Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Avira wurde durch Gruppenrichtlinie blockiert (https://www.trojaner-board.de/154895-windows-7-avira-wurde-gruppenrichtlinie-blockiert.html)

zorin74 06.06.2014 14:54
Windows 7: Avira wurde durch Gruppenrichtlinie blockiert
 
Hallo,

ich habe von meiner Bank die Nachricht bekommen, mein Onlinezugang wäre wegen Verdacht auf Missbrauch gesperrt.

Ich habe daraufhin Avira aufgerufen und versucht einen Scan zu machen.

Avira lässt sich nicht mehr öffnen sobald ich es zu öffnen versuche bekomme ich die Meldung
"Diese Programm wurde durch eine Gruppenrichtlinie blockiert. Weiter Informationen erhalten Sie vom Systemadministrator." Ich kann es weder öffnen, schließen oder löschen.

Mit der Bitte um Hilfe !

Grüße, Zorin74

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by user (administrator) on SPF-11-20040 on 06-06-2014 15:20:55
Running from C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSWNZB56
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Freecom) C:\Windows\Temp\Password.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2012-02-08] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [382816 2009-11-28] (Acronis)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2996792 2011-07-15] (Hewlett-Packard Company)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-12-29] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-12-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-08-26] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DsMgr] => C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe [93240 2011-03-11] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [BackupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1550280 2009-11-28] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe [959192 2009-11-28] (Acronis)
HKLM-x32\...\Run: [TrayMonitor.exe] => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [843016 2009-11-28] (Acronis)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-04-23] (Vodafone)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\Run: [IExplorer Util] => C:\Users\user\AppData\Roaming\ie_util.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\Run: [{BECEF8D4-BC6E-AD40-3E16-8C4101D5AF5C}] => C:\Users\user\AppData\Roaming\Bahiqy\ryeto.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\Run: [mudtyc] => regsvr32.exe "C:\ProgramData\mudtyc.dat"
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\MountPoints2: G - G:\Password.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\MountPoints2: {68bac23b-7e65-11e1-b27c-402cf465b52d} - G:\Password.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\MountPoints2: {a6fbee3a-84a3-11e2-8060-028037ec0200} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\MountPoints2: {a9e93f89-0b9d-11e1-b946-402cf41d5fe7} - H:\Password.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\Run: [IExplorer Util] => C:\Users\Acronis Agent User\AppData\Roaming\ie_util.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\Run: [{BECEF8D4-BC6E-AD40-3E16-8C4101D5AF5C}] => C:\Users\Acronis Agent User\AppData\Roaming\Bahiqy\ryeto.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: G - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {6b73e069-6382-11e1-8ac7-806e6f6e6963} - F:\start.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {a6fbee3a-84a3-11e2-8060-028037ec0200} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {a9e93f89-0b9d-11e1-b946-402cf41d5fe7} - H:\Password.exe
Lsa: [Notification Packages] DPPassFilter EpePcNp64 scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Password.lnk
ShortcutTarget: Password.lnk -> C:\Windows\Temp\Password.exe (Freecom)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
URLSearchHook: HKLM-x32 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
URLSearchHook: HKCU - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - {F626F1A9-F18D-42C8-AF56-918773ACE65A} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
BHO: SeeSimilar - {7549CA81-7BB5-41AF-AF7D-4689F5CF8340} - C:\Program Files (x86)\SeeSimilar\ScriptHost64.dll (SeeSimilar.com)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: SeeSimilar - {7549CA81-7BB5-41AF-AF7D-4689F5CF8340} - C:\Program Files (x86)\SeeSimilar\ScriptHost.dll (SeeSimilar.com)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {B106B661-3E1B-4015-AF5C-195E909F35C6} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{236D54DF-DBFD-4378-B4D1-E1F3A8E85253}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=11 - C:\Program Files (x86)\Google\Google Updater\2.2.969.23408\npCIDetect11.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @autodesk.com/DWF - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com [2013-10-08]
FF HKCU\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com [2013-10-08]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Autodesk Design Review Browser Add-on v1.2) - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files (x86)\Google\Google Updater\2.2.969.23408\npCIDetect11.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-08]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-08]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-08]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-08]
CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hekmimebcpbncnklfjadbpnjiaffabee [2013-10-08]
CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-04]
CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR Extension: (appbarioDE 1) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pickdmmkcajdddggmoaommkkoafandof [2013-10-08]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-08]
CHR HKCU\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-09-29]
CHR HKLM-x32\...\Chrome\Extension: [hekmimebcpbncnklfjadbpnjiaffabee] - C:\Users\user\AppData\Roaming\SeeSimilar\SeeSimilar.crx [2013-10-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-09-29]

==================== Services (Whitelisted) =================

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [1877848 2009-11-28] (Acronis)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-08-24] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-20] (Infineon Technologies AG)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-02-08] ()
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [4290896 2009-11-28] (Acronis)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2078112 2011-09-28] (Microsoft Corp.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-20] (Infineon Technologies AG)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [4819968 2011-09-27] (Broadcom Corporation)
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [586280 2011-03-03] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
R3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [101416 2011-02-28] (Ericsson AB)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-12-22] (JMicron Technology Corp.)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-02-08] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-02-08] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S3 vdfusbwwan; C:\Windows\System32\DRIVERS\vdfusbwwan.sys [768512 2012-04-23] (ZTE Corporation)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [277032 2011-03-04] (Ericsson AB)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-06 15:20 - 2014-06-06 15:21 - 00000000 ____D () C:\FRST
2014-06-06 12:49 - 2014-06-06 12:49 - 00275208 _____ () C:\windows\Minidump\060614-21730-01.dmp
2014-06-04 15:47 - 2014-06-04 15:54 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-05-21 09:48 - 2014-05-21 09:48 - 00000000 ____D () C:\Users\user\Documents\Need for Speed World
2014-05-20 12:06 - 2014-05-20 12:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Need for Speed World
2014-05-20 11:24 - 2014-06-06 12:23 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-20 11:24 - 2014-06-06 12:23 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-05-20 11:24 - 2014-05-20 11:24 - 00000000 ____D () C:\Users\user\AppData\Local\Electronic_Arts_Inc
2014-05-13 09:18 - 2014-05-13 09:24 - 00009081 _____ () C:\Users\user\Desktop\Kennwort Outlook.xlsx

