolution
2014-02-04 21:29 - 2014-02-04 21:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\RapidSolution
2014-02-04 18:32 - 2014-02-27 22:27 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Skype
2014-02-04 18:32 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Marten\AppData\Local\Skype
2014-02-04 18:31 - 2014-02-11 18:42 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-04 18:31 - 2014-02-11 18:42 - 00000000 ____D () C:\ProgramData\Skype
2014-02-04 18:31 - 2014-02-04 18:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-02 15:45 - 2014-02-02 15:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-02 15:45 - 2014-02-02 15:45 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-02 15:45 - 2014-02-02 15:45 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-02 15:43 - 2014-02-16 22:30 - 00110176 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-02 13:23 - 2014-02-02 13:26 - 00000000 ____D () C:\Users\Admin\.JBinUp

==================== One Month Modified Files and Folders =======

2014-03-04 18:50 - 2014-03-04 18:06 - 00026640 _____ () C:\Users\Marten\Downloads\FRST.txt
2014-03-04 18:50 - 2014-03-04 18:06 - 00000000 ____D () C:\FRST
2014-03-04 18:27 - 2013-08-12 20:52 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-04 18:18 - 2014-03-04 18:18 - 00110176 _____ () C:\Users\Marten\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-04 18:17 - 2014-03-03 22:39 - 00024089 _____ () C:\Users\Marten\AppData\Roaming\loadit.exe
2014-03-04 18:11 - 2013-09-24 22:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-04 18:09 - 2013-07-10 22:56 - 00000000 ____D () C:\Users\Marten\Documents\Outlook-Dateien
2014-03-04 18:08 - 2014-03-04 18:08 - 00045931 _____ () C:\Users\Marten\Downloads\Addition.txt
2014-03-04 18:05 - 2014-03-04 18:05 - 02156544 _____ (Farbar) C:\Users\Marten\Downloads\FRST64.exe
2014-03-04 18:01 - 2013-12-27 23:03 - 00000000 ___RD () C:\Users\Marten\Dropbox
2014-03-04 18:01 - 2013-12-27 22:59 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Dropbox
2014-03-04 17:48 - 2013-08-12 20:55 - 00000000 ___RD () C:\Users\Marten\Google Drive
2014-03-04 17:47 - 2013-07-10 20:01 - 01100635 _____ () C:\Windows\WindowsUpdate.log
2014-03-04 17:43 - 2013-07-17 07:20 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\vlc
2014-03-04 17:30 - 2013-07-30 17:24 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Media Player Classic
2014-03-04 17:27 - 2013-07-25 16:14 - 00000000 ____D () C:\Users\Marten\AppData\Local\Deployment
2014-03-04 17:25 - 2013-08-12 20:52 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-04 17:13 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 17:13 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 17:08 - 2013-12-09 10:22 - 00001197 _____ () C:\Windows\SysWOW64\bscs.ini
2014-03-04 17:08 - 2013-10-02 17:29 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2014-03-04 17:08 - 2013-08-07 15:12 - 00003510 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-03-04 17:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-04 17:07 - 2014-02-17 20:47 - 00002121 _____ () C:\Windows\setupact.log
2014-03-04 17:07 - 2014-02-17 20:46 - 00002558 _____ () C:\Windows\PFRO.log
2014-03-04 17:07 - 2013-09-16 16:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-04 16:49 - 2013-08-27 21:43 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3920700807-174084792-717808922-1000UA.job
2014-03-04 02:00 - 2013-09-19 18:42 - 00000000 ____D () C:\Users\Marten\AppData\Local\Adobe
2014-03-03 22:48 - 2013-08-27 21:43 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3920700807-174084792-717808922-1000Core.job
2014-03-03 22:39 - 2014-03-03 22:10 - 00004056 _____ () C:\Windows\RegBootClean64.CFG
2014-03-03 22:39 - 2013-07-10 20:53 - 00238128 _____ () C:\Windows\RegBootClean64.exe
2014-03-03 22:30 - 2014-03-03 22:30 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-03 22:30 - 2014-03-03 22:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-03 22:29 - 2013-07-10 20:20 - 00000000 ____D () C:\Users\Admin
2014-03-03 22:28 - 2014-03-03 22:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Marten\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-03 22:28 - 2014-01-12 11:52 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Usenet.nl
2014-03-03 22:21 - 2014-03-03 22:21 - 00035939 _____ () C:\Users\Marten\Downloads\torture (1).nzb
2014-03-03 22:15 - 2014-03-03 22:15 - 00023905 _____ () C:\Users\Marten\Downloads\torture.nzb
2014-03-03 22:11 - 2014-03-03 22:11 - 00003062 _____ () C:\Windows\System32\Tasks\{C6524D39-E9B8-48CB-A29C-BE2DB6DD7229}
2014-03-03 22:10 - 2013-07-10 20:05 - 00000000 ___RD () C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-03 22:03 - 2013-03-12 20:24 - 00000000 ____D () C:\Windows\Panther
2014-03-03 21:58 - 2014-03-03 21:58 - 00017484 _____ () C:\Users\Marten\Downloads\Rape-and-Abuse-Movies-grope449.avi-104087kbytes.nzb
2014-03-03 21:57 - 2014-03-03 21:57 - 00024587 _____ () C:\Users\Marten\Downloads\Spontaneously raped his sister in the bathroom.rar.nzb
2014-03-03 21:50 - 2014-03-03 21:50 - 00023941 _____ () C:\Users\Marten\Downloads\Extreme Torture Tits Needles Torture 3.rar.nzb