==================== One Month Modified Files and Folders =======

2014-06-06 15:22 - 2012-04-02 09:19 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 15:22 - 2011-11-10 15:14 - 00000000 ____D () C:\Users\user\AppData\Local\Temp
2014-06-06 15:21 - 2014-06-06 15:20 - 00000000 ____D () C:\FRST
2014-06-06 15:18 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 15:18 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 15:17 - 2011-03-08 19:03 - 00702524 _____ () C:\windows\system32\perfh007.dat
2014-06-06 15:17 - 2011-03-08 19:03 - 00150048 _____ () C:\windows\system32\perfc007.dat
2014-06-06 15:17 - 2009-07-14 07:13 - 01622100 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-06 15:13 - 2013-05-08 08:19 - 00004140 _____ () C:\windows\System32\Tasks\Google Software Updater
2014-06-06 15:13 - 2013-05-08 08:19 - 00001034 _____ () C:\windows\Tasks\Google Software Updater.job
2014-06-06 15:11 - 2011-11-23 12:14 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 15:10 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-06 15:10 - 2009-07-14 06:51 - 00171301 _____ () C:\windows\setupact.log
2014-06-06 15:09 - 2012-08-07 10:35 - 00000000 ____D () C:\Users\user\Documents\Privat
2014-06-06 12:49 - 2014-06-06 12:49 - 00275208 _____ () C:\windows\Minidump\060614-21730-01.dmp
2014-06-06 12:49 - 2012-09-11 22:26 - 681168329 _____ () C:\windows\MEMORY.DMP
2014-06-06 12:49 - 2012-09-11 22:26 - 00000000 ____D () C:\windows\Minidump
2014-06-06 12:36 - 2012-04-06 11:51 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-06 12:34 - 2013-08-06 10:49 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-06-06 12:34 - 2013-08-06 10:49 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-06-06 12:29 - 2013-05-08 08:19 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-06 12:26 - 2011-11-23 12:13 - 00000000 ____D () C:\ProgramData\Google Updater
2014-06-06 12:24 - 2011-09-27 14:32 - 02667277 _____ () C:\windows\WindowsUpdate.log
2014-06-06 12:23 - 2014-05-20 11:24 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-06 12:23 - 2014-05-20 11:24 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-06-06 12:23 - 2013-05-08 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-06 12:23 - 2013-03-14 15:06 - 00000000 ____D () C:\Users\Public\Documents\Profi cash
2014-06-06 12:23 - 2011-11-23 14:59 - 00000000 ____D () C:\windows\system32\Macromed
2014-06-06 12:23 - 2011-11-22 16:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\IrfanView
2014-06-06 12:23 - 2011-11-10 15:17 - 00000000 ____D () C:\Users\user\AppData\Local\Hewlett-Packard
2014-06-06 12:23 - 2011-03-08 18:55 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-06-06 12:23 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-06 12:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-06-06 12:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2014-06-06 12:22 - 2012-08-07 14:36 - 00000000 ____D () C:\Users\user\Documents\Projekte
2014-06-06 12:18 - 2012-03-05 11:01 - 00000000 __RHD () C:\MSOCache
2014-06-06 12:15 - 2012-08-07 08:36 - 00000000 ____D () C:\Users\user\Documents\Outlook-Dateien
2014-06-06 11:29 - 2013-03-27 15:45 - 00000000 ____D () C:\Users\user\Desktop\Dateien
2014-06-06 10:58 - 2013-11-18 14:42 - 00806912 _____ () C:\Users\user\Desktop\Monatsausgaben 2013-2014.xls
2014-06-05 11:22 - 2012-12-06 08:57 - 00000000 ____D () C:\Users\user\Documents\WISO Haushaltsbuch
2014-06-04 18:20 - 2008-03-10 11:26 - 00002124 ____H () C:\Users\user\Documents\Default.rdp
2014-06-04 15:54 - 2014-06-04 15:47 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-06-02 15:22 - 2013-11-10 20:57 - 00000000 ____D () C:\Users\user\Desktop\Vermögensübersichten
2014-06-02 10:43 - 2013-03-25 09:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\GLS Vereinsmeister
2014-06-02 10:43 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-06-01 22:29 - 2010-03-25 16:36 - 00157696 _____ () C:\Users\user\Desktop\Neu Microsoft Excel-Arbeitsblatt.xls
2014-05-21 09:48 - 2014-05-21 09:48 - 00000000 ____D () C:\Users\user\Documents\Need for Speed World
2014-05-21 09:43 - 2011-11-23 12:14 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-20 12:06 - 2014-05-20 12:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Need for Speed World
2014-05-20 11:24 - 2014-05-20 11:24 - 00000000 ____D () C:\Users\user\AppData\Local\Electronic_Arts_Inc
2014-05-19 10:44 - 2014-03-16 10:54 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForuser.job
2014-05-16 07:34 - 2009-07-14 07:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-05-14 15:22 - 2012-04-02 09:19 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 15:22 - 2012-04-02 09:19 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 15:22 - 2011-11-23 14:59 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 09:24 - 2014-05-13 09:18 - 00009081 _____ () C:\Users\user\Desktop\Kennwort Outlook.xlsx
2014-05-13 09:16 - 2009-07-14 04:34 - 00000646 _____ () C:\windows\win.ini
2014-05-12 16:35 - 2013-03-14 15:06 - 00000000 ____D () C:\Program Files (x86)\Profi cash
2014-05-12 12:38 - 2011-11-23 12:14 - 00004102 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 12:38 - 2011-11-23 12:14 - 00003850 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 08:19 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Files to move or delete:
====================
C:\Windows\System32\mctadmin.exe


Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\sp64126.exe
C:\Users\user\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\user\AppData\Local\Temp\_isF1BD.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-03 09:17

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by user at 2014-06-06 15:22:36
Running from C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSWNZB56
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acronis Backup & Recovery 10 Tray Monitor (HKLM-x32\...\{07F6BABF-0653-41A0-BCB7-8C2148AD2F1A}) (Version: 10.0.11345 - Acronis)
Acronis Backup & Recovery 10 Upgrade Tool (HKLM-x32\...\{0665E2D2-2CF0-47C3-A0BA-11DCEFB0636F}) (Version: 10.0.11345 - Acronis)
Acronis Backup & Recovery 10* Agent (HKLM-x32\...\{90859A61-C317-48B9-8E31-4B742611FD19}) (Version: 10.0.11345 - Acronis)
Acronis Backup & Recovery 10*Bootfähige Komponenten und Media Builder (HKLM-x32\...\{FE361859-B039-4E17-96AC-D111183DCF99}) (Version: 10.0.11345 - Acronis)
Acronis Backup & Recovery 10*Standalone*Management*Console (HKLM-x32\...\{4FB3E151-3AFE-458B-8DE8-D8913CCB2527}) (Version: 10.0.11345 - Acronis)
Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.4 - Adobe Systems)
Adobe Acrobat  9 Standard - English, Français, Deutsch (x32 Version: 9.5.4 - Adobe Systems) Hidden
Adobe Acrobat 9.5.4 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}_954) (Version:  - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.16.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.16.0 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{D5526B83-25C4-88A8-A984-98F871DA1415}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Autodesk Design Review 2012 (HKLM-x32\...\Autodesk Design Review 2012) (Version: 12.0.0.98 - Autodesk, Inc.)
Autodesk Design Review 2012 (x32 Version: 12.0.0.98 - Autodesk, Inc.) Hidden
Autodesk Design Review Browser Add-on v1.2  (HKLM-x32\...\{CD49E43B-88B1-48AD-A3AF-43FAAAB41CB8}) (Version: 1.2.0 - Autodesk)
Avira Antivirus Premium (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.60.48.61 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-J5910DW (HKLM-x32\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{8985824A-20E6-499F-97E1-6D20D9ECD869}) (Version: 0.9.24 - Kovid Goyal)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0206.1335.24298 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help English (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help French (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help German (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
ccc-utility64 (Version: 2011.0206.1335.24298 - ATI) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Plug-in - Web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Citrix Online Plug-in (DV) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (HDX) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (USB) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (Web) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9FD050BA-79BD-42A4-9E24-E8E13F1C775F}) (Version:  - Microsoft)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.1.0.1 - Hewlett-Packard Company)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.98.29476 - Hewlett-Packard Company)
DWG TrueView 2012 (HKLM\...\DWG TrueView 2012) (Version: 18.2.51.0 - Autodesk)
DWG TrueView 2012 (Version: 18.2.51.0 - Autodesk) Hidden
Embedded Security for HP ProtectTools (HKLM\...\{87821717-5688-4AE6-887A-6B11571D0CD7}) (Version: 6.0.100.2572 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.18 - NCH Software)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4407 - Hewlett-Packard Company)
Farm Frenzy 3 American Pie (HKLM-x32\...\Farm Frenzy 3 American Pie) (Version:  - )
Farm Frenzy 3 Russisches Roulette (HKLM-x32\...\Farm Frenzy 3 Russisches Roulette) (Version:  - )
Farm Frenzy 4 (HKLM-x32\...\Farm Frenzy 4) (Version:  - )
FarmFrenzy Pizza Party (HKLM-x32\...\FarmFrenzy Pizza Party) (Version:  - )
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.15 - Hewlett-Packard Company)
GLS Vereinsmeister 6.1 (HKLM-x32\...\{2C75A885-9B73-4BC4-BB4E-974CDBB37F3C}_is1) (Version: 6.1 - GLS Software & Systeme)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.2.183.29 - Google Inc.) Hidden
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.2.969.23408 - Google Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
honestech Audio Recorder 2.0 Deluxe (HKLM-x32\...\{A0BC5BCD-893F-47F4-8903-FDC7CAC2AFB1}) (Version: 2.0 - honestech)
honestech Audio Recorder 2.0 Deluxe (x32 Version: 2.0 - Honest Technology) Hidden
HP 3D DriveGuard (HKLM\...\{7B4DEBE1-E3E3-45BD-88E6-6C3CA9EEED36}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Automation Agent Preload  (HKLM-x32\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{801EAD7A-7202-4BE4-84A1-299202AD17C0}) (Version: 2.0.7.1 - Hewlett-Packard Company)
HP GPS and Location (HKLM-x32\...\{225C4860-9D03-49F5-B983-943EB938E0B0}) (Version: 1.0.26.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 6.3.5.3 - Ericsson AB)
HP Power Assistant (HKLM\...\{D9355D03-2C06-401B-8A16-F6500379AE21}) (Version: 2.1.0.6 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.06.1004 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 6.06.1004 - Hewlett-Packard Company) Hidden
HP QuickWeb (HKLM-x32\...\{6B5E7B4F-64A2-4DEB-B210-0DD92F940A01}) (Version: 3.0.3.9925 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{D2A2E5CD-801A-4B8D-8119-F79449A09B67}) (Version: 2.3.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6428.0 - IDT)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
JNLP (HKCU\...\JNLP) (Version:  - JNLP)
Juniper Citrix Services Client (HKCU\...\Juniper_Citrix_Services) (Version: 6.5.0.15991 - Juniper Networks)
Juniper Installer Service (HKLM-x32\...\SetupService) (Version: 2.1.2.5973 - Juniper Networks)
Juniper Networks Cache Cleaner 6.5.0 (HKCU\...\Juniper_Networks_Cache_Cleaner 6.5.0) (Version: 6.5.0.15991 - Juniper Networks)
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.2.0.22071 - Juniper Networks)
Juniper Networks Network Connect 6.5.0 (HKLM-x32\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.15991 - Juniper Networks)
Juniper Networks Network Connect 7.2.0 (HKLM-x32\...\Juniper Network Connect 7.2.0) (Version: 7.2.0.22071 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.2.5.26817 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Lotus Notes 8.0.2 de (HKLM-x32\...\{A653AE3D-2B82-46F2-BB14-6AA4EB5EB56C}) (Version: 8.02.8255 - IBM)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Online Services-Anmeldeassistent (HKLM\...\{E20B2752-0909-4B28-B8A9-A9BE519CA1A1}) (Version: 7.250.4287.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.3.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NCH DE Toolbar (HKLM-x32\...\NCH_DE Toolbar) (Version: 6.10.2.5 - NCH DE)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
ORCA AVA (HKLM-x32\...\{8AF681AD-7AB3-4F87-B056-62F056638118}) (Version: 18.00.0010 - ORCA Software GmbH)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Privacy Manager for HP ProtectTools (HKLM\...\{5476AB75-E584-4497-80AF-7F205D8F6F54}) (Version: 6.01.842 - Hewlett-Packard Company)
Profi cash (HKLM-x32\...\Profi cash) (Version:  - )
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio MyDVD Business 2010 (HKLM-x32\...\{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}) (Version: 12.1.74.13 - Roxio)
Roxio MyDVD Business 2010 (x32 Version: 1.0.410 - Roxio) Hidden
Roxio Secure Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.8.73.2 - Roxio)
Roxio Secure Burn (x32 Version: 1.8 - Roxio) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
SeeSimilar (HKLM-x32\...\SeeSimilar) (Version: 1.0.0.6 - SeeSimilar.com)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version:  - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.9 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.33 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.33 - Hewlett-Packard Company) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{007CC0F3-15DE-426D-95B5-B019FCEF58CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{651EE0E5-C789-48D8-8B91-F79352B783C9}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{BFA2D2A7-4FAC-4862-B7A3-960B329C2177}) (Version: 4.3.216.0 - Validity Sensors, Inc.)
ViewCompanion Standard 6.01 (HKLM-x32\...\ViewCompanion Standard_is1) (Version: 6.01.0.0 - Software Companions)
VIP Access SDK (1.0.1.5)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.5 - Symantec Inc.)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.204.39000 - Vodafone)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WISO Haushaltsbuch 2013 (HKLM-x32\...\WISO Haushaltsbuch 2013) (Version:  - Buhl Data Service GmbH)
WISO Haushaltsbuch 2013 (x32 Version: 15.0.0.1 - Buhl Data Service GmbH) Hidden
WISO Mein Geld 2010 Professional (HKLM-x32\...\WISO Mein Geld 2010 Professional) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2010 Professional (x32 Version: 11.00.00.0025 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)

==================== Restore Points  =========================

28-05-2014 12:21:56 Geplanter Prüfpunkt
06-06-2014 09:33:49 Wiederherstellungsvorgang

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-19 14:09 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {15F35C20-E7B6-454C-B323-DF3C9BBDCECF} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {27272250-B58F-4F32-A794-87EF17C9DE40} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {4CC58D82-EBA1-4466-86C4-8816231CE357} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23] (Google Inc.)
Task: {4E1A0603-8305-4365-AE88-3384F11281BF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {5F09F09D-97DC-470C-B854-AD0C38DA93E6} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-05-08] (Google)
Task: {6B1C7CBC-9B47-4076-B7E4-81350EA7DF65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7BA78D53-CAF0-4A99-BDE5-D15A48C0D105} - System32\Tasks\NCH Software\SwitchReminder => C:\Program Files (x86)\NCH Software\Switch\Switch.exe [2012-09-27] (NCH Software)
Task: {7C066AA3-9170-473F-BE3A-B8BB92CBB1A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23] (Google Inc.)
Task: {7E98C35A-96FA-4F56-8E58-A62E644760E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8360D29A-7FEA-4CBB-947A-81F8BB8E8EF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {A3C402F1-9D93-4860-9253-52A824E24DED} - System32\Tasks\HPCeeScheduleForuser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {C31496B2-DDF1-44AF-A918-EE85016D2FFC} - System32\Tasks\fvw434495 => C:\windows\fvwuac434495.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForuser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-02-08 12:52 - 2012-02-08 12:52 - 01956864 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcNp64.DLL
2010-11-04 11:53 - 2007-02-09 11:41 - 00014848 _____ () C:\windows\System32\KOAZXJ_L.dll
2011-04-08 04:18 - 2011-04-08 04:18 - 00027648 _____ () C:\windows\System32\sdf2ml6.dll
2011-07-18 16:48 - 2011-07-18 16:48 - 00156216 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-02-08 13:00 - 2012-02-08 13:00 - 03401216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-09-06 13:18 - 2010-09-06 13:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-02-08 12:08 - 2012-02-08 12:08 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2012-02-08 12:10 - 2012-02-08 12:10 - 01323008 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2013-11-21 21:57 - 2013-11-21 21:57 - 00088576 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2012-02-08 12:44 - 2012-02-08 12:44 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2011-02-12 01:26 - 2011-02-12 01:26 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-02-12 01:26 - 2011-02-12 01:26 - 00024576 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2011-02-06 22:34 - 2011-02-06 22:34 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-08 19:01 - 2011-06-11 12:42 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-08 12:40 - 2012-02-08 12:40 - 02830336 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-02-08 12:08 - 2012-02-08 12:08 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-02-08 12:43 - 2012-02-08 12:43 - 02863104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-02-08 12:41 - 2012-02-08 12:41 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-02-08 12:12 - 2012-02-08 12:12 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-02-08 12:13 - 2012-02-08 12:13 - 01945600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2012-02-08 12:39 - 2012-02-08 12:39 - 03092480 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2011-09-27 14:41 - 2010-02-17 20:20 - 00065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
2009-11-28 01:33 - 2009-11-28 01:33 - 00202896 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\events_trace.dll
2009-11-28 01:33 - 2009-11-28 01:33 - 00282768 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\fnls.dll
2009-11-28 01:42 - 2009-11-28 01:42 - 00423544 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\FileTrace.dll
2012-04-23 17:49 - 2012-04-23 17:49 - 00396800 _____ () C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-08-29 13:42 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-01-10 09:57 - 2013-01-10 09:57 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aba32239352f1d058c2bd7c55ee256e2\IsdiInterop.ni.dll
2011-09-27 14:36 - 2011-01-13 03:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk => C:\windows\pss\Google Updater.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^honestech Audio Recorder 2.0 Deluxe Launcher.lnk => C:\windows\pss\honestech Audio Recorder 2.0 Deluxe Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Zahlungserinnerung.lnk => C:\windows\pss\Zahlungserinnerung.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\user\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: IFXSPMGT => "c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: QLBController => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2014 02:58:31 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (06/06/2014 02:58:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).