2014-03-03 21:47 - 2014-03-03 21:47 - 00017335 _____ () C:\Users\Marten\Downloads\slave-c-Huge-needles-in-tits-then-hung-by-rope-of-them.rar.nzb
2014-03-02 21:54 - 2014-01-14 19:09 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-02 21:54 - 2013-07-10 22:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\JDownloader v2.0
2014-03-02 19:58 - 2011-04-12 08:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-03-02 19:58 - 2011-04-12 08:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-03-02 19:58 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-02 19:54 - 2013-09-07 11:53 - 00000600 _____ () C:\Users\Marten\AppData\Roaming\winscp.rnd
2014-03-02 16:58 - 2013-08-12 18:56 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\MyPhoneExplorer
2014-03-02 14:44 - 2013-07-25 15:50 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\KeePass
2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin.epub
2014-03-01 10:14 - 2014-03-01 10:14 - 00408905 _____ () C:\Users\Marten\Downloads\Der neue Tugendterror - Thilo Sarrazin (1).epub
2014-02-28 15:12 - 2014-02-28 15:12 - 00009326 _____ () C:\Users\Marten\Documents\Marten_KPdatabase.kdbx
2014-02-27 22:32 - 2014-02-27 22:32 - 02079423 _____ () C:\Users\Marten\Downloads\mplayerc_20100214.zip
2014-02-27 22:27 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Skype
2014-02-27 19:48 - 2014-02-27 19:48 - 03782822 _____ (DownloadHelper ) C:\Users\Marten\Downloads\ConvertHelperSetup.exe
2014-02-27 17:45 - 2013-09-13 11:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\Deployment
2014-02-27 03:22 - 2013-07-10 20:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-27 03:03 - 2013-03-12 20:39 - 01593564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 21:26 - 2014-01-21 21:22 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Canon
2014-02-26 21:24 - 2013-07-10 20:05 - 00000000 ____D () C:\Users\Marten
2014-02-25 23:17 - 2014-02-25 23:17 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-02-24 23:33 - 2013-12-25 23:45 - 00000000 ____D () C:\Users\Marten\AppData\Local\bluesoleil
2014-02-24 23:14 - 2013-12-25 23:45 - 00006176 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-02-24 23:14 - 2013-12-25 23:45 - 00000101 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-02-23 18:53 - 2014-02-23 18:52 - 11360969 _____ () C:\Users\Marten\Downloads\neXt Launcher 3D v3.06 Patched.apk
2014-02-23 15:24 - 2014-02-23 15:24 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann (1).epub
2014-02-23 15:22 - 2014-02-23 15:21 - 17620388 _____ () C:\Users\Marten\Downloads\Abnehmen fur Faule - Friedrich Bohlmann.epub
2014-02-22 01:50 - 2014-02-22 01:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-21 23:41 - 2014-02-21 23:41 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\WaterProof
2014-02-21 23:37 - 2014-02-21 23:37 - 00000955 _____ () C:\Users\Admin\Desktop\PHPEdit 5.0.0.lnk
2014-02-21 20:13 - 2013-09-24 22:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 20:12 - 2013-07-11 17:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 20:12 - 2013-07-11 17:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 17:45 - 2013-07-10 22:39 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\DAEMON Tools Lite
2014-02-21 14:15 - 2014-02-21 14:15 - 00006104 _____ () C:\Users\Marten\Downloads\Der_Turm_HD-b5fqopmrbl3sf.dlc
2014-02-18 23:27 - 2014-02-12 22:59 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-02-17 20:47 - 2014-02-17 20:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-16 22:36 - 2013-07-13 11:05 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner
2014-02-16 22:30 - 2014-02-02 15:43 - 00110176 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-16 22:28 - 2013-12-16 20:25 - 00000000 ____D () C:\Program Files (x86)\HD Tune Pro
2014-02-15 23:04 - 2013-07-15 18:39 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Spotify
2014-02-15 22:17 - 2013-07-15 18:40 - 00000000 ____D () C:\Users\Marten\AppData\Local\Spotify
2014-02-15 21:31 - 2014-02-15 21:30 - 00001127 _____ () C:\Users\Marten\Desktop\KPdatabase.lnk
2014-02-15 21:27 - 2014-02-15 21:26 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-02-15 21:26 - 2014-02-15 21:09 - 00001105 _____ () C:\Users\Admin\Desktop\KeePass 2.lnk
2014-02-15 21:08 - 2014-02-15 21:08 - 02537151 _____ (Dominik Reichl ) C:\Users\Marten\Downloads\KeePass-2.25-Setup.exe
2014-02-15 17:50 - 2013-11-10 15:14 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-02-15 17:50 - 2013-11-10 15:14 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-02-15 11:44 - 2014-02-15 11:44 - 04458384 _____ () C:\Users\Marten\Downloads\xirrus-wi-fi-monitor-win7gadgets-com.zip
2014-02-14 16:53 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-13 19:01 - 2013-07-11 17:56 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-13 18:21 - 2013-07-23 17:20 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\XnView