Error: (06/06/2014 02:58:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).

Error: (06/06/2014 01:32:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).

Error: (06/06/2014 01:31:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).

Error: (06/06/2014 01:00:45 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).

Error: (06/06/2014 01:00:43 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).

Error: (06/06/2014 01:00:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).

Error: (06/06/2014 01:00:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Beschreibung = Configured Microsoft Office Home and Business 2010; Fehler = 0x8007043c).

Error: (06/06/2014 00:51:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avshadow.exe, Version: 14.0.4.642, Zeitstempel: 0x536c9660
Name des fehlerhaften Moduls: avshadow.exe, Version: 14.0.4.642, Zeitstempel: 0x536c9660
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000001370e
ID des fehlerhaften Prozesses: 0x2dc
Startzeit der fehlerhaften Anwendung: 0xavshadow.exe0
Pfad der fehlerhaften Anwendung: avshadow.exe1
Pfad des fehlerhaften Moduls: avshadow.exe2
Berichtskennung: avshadow.exe3


System errors:
=============
Error: (06/06/2014 03:13:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Mobile 2003-basierte Gerätekonnektivität" wurde mit folgendem Fehler beendet:
%%193

Error: (06/06/2014 03:12:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {373E19B5-76AA-46D5-93A9-2E39A99B39B2}

Error: (06/06/2014 03:12:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/06/2014 03:11:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Mobile 2003-basierte Gerätekonnektivität" wurde mit folgendem Fehler beendet:
%%193

Error: (06/06/2014 03:07:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (06/06/2014 03:07:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (06/06/2014 03:07:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (06/06/2014 03:05:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (06/06/2014 03:05:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (06/06/2014 03:05:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================
Error: (06/06/2014 02:58:31 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (06/06/2014 02:58:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (06/06/2014 02:58:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (06/06/2014 01:32:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (06/06/2014 01:31:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (06/06/2014 01:00:45 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (06/06/2014 01:00:43 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (06/06/2014 01:00:20 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (06/06/2014 01:00:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (06/06/2014 00:51:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avshadow.exe14.0.4.642536c9660avshadow.exe14.0.4.642536c9660c0000409000000000001370e2dc01cf81754a263e1eC:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe90c71626-ed68-11e3-b08d-028037ec0200


CodeIntegrity Errors:
===================================
  Date: 2014-06-06 15:20:28.183
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 15:18:42.726
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 15:18:07.913
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 15:17:46.178
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 15:17:42.487
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 15:16:56.397
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 15:15:21.414
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 15:13:27.429
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 15:12:41.897
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-06 12:40:31.630
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 4070.36 MB
Available physical RAM: 1764.84 MB
Total Pagefile: 8138.91 MB
Available Pagefile: 4937.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:444.61 GB) (Free:316.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:15.86 GB) (Free:2.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.12 GB) FAT32
Drive f: (SSU) (CDROM) (Total:0.69 GB) (Free:0.33 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2DFC636B)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End Of Log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-06 15:50:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.MH00 465,76GB
Running: Gmer-19357 (1).exe; Driver: C:\Users\user\AppData\Local\Temp\pwdyafow.sys


---- User code sections - GMER 2.1 ----

.text  c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe[2392] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                          0000000076391465 2 bytes [39, 76]
.text  c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe[2392] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          00000000763914bb 2 bytes [39, 76]
.text  ...                                                                                                                                                                                                    * 2
.text  C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3660] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                                                                                0000000070f811a8 2 bytes [F8, 70]
.text  C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3660] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                                                                          0000000070f813a8 2 bytes [F8, 70]
.text  C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3660] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                                                                              0000000070f81422 2 bytes [F8, 70]
.text  C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3660] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                                                                                      0000000070f81498 2 bytes [F8, 70]
.text  C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3660] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                                                                            0000000070d91b41 2 bytes [D9, 70]
.text  C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3660] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                                                                            0000000070d91be8 2 bytes [D9, 70]
.text  C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3660] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                                                                            0000000070d91c20 2 bytes [D9, 70]
.text  C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3660] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                                                                            0000000070d91cd2 2 bytes [D9, 70]
.text  C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3660] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                                                                            0000000070d91cf2 2 bytes [D9, 70]
.text  C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[552] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                            0000000076391465 2 bytes [39, 76]
.text  C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[552] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          00000000763914bb 2 bytes [39, 76]
.text  ...                                                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                                                                        00000000774c25fd 6 bytes JMP 0000000161438054
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                                                        00000000774d2a63 6 bytes JMP 00000001613d980d
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\kernel32.dll!CreateThread                                                                                              00000000767634b5 5 bytes JMP 00000001613d75e3
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\USER32.dll!CreateWindowExW                                                                                            00000000765b8a29 5 bytes JMP 00000001614403df
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\USER32.dll!CreateWindowExA                                                                                            00000000765bd22e 5 bytes JMP 00000001613e3643
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\USER32.dll!EnableWindow                                                                                                00000000765c2da4 5 bytes JMP 0000000161419ebc
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamW                                                                                    00000000765dcbf3 5 bytes JMP 0000000161568f36
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\USER32.dll!DialogBoxParamW                                                                                            00000000765dcfca 5 bytes JMP 0000000161371893
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\USER32.dll!DialogBoxParamA                                                                                            00000000765fcb0c 5 bytes JMP 0000000161568ed1
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamA                                                                                    00000000765fce64 5 bytes JMP 0000000161568f9b
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA                                                                                        000000007660fbd1 5 bytes JMP 0000000161568e58
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW                                                                                        000000007660fc9d 5 bytes JMP 0000000161568ddf
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\USER32.dll!MessageBoxExA                                                                                              000000007660fcd6 5 bytes JMP 0000000161568d7b
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\USER32.dll!MessageBoxExW                                                                                              000000007660fcfa 5 bytes JMP 0000000161568d17
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\ole32.dll!OleLoadFromStream                                                                                            0000000075d26143 5 bytes JMP 0000000161569704
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\OLEAUT32.dll!SysFreeString                                                                                            0000000076b43e59 5 bytes JMP 00000001615697fc
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\OLEAUT32.dll!VariantClear                                                                                              0000000076b43eae 5 bytes JMP 000000016156987a
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen                                                                                    0000000076b44731 5 bytes JMP 000000016156976e
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\OLEAUT32.dll!VariantChangeType                                                                                        0000000076b45dee 5 bytes JMP 000000016156981a
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                            0000000076ba93ec 5 bytes JMP 0000000161569150
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                    0000000076391465 2 bytes [39, 76]
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                  00000000763914bb 2 bytes [39, 76]
.text  ...                                                                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW  00000000720d388e 5 bytes JMP 0000000161569000
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet  0000000072177922 5 bytes JMP 00000001615690a8
.text  C:\Program Files (x86)\Internet Explorer\iexplore.exe[6532] C:\windows\syswow64\comdlg32.dll!PageSetupDlgW                                                                                            0000000076282694 5 bytes JMP 0000000161569348
?      C:\windows\system32\mssprxy.dll [6532] entry point in ".rdata" section                                                                                                                                0000000069ae71e6

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf41d5fe7                                                                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf465b52d                                                                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                                                                                                        11439
Reg    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                                                                                      6723
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CCE06AD2-94BF-410A-94CD-6F3D2A4B59DA}@LeaseObtainedTime                                                                            1402061671
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CCE06AD2-94BF-410A-94CD-6F3D2A4B59DA}@T1                                                                                          1402493671
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CCE06AD2-94BF-410A-94CD-6F3D2A4B59DA}@T2                                                                                          1402817671
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CCE06AD2-94BF-410A-94CD-6F3D2A4B59DA}@LeaseTerminatesTime                                                                          1402925671
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf41d5fe7 (not active ControlSet)                                                                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf465b52d (not active ControlSet)                                                                                                       

---- EOF - GMER 2.1 ----

deeprybka 06.06.2014 15:33
Hi,
keine sensiblen Logins (paypal, ebay etc.) mehr auf diesem PC bis zum clean, Passwortänderung für selbige von einem sauberen System aus würde ich sehr empfehlen.


:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.

Schritt 2

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Drücke auf Scan und poste mir die Fixlog.txt und die FRST.txt

Kannst Du Avira wieder bedienen? Bitte keine Scans durchführen. Dieser Schritt dient nur dazu, dass Du Avira deaktivieren kannst. Das ist für die folgenden Schritte notwendig.

zorin74 06.06.2014 19:45
Hi, hier die Dateien. Avira lässt sich wieder aufrufen !



Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014
Ran by user at 2014-06-06 20:40:35 Run:1
Running from C:\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
       
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by user (administrator) on SPF-11-20040 on 06-06-2014 20:41:52
Running from C:\FRST
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Freecom) C:\Windows\Temp\Password.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2012-02-08] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [382816 2009-11-28] (Acronis)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2996792 2011-07-15] (Hewlett-Packard Company)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-12-29] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-12-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-08-26] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DsMgr] => C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe [93240 2011-03-11] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [BackupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1550280 2009-11-28] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe [959192 2009-11-28] (Acronis)
HKLM-x32\...\Run: [TrayMonitor.exe] => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [843016 2009-11-28] (Acronis)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-04-23] (Vodafone)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\Run: [IExplorer Util] => C:\Users\user\AppData\Roaming\ie_util.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\Run: [{BECEF8D4-BC6E-AD40-3E16-8C4101D5AF5C}] => C:\Users\user\AppData\Roaming\Bahiqy\ryeto.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\Run: [mudtyc] => regsvr32.exe "C:\ProgramData\mudtyc.dat"
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\MountPoints2: G - G:\Password.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\MountPoints2: {68bac23b-7e65-11e1-b27c-402cf465b52d} - G:\Password.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\MountPoints2: {a6fbee3a-84a3-11e2-8060-028037ec0200} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\MountPoints2: {a9e93f89-0b9d-11e1-b946-402cf41d5fe7} - H:\Password.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\Run: [IExplorer Util] => C:\Users\Acronis Agent User\AppData\Roaming\ie_util.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\Run: [{BECEF8D4-BC6E-AD40-3E16-8C4101D5AF5C}] => C:\Users\Acronis Agent User\AppData\Roaming\Bahiqy\ryeto.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: G - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {6b73e069-6382-11e1-8ac7-806e6f6e6963} - F:\start.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {a6fbee3a-84a3-11e2-8060-028037ec0200} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {a9e93f89-0b9d-11e1-b946-402cf41d5fe7} - H:\Password.exe
Lsa: [Notification Packages] DPPassFilter EpePcNp64 scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Password.lnk
ShortcutTarget: Password.lnk -> C:\Windows\Temp\Password.exe (Freecom)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
URLSearchHook: HKLM-x32 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
URLSearchHook: HKCU - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - {F626F1A9-F18D-42C8-AF56-918773ACE65A} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
BHO: SeeSimilar - {7549CA81-7BB5-41AF-AF7D-4689F5CF8340} - C:\Program Files (x86)\SeeSimilar\ScriptHost64.dll (SeeSimilar.com)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: SeeSimilar - {7549CA81-7BB5-41AF-AF7D-4689F5CF8340} - C:\Program Files (x86)\SeeSimilar\ScriptHost.dll (SeeSimilar.com)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {B106B661-3E1B-4015-AF5C-195E909F35C6} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{236D54DF-DBFD-4378-B4D1-E1F3A8E85253}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=11 - C:\Program Files (x86)\Google\Google Updater\2.2.969.23408\npCIDetect11.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @autodesk.com/DWF - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com [2013-10-08]
FF HKCU\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com [2013-10-08]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Autodesk Design Review Browser Add-on v1.2) - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files (x86)\Google\Google Updater\2.2.969.23408\npCIDetect11.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-08]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-08]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-08]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-08]
CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hekmimebcpbncnklfjadbpnjiaffabee [2013-10-08]
CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-04]
CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR Extension: (appbarioDE 1) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pickdmmkcajdddggmoaommkkoafandof [2013-10-08]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-08]
CHR HKCU\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-09-29]
CHR HKLM-x32\...\Chrome\Extension: [hekmimebcpbncnklfjadbpnjiaffabee] - C:\Users\user\AppData\Roaming\SeeSimilar\SeeSimilar.crx [2013-10-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-09-29]

==================== Services (Whitelisted) =================

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [1877848 2009-11-28] (Acronis)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-08-24] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-20] (Infineon Technologies AG)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-02-08] ()
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [4290896 2009-11-28] (Acronis)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2078112 2011-09-28] (Microsoft Corp.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-20] (Infineon Technologies AG)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [4819968 2011-09-27] (Broadcom Corporation)
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [586280 2011-03-03] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
R3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [101416 2011-02-28] (Ericsson AB)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-12-22] (JMicron Technology Corp.)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-02-08] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-02-08] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S3 vdfusbwwan; C:\Windows\System32\DRIVERS\vdfusbwwan.sys [768512 2012-04-23] (ZTE Corporation)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [277032 2011-03-04] (Ericsson AB)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-06 20:38 - 2014-06-06 20:39 - 02072576 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-06-06 15:50 - 2014-06-06 15:50 - 00012806 _____ () C:\Users\user\Desktop\gmer.log
2014-06-06 15:40 - 2014-06-06 15:40 - 00054927 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-06 15:39 - 2014-06-06 15:39 - 00043208 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-06 15:34 - 2014-06-06 15:35 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357 (1).exe
2014-06-06 15:33 - 2014-06-06 15:33 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00050477 _____ () C:\Users\user\Downloads\Defogger.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00000242 _____ () C:\Users\user\Desktop\defogger_enable.log
2014-06-06 15:31 - 2014-06-06 15:32 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log
2014-06-06 15:31 - 2014-06-06 15:32 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-06-06 15:20 - 2014-06-06 20:42 - 00000000 ____D () C:\FRST
2014-06-06 12:49 - 2014-06-06 12:49 - 00275208 _____ () C:\windows\Minidump\060614-21730-01.dmp
2014-06-04 15:47 - 2014-06-04 15:54 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-05-21 09:48 - 2014-05-21 09:48 - 00000000 ____D () C:\Users\user\Documents\Need for Speed World
2014-05-20 12:06 - 2014-05-20 12:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Need for Speed World
2014-05-20 11:24 - 2014-06-06 12:23 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-20 11:24 - 2014-06-06 12:23 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-05-20 11:24 - 2014-05-20 11:24 - 00000000 ____D () C:\Users\user\AppData\Local\Electronic_Arts_Inc
2014-05-13 09:18 - 2014-05-13 09:24 - 00009081 _____ () C:\Users\user\Desktop\Kennwort Outlook.xlsx