2014-02-13 07:16 - 2013-08-12 20:52 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 07:16 - 2013-08-12 20:52 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 04:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 03:28 - 2014-01-31 20:19 - 05036800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-13 03:10 - 2013-07-10 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 03:05 - 2009-07-14 03:34 - 00000551 _____ () C:\Windows\win.ini
2014-02-12 23:00 - 2013-07-13 12:29 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\TeamViewer
2014-02-12 22:59 - 2013-07-13 11:13 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-02-12 15:40 - 2014-01-17 23:12 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\tor
2014-02-11 23:38 - 2014-02-11 23:13 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Yfwaix
2014-02-11 23:16 - 2014-02-11 23:13 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Afadd
2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Mauton
2014-02-11 23:14 - 2014-02-11 23:14 - 00000000 ____D () C:\Users\Marten\AppData\Roaming\Erxim
2014-02-11 22:22 - 2014-02-11 22:22 - 00000872 _____ () C:\Users\Marten\Desktop\Load.lnk
2014-02-11 18:42 - 2014-02-04 18:31 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-11 18:42 - 2014-02-04 18:31 - 00000000 ____D () C:\ProgramData\Skype
2014-02-11 18:06 - 2014-02-11 18:06 - 00127080 _____ (Spotify Ltd) C:\Users\Marten\Downloads\SpotifySetup.exe
2014-02-11 17:22 - 2014-02-11 17:20 - 13166565 _____ () C:\Users\Marten\Downloads\CandiSoft_Load!_0.7.4.rar
2014-02-08 21:44 - 2014-02-08 21:44 - 00001176 _____ () C:\7259909nbg3334n.dlc
2014-02-08 20:52 - 2013-09-07 15:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-08 20:51 - 2014-02-08 20:51 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-02-08 20:51 - 2013-09-07 15:28 - 00000000 ____D () C:\ProgramData\Garmin
2014-02-08 20:51 - 2013-09-07 15:28 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-02-06 13:16 - 2014-02-13 03:03 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 13:11 - 2013-07-25 16:18 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-02-06 13:11 - 2013-07-25 16:18 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-06 13:11 - 2013-07-25 16:17 - 00000000 ____D () C:\Program Files\My Dell
2014-02-06 12:30 - 2014-02-13 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 03:03 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 03:03 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 03:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 03:03 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 03:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 03:03 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 03:03 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 03:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 03:03 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 03:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 03:03 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 03:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 03:03 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 03:03 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 03:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 03:03 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 03:03 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 03:03 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 03:03 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 16:21 - 2014-02-05 16:20 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-05 16:21 - 2013-07-10 22:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-04 22:42 - 2013-07-11 17:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-02-04 22:26 - 2013-12-31 16:39 - 00001734 _____ () C:\Windows\SysWOW64\SHORTCUT.INI
2014-02-04 22:23 - 2014-02-04 22:23 - 00000000 ____D () C:\Users\Marten\AppData\Local\BlueSoleil BLE
2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\RapidSolution
2014-02-04 21:38 - 2014-02-04 21:38 - 00000000 ____D () C:\Users\Marten\AppData\Local\CrashRpt
2014-02-04 21:34 - 2014-02-04 21:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashRpt
2014-02-04 21:31 - 2014-02-04 21:31 - 00000000 ____D () C:\ProgramData\RapidSolution
2014-02-04 21:29 - 2014-02-04 21:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\RapidSolution
2014-02-04 19:09 - 2013-03-12 21:48 - 88567024 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-04 18:32 - 2014-02-04 18:32 - 00000000 ____D () C:\Users\Marten\AppData\Local\Skype
2014-02-04 18:31 - 2014-02-04 18:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-03 17:23 - 2013-07-10 20:05 - 00000000 ___RD () C:\Users\Marten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-03 16:50 - 2013-12-31 16:39 - 00000289 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI
2014-02-02 15:47 - 2014-02-02 15:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-02 15:45 - 2014-02-02 15:45 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-02 15:45 - 2014-02-02 15:45 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-02 15:42 - 2013-07-11 19:38 - 00000000 ____D () C:\Users\Downloader
2014-02-02 13:26 - 2014-02-02 13:23 - 00000000 ____D () C:\Users\Admin\.JBinUp