==================== One Month Modified Files and Folders =======

2014-06-06 20:42 - 2014-06-06 15:20 - 00000000 ____D () C:\FRST
2014-06-06 20:42 - 2011-11-10 15:14 - 00000000 ____D () C:\Users\user\AppData\Local\Temp
2014-06-06 20:39 - 2014-06-06 20:38 - 02072576 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-06-06 20:22 - 2012-04-02 09:19 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 20:20 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 20:20 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 20:19 - 2011-03-08 19:03 - 00702524 _____ () C:\windows\system32\perfh007.dat
2014-06-06 20:19 - 2011-03-08 19:03 - 00150048 _____ () C:\windows\system32\perfc007.dat
2014-06-06 20:19 - 2009-07-14 07:13 - 01622100 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-06 20:17 - 2012-08-07 08:36 - 00000000 ____D () C:\Users\user\Documents\Outlook-Dateien
2014-06-06 20:15 - 2013-05-08 08:19 - 00004140 _____ () C:\windows\System32\Tasks\Google Software Updater
2014-06-06 20:15 - 2013-05-08 08:19 - 00001034 _____ () C:\windows\Tasks\Google Software Updater.job
2014-06-06 20:12 - 2011-11-23 12:14 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 20:11 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-06 20:11 - 2009-07-14 06:51 - 00171357 _____ () C:\windows\setupact.log
2014-06-06 15:50 - 2014-06-06 15:50 - 00012806 _____ () C:\Users\user\Desktop\gmer.log
2014-06-06 15:43 - 2011-11-23 12:14 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 15:40 - 2014-06-06 15:40 - 00054927 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-06 15:39 - 2014-06-06 15:39 - 00043208 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-06 15:35 - 2014-06-06 15:34 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357 (1).exe
2014-06-06 15:33 - 2014-06-06 15:33 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00050477 _____ () C:\Users\user\Downloads\Defogger.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00000242 _____ () C:\Users\user\Desktop\defogger_enable.log
2014-06-06 15:32 - 2014-06-06 15:31 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log
2014-06-06 15:32 - 2014-06-06 15:31 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-06-06 15:09 - 2012-08-07 10:35 - 00000000 ____D () C:\Users\user\Documents\Privat
2014-06-06 12:49 - 2014-06-06 12:49 - 00275208 _____ () C:\windows\Minidump\060614-21730-01.dmp
2014-06-06 12:49 - 2012-09-11 22:26 - 681168329 _____ () C:\windows\MEMORY.DMP
2014-06-06 12:49 - 2012-09-11 22:26 - 00000000 ____D () C:\windows\Minidump
2014-06-06 12:36 - 2012-04-06 11:51 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-06 12:34 - 2013-08-06 10:49 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-06-06 12:34 - 2013-08-06 10:49 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-06-06 12:29 - 2013-05-08 08:19 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-06 12:26 - 2011-11-23 12:13 - 00000000 ____D () C:\ProgramData\Google Updater
2014-06-06 12:24 - 2011-09-27 14:32 - 02667277 _____ () C:\windows\WindowsUpdate.log
2014-06-06 12:23 - 2014-05-20 11:24 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-06 12:23 - 2014-05-20 11:24 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-06-06 12:23 - 2013-05-08 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-06 12:23 - 2013-03-14 15:06 - 00000000 ____D () C:\Users\Public\Documents\Profi cash
2014-06-06 12:23 - 2011-11-23 14:59 - 00000000 ____D () C:\windows\system32\Macromed
2014-06-06 12:23 - 2011-11-22 16:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\IrfanView
2014-06-06 12:23 - 2011-11-10 15:17 - 00000000 ____D () C:\Users\user\AppData\Local\Hewlett-Packard
2014-06-06 12:23 - 2011-03-08 18:55 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-06-06 12:23 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-06 12:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-06-06 12:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2014-06-06 12:22 - 2012-08-07 14:36 - 00000000 ____D () C:\Users\user\Documents\Projekte
2014-06-06 12:18 - 2012-03-05 11:01 - 00000000 __RHD () C:\MSOCache
2014-06-06 11:29 - 2013-03-27 15:45 - 00000000 ____D () C:\Users\user\Desktop\Dateien
2014-06-06 10:58 - 2013-11-18 14:42 - 00806912 _____ () C:\Users\user\Desktop\Monatsausgaben 2013-2014.xls
2014-06-05 11:22 - 2012-12-06 08:57 - 00000000 ____D () C:\Users\user\Documents\WISO Haushaltsbuch
2014-06-04 18:20 - 2008-03-10 11:26 - 00002124 ____H () C:\Users\user\Documents\Default.rdp
2014-06-04 15:54 - 2014-06-04 15:47 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-06-02 15:22 - 2013-11-10 20:57 - 00000000 ____D () C:\Users\user\Desktop\Vermögensübersichten
2014-06-02 10:43 - 2013-03-25 09:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\GLS Vereinsmeister
2014-06-02 10:43 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-06-01 22:29 - 2010-03-25 16:36 - 00157696 _____ () C:\Users\user\Desktop\Neu Microsoft Excel-Arbeitsblatt.xls
2014-05-21 09:48 - 2014-05-21 09:48 - 00000000 ____D () C:\Users\user\Documents\Need for Speed World
2014-05-20 12:06 - 2014-05-20 12:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Need for Speed World
2014-05-20 11:24 - 2014-05-20 11:24 - 00000000 ____D () C:\Users\user\AppData\Local\Electronic_Arts_Inc
2014-05-19 10:44 - 2014-03-16 10:54 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForuser.job
2014-05-16 07:34 - 2009-07-14 07:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-05-14 15:22 - 2012-04-02 09:19 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 15:22 - 2012-04-02 09:19 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 15:22 - 2011-11-23 14:59 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 09:24 - 2014-05-13 09:18 - 00009081 _____ () C:\Users\user\Desktop\Kennwort Outlook.xlsx
2014-05-13 09:16 - 2009-07-14 04:34 - 00000646 _____ () C:\windows\win.ini
2014-05-12 16:35 - 2013-03-14 15:06 - 00000000 ____D () C:\Program Files (x86)\Profi cash
2014-05-12 12:38 - 2011-11-23 12:14 - 00004102 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 12:38 - 2011-11-23 12:14 - 00003850 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 08:19 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Files to move or delete:
====================
C:\Windows\System32\mctadmin.exe


Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\sp64126.exe
C:\Users\user\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\user\AppData\Local\Temp\_isF1BD.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-03 09:17

==================== End Of Log ============================
--- --- ---

deeprybka 06.06.2014 19:50
OK, dann so weiter...

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

zorin74 06.06.2014 20:12
wie bekomme ich avira komplett abgeschaltet ?

deeprybka 06.06.2014 20:17
Liste der Anhänge anzeigen (Anzahl: 1)
ICH persönlich würde ihn sowieso deinstallieren und gegen was anderes eintauschen, aber darum geht es hier nicht. ;)

Siehe Bild. Echtzeitscanner ausmachen.

zorin74 07.06.2014 02:14
Code:
ComboFix 14-06-04.01 - user 06.06.2014  21:21:59.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4070.1517 [GMT 2:00]
ausgeführt von:: C:\Users\user\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))


C:\END
C:\Thumbs.db
C:\Users\user\AppData\Roaming\Bahiqy\ryeto.exe
C:\Users\user\AppData\Roaming\SearchProtect
C:\Users\user\videos\AUTORUN.EXE
C:\windows\pkunzip.pif
C:\windows\pkzip.pif


(((((((((((((((((((((((  Dateien erstellt von 2014-05-06 bis 2014-06-06  ))))))))))))))))))))))))))))))


2014-06-06 19:40:54 . 2014-06-06 19:40:54        --------        d-----w-        C:\Users\Default\AppData\Local\temp
2014-06-06 19:40:54 . 2014-06-06 19:40:54        --------        d-----w-        C:\Users\Acronis Agent User\AppData\Local\temp
2014-06-06 13:20:42 . 2014-06-06 18:42:40        --------        d-----w-        C:\FRST
2014-06-06 10:29:28 . 2014-04-23 09:50:10        1031560        ----a-w-        C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8D704735-B36A-4697-BEF4-8F88CAA42669}\gapaengine.dll
2014-06-06 10:28:56 . 2014-05-19 23:18:14        10702536        ----a-w-        C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F5B62FFF-9D3B-4988-B97A-31A495F5022D}\mpengine.dll
2014-06-06 10:24:40 . 2014-04-17 03:31:46        10651704        ----a-w-        C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-04 13:47:53 . 2014-06-04 13:54:08        --------        d-----w-        C:\Users\user\AppData\Local\Adobe
2014-05-20 10:06:39 . 2014-05-20 10:06:39        --------        d-----w-        C:\Users\user\AppData\Roaming\Need for Speed World
2014-05-20 09:24:28 . 2014-05-20 09:24:28        --------        d-----w-        C:\Users\user\AppData\Local\Electronic_Arts_Inc
2014-05-20 09:24:16 . 2014-06-06 10:23:11        --------        d-----w-        C:\ProgramData\Electronic Arts
2014-05-20 09:24:16 . 2014-06-06 10:23:11        --------        d-----w-        C:\Program Files (x86)\Electronic Arts
.


((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-06-06 10:34:02 . 2013-08-06 08:49:48        130584        ----a-w-        C:\windows\system32\drivers\avipbb.sys
2014-06-06 10:34:01 . 2013-08-06 08:49:48        112080        ----a-w-        C:\windows\system32\drivers\avgntflt.sys
2014-05-14 13:22:51 . 2012-04-02 07:19:32        692400        ----a-w-        C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 13:22:51 . 2011-11-23 12:59:41        70832        ----a-w-        C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-23 09:50:10 . 2013-10-21 03:29:15        1031560        ----a-w-        C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-03-31 07:35:08 . 2011-11-10 13:31:19        270496        ------w-        C:\windows\system32\MpSigStub.exe

deeprybka 07.06.2014 08:26
Ok, aber ist das Log vollständig? ;)

Schritt 1
http://filepony.de/icon/malwarebytes_anti_malware.png Malwarebytes Antimalware
  • Download-Link
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 3
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut und drücke auf Scan. Log bitte posten.

zorin74 07.06.2014 19:10
Hallo und erst mal danke.

Das log war Komplett. Ich hatte nach der Anwendung von Comobfix 123 Windows updates laufen. Aktuell wird noch eine Fehlermeldung zur RegSvr32 angezeigt, dass es Probleme mit einer binären Datei Gäbe.

Deine restlichen Anweisungen gehe ich gerade durch. Melde mich sobald ich fertig bin.

Gruß

Zorin

deeprybka 07.06.2014 19:12
Ok :)

zorin74 07.06.2014 19:19
Hier schon mal die Datei zu Schritt 1:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 07.06.2014
Suchlauf-Zeit: 19:53:27
Logdatei:
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.07.05
Rootkit Datenbank: v2014.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: user

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 320407
Verstrichene Zeit: 19 Min, 33 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 20
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\CLASSES\CLSID\{0FA593AC-4E65-4005-9A86-084D5127784A}, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0FA593AC-4E65-4005-9A86-084D5127784A}, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{53F69EA0-3FD6-4874-BFEC-14449BFCA2AD}, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{53F69EA0-3FD6-4874-BFEC-14449BFCA2AD}, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\CLASSES\SeeSimilar.Tool.1, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\CLASSES\SeeSimilar.Tool, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SeeSimilar.Tool, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SeeSimilar.Tool.1, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7549CA81-7BB5-41AF-AF7D-4689F5CF8340}, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\CLASSES\SeeSimilar.ScriptHostObject.1, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\CLASSES\SeeSimilar.ScriptHostObject, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SeeSimilar.ScriptHostObject, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7549CA81-7BB5-41AF-AF7D-4689F5CF8340}, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7549CA81-7BB5-41AF-AF7D-4689F5CF8340}, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SeeSimilar.ScriptHostObject.1, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\CLASSES\CLSID\{7549CA81-7BB5-41AF-AF7D-4689F5CF8340}, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKU\S-1-5-21-1526961270-1597272826-2573395482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7549CA81-7BB5-41AF-AF7D-4689F5CF8340}, Löschen bei Neustart, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKU\S-1-5-21-1526961270-1597272826-2573395482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7549CA81-7BB5-41AF-AF7D-4689F5CF8340}, Löschen bei Neustart, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, HKLM\SOFTWARE\CLASSES\CLSID\{7549CA81-7BB5-41AF-AF7D-4689F5CF8340}\INPROCSERVER32, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1526961270-1597272826-2573395482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Löschen bei Neustart, [b9f989ea1c5f33037a936c3c8c76ba46],

Registrierungswerte: 4
Trojan.ZbotR.Gen, HKU\S-1-5-21-1526961270-1597272826-2573395482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{BECEF8D4-BC6E-AD40-3E16-8C4101D5AF5C}, C:\Users\user\AppData\Roaming\Bahiqy\ryeto.exe, Löschen bei Neustart, [04aea1d2de9d8da97100dfaaaf54fc04]
Trojan.Agent.RNSGen, HKU\S-1-5-21-1526961270-1597272826-2573395482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mudtyc, regsvr32.exe "C:\ProgramData\mudtyc.dat", Löschen bei Neustart, [09a9c0b306751a1cdf2d4f8eb35001ff]
Trojan.Agent.IET, HKU\S-1-5-21-1526961270-1597272826-2573395482-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|IExplorer Util, C:\Users\Acronis Agent User\AppData\Roaming\ie_util.exe, In Quarantäne, [5e5479fab9c2b680d5f6c6e854afce32]
Trojan.ZbotR.Gen, HKU\S-1-5-21-1526961270-1597272826-2573395482-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{BECEF8D4-BC6E-AD40-3E16-8C4101D5AF5C}, C:\Users\Acronis Agent User\AppData\Roaming\Bahiqy\ryeto.exe, In Quarantäne, [179bb2c1314a5cda2e431475ca390af6]

Registrierungsdaten: 5
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Gut: (0), Schlecht: (1),Ersetzt,[ebc723505d1ec86e633836323aca17e9]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Gut: (0), Schlecht: (1),Ersetzt,[03afa1d297e4fd39f2aae5836d9712ee]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Gut: (0), Schlecht: (1),Ersetzt,[981a046f24573cfa405dc8a0e22223dd]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1526961270-1597272826-2573395482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowMyComputer, 0, Gut: (1), Schlecht: (0),Löschen bei Neustart,[f1c191e22457a29468b0b4b648bc52ae]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1526961270-1597272826-2573395482-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowMyComputer, 0, Gut: (1), Schlecht: (0),Ersetzt,[199983f03d3e4de9d147254529dbad53]

Ordner: 1
Adware.InstallBrain, C:\ProgramData\IBUpdaterService, In Quarantäne, [c6ecd3a0c4b7ec4a10378d1cee1531cf],

Dateien: 8
PUP.Optional.BestToolBars.A, C:\Program Files (x86)\SeeSimilar\ScriptHost64.dll, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.BestToolBars.A, C:\Program Files (x86)\SeeSimilar\ScriptHost.dll, In Quarantäne, [bef462111764ac8a15d9c5b5df22669a],
PUP.Optional.Softonic.A, C:\Users\user\Downloads\SoftonicDownloader_fuer_microsoft-security-essentials.exe, In Quarantäne, [f6bce68dc3b872c480e6ac76c43df709],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage, In Quarantäne, [f5bd7bf8b6c5f73f48ecbae6dc26bd43],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal, In Quarantäne, [e3cf79fac6b58aacff350898976b6898],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage, In Quarantäne, [3082aec5d6a5ef47b3ca6a3743bf9769],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal, In Quarantäne, [04ae88ebe49736009de0227fab57ce32],
Adware.InstallBrain, C:\ProgramData\IBUpdaterService\repository.xml, In Quarantäne, [c6ecd3a0c4b7ec4a10378d1cee1531cf],

Physische Sektoren: 0
(No malicious items detected)