Files to move or delete:
====================
C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Marten\cnmss Canon MG4200 series Printer (Local).dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 15:30

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 05.03.2014, 15:43   #4
schrauber
/// the machine
/// TB-Ausbilder
 

loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt - Standard

loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt



Ja

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.03.2014, 21:19   #5
Vessel
 
loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt - Standard

loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt



Fehler gefunden, war keine Infektion...

eine self-extract datei hatte sich beim auspacken irgendwie verheddert.

Als Admin den Prozess gestoppt, Datei gelöscht , alles gut!

Vielen Dank für Eure Mühe!

Gruß
\/essel


Alt 06.03.2014, 18:45   #6
schrauber
/// the machine
/// TB-Ausbilder
 

loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt - Standard

loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt



ok
__________________
--> loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt

Antwort

Themen zu loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt
4d36e972-e325-11ce-bfc1-08002be10318, converter, cyberghost, defender, error, excel, failed, fehler, flash player, frage, google, inkompatibel, kein fund, lightning, loadit.exe, malware, malware / spyware / system care, monitor, mozilla, mp3, programm, realtek, registry, rundll, scan, security, services.exe, software, spotify web helper, starten, svchost.exe, system, teredo, usb, vista



Ähnliche Themen: loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt


  1. loadit.exe als Virus taucht ständig auf !
    Plagegeister aller Art und deren Bekämpfung - 18.06.2015 (8)
  2. Loadit.exe wieder entfernen
    Log-Analyse und Auswertung - 13.02.2015 (12)
  3. SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf
    Plagegeister aller Art und deren Bekämpfung - 16.09.2014 (13)
  4. win7: Kasperski Web-Anti-Virus blockt: obession.co.ua/loader/loadit.exe
    Log-Analyse und Auswertung - 24.08.2014 (1)
  5. Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)
    Plagegeister aller Art und deren Bekämpfung - 07.04.2013 (29)
  6. gvu trojaner win7 64bit entfernt aber nicht sicher ob er weg ist!
    Log-Analyse und Auswertung - 13.01.2013 (3)
  7. Win7 Verschlüsselungstrojaner, Rechner läuft wieder aber hab ich alles weg?
    Log-Analyse und Auswertung - 13.06.2012 (28)
  8. 1 CPU Kern immer zu ~80% ausgelastet aber kein Programm im Taskmanager sichtbar, win7, 64bit
    Plagegeister aller Art und deren Bekämpfung - 09.11.2011 (1)
  9. Trojaner; Sparkasse (im Forum gefunden aber nichts verstanden); Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 02.03.2011 (10)
  10. Avira zeigt Virus an, dieser taucht aber nach Löschversuch immer wieder auf. Trojaner vermutet.
    Log-Analyse und Auswertung - 18.02.2011 (1)
  11. "service.exe" in C:\TEMP\ von Norton gefunden, taucht aber immer wieder auf!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (26)
  12. TR/Spy.Gen taucht immer wieder auf !
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (28)
  13. Trojaner taucht immer wieder auf
    Log-Analyse und Auswertung - 11.01.2009 (9)
  14. TR/Crypt.XPACK.gen wird von AV erkannt, taucht aber immer wieder auf. Hier der Log...
    Log-Analyse und Auswertung - 09.06.2008 (5)
  15. spy taucht immer wieder auf...
    Plagegeister aller Art und deren Bekämpfung - 13.06.2005 (3)
  16. SpSeHjfix entfernt se.dll, Rundll32 nervt aber weiter
    Log-Analyse und Auswertung - 10.03.2005 (8)
  17. SpSeHjfix entfernt se.dll, Rundll32 nervt aber weiter
    Log-Analyse und Auswertung - 08.03.2005 (1)

Zum Thema loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt - Seit einem Usenet.nl download gestern abend taucht immer wieder ein Fenster auf, das besagt, dass diese Version der Datei nicht mit der ausgeführten Windowsversion kompatibel ist. Das Programm kann wohl - loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt...
Archiv
Du betrachtest: loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.