(end)

zorin74 09.06.2014 08:59
hier die Datei zu Schritt 2:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=c3ae468765b89c4d8929baf064f2d770
# engine=18618
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-08 10:20:24
# local_time=2014-06-09 12:20:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 0 43575740 0 0
# scanned=318898
# found=22
# cleaned=0
# scan_time=24516
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
sh=DB5DEC21F203A3AE275461D03FF977C87C6C00F9 ft=1 fh=09feb8da0d515751 vn="Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Conduit\CT3312329\plugins\TBVerifier.dll"
sh=F48266A97BDB7F58C5B54469B2245CACD46577D0 ft=1 fh=c4efab275ed5eda7 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe"
sh=EB2BBCB97120C69F0E738DF9B521BCAD4CA1DCC8 ft=1 fh=5a1211cb00ea2a3d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH_DE\ldrtbNCH_.dll"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH_DE\NCH_DEToolbarHelper.exe"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll"
sh=2FA3B0E186C3448F5E1CCCCD64B269B9B42454BD ft=1 fh=ca7d86d7cc20a5fb vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH_DE\tbNCH_.dll"
sh=AA21EC9BD2E838AAF12944ABEBF05DFA5FF75C6B ft=1 fh=2e965d835b95ba27 vn="Variante von Win32/Toolbar.Besttoolbars.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\SeeSimilar\AddonsFramework.Typelib.dll"
sh=A32FD060157B981F48D37528893E4F0B0B2E4528 ft=1 fh=a21ef2f4be91eb09 vn="Variante von Win64/Toolbar.Besttoolbars.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\SeeSimilar\AddonsFramework.Typelib64.dll"
sh=7A6A73A5815DC43101554B35DDF7187B8AC7946E ft=1 fh=32cac9a6725740a5 vn="Win32/Toolbar.Besttoolbars.G evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\SeeSimilar\BackgroundHost.exe"
sh=D95686555F01D6CEBB66F3ACCD2C84EA1DB0A386 ft=1 fh=43fde5d741b77935 vn="Win64/Toolbar.Besttoolbars.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\SeeSimilar\BackgroundHost64.exe"
sh=0935B2B288CD99D2DC722AEB9E9155C6D69BE44F ft=1 fh=d4e09134b6feca95 vn="Variante von Win32/Toolbar.Besttoolbars.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\SeeSimilar\ButtonSite.dll"
sh=1C51C2EEC494206A690B3CE9D30D4CF09A16E67E ft=1 fh=aeca89965702f0bd vn="Variante von Win32/Toolbar.Besttoolbars.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\SeeSimilar\ButtonSite64.dll"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Conduit\CT2801937\NCH_DEAutoUpdateHelper.exe"
sh=DD0C121876D854BC53D3A2AFB441C1170BE723E7 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx"
sh=6AFAEEC56C44C74542369A58D1E2F57B508F0E0D ft=1 fh=b223f168b5e1d79a vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pickdmmkcajdddggmoaommkkoafandof\10.20.1.8_0\plugins\ConduitChromeApiPlugin.dll"
sh=DB5DEC21F203A3AE275461D03FF977C87C6C00F9 ft=1 fh=09feb8da0d515751 vn="Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pickdmmkcajdddggmoaommkkoafandof\10.20.1.8_0\plugins\TBVerifier.dll"
sh=693584092F8B0CFE16BF29602DDCB12BFADB2EFA ft=1 fh=ca5e11cf0957c1ea vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pickdmmkcajdddggmoaommkkoafandof\10.21.1.507_0\plugins\ConduitChromeApiPlugin.dll"
sh=738A06CFA5916F0E65BE9B34269464112F13F64D ft=1 fh=02170ed71572fbfe vn="Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pickdmmkcajdddggmoaommkkoafandof\10.21.1.507_0\plugins\TBVerifier.dll"
sh=EB2BBCB97120C69F0E738DF9B521BCAD4CA1DCC8 ft=1 fh=5a1211cb00ea2a3d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\LocalLow\NCH_DE\ldrtbNCH_.dll"
sh=2FA3B0E186C3448F5E1CCCCD64B269B9B42454BD ft=1 fh=ca7d86d7cc20a5fb vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\user\AppData\LocalLow\NCH_DE\tbNCH_.dll"
sh=851222C159461E45A3B88902C1BCD2CEAF59C4B0 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2013-2465.IH Trojaner" ac=I fn="C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4b9a8d95-36b7cbf6"
... und hier noch die 3. Datei !


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2014
Ran by user (administrator) on SPF-11-20040 on 09-06-2014 09:56:16
Running from C:\FRST\FRST-OlderVersion
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\NuanceWDS.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2012-02-08] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [382816 2009-11-28] (Acronis)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2996792 2011-07-15] (Hewlett-Packard Company)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-12-29] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-12-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-08-26] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DsMgr] => C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe [93240 2011-03-11] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [BackupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1550280 2009-11-28] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe [959192 2009-11-28] (Acronis)
HKLM-x32\...\Run: [TrayMonitor.exe] => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [843016 2009-11-28] (Acronis)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-04-23] (Vodafone)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: G - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {6b73e069-6382-11e1-8ac7-806e6f6e6963} - F:\start.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {a6fbee3a-84a3-11e2-8060-028037ec0200} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {a9e93f89-0b9d-11e1-b946-402cf41d5fe7} - H:\Password.exe
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Password.lnk
ShortcutTarget: Password.lnk -> C:\Windows\Temp\Password.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
URLSearchHook: HKCU - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - {F626F1A9-F18D-42C8-AF56-918773ACE65A} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {B106B661-3E1B-4015-AF5C-195E909F35C6} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{236D54DF-DBFD-4378-B4D1-E1F3A8E85253}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=11 - C:\Program Files (x86)\Google\Google Updater\2.2.969.23408\npCIDetect11.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @autodesk.com/DWF - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com [2013-10-08]
FF HKCU\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com [2013-10-08]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Autodesk Design Review Browser Add-on v1.2) - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files (x86)\Google\Google Updater\2.2.969.23408\npCIDetect11.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-08]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-08]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-08]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-08]
CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hekmimebcpbncnklfjadbpnjiaffabee [2013-10-08]
CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-04]
CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR Extension: (appbarioDE 1) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pickdmmkcajdddggmoaommkkoafandof [2013-10-08]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-08]
CHR HKCU\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-09-29]
CHR HKLM-x32\...\Chrome\Extension: [hekmimebcpbncnklfjadbpnjiaffabee] - C:\Users\user\AppData\Roaming\SeeSimilar\SeeSimilar.crx [2013-10-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-09-29]

==================== Services (Whitelisted) =================

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [1877848 2009-11-28] (Acronis)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-06] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-08-24] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-11-22] (Macrovision Europe Ltd.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [322048 2011-08-26] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-20] (Infineon Technologies AG)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-02-08] () [File not signed]
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [4290896 2009-11-28] (Acronis)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2078112 2011-09-28] (Microsoft Corp.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-20] (Infineon Technologies AG)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2012-12-29] (IDT, Inc.) [File not signed]
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2012-04-23] (Vodafone) [File not signed]
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [4819968 2011-09-27] (Broadcom Corporation) [File not signed]
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [586280 2011-03-03] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
R3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [101416 2011-02-28] (Ericsson AB)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-12-22] (JMicron Technology Corp.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-02-08] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-02-08] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S3 vdfusbwwan; C:\Windows\System32\DRIVERS\vdfusbwwan.sys [768512 2012-04-23] (ZTE Corporation)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [277032 2011-03-04] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-09 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-08 17:21 - 2014-06-08 17:21 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe
2014-06-08 03:05 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-08 03:05 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-08 03:05 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-08 03:05 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-08 03:05 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-08 03:05 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-07 19:52 - 2014-06-09 09:47 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-07 19:51 - 2014-06-07 19:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-07 19:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-07 19:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-07 19:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-07 19:49 - 2014-06-07 19:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-07 19:44 - 2014-06-07 19:44 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2014-06-07 19:44 - 2014-06-07 19:44 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2014-06-07 04:30 - 2014-06-07 04:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-07 04:24 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-06-07 04:24 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-06-07 04:24 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2014-06-07 04:24 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-06-07 04:10 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2014-06-07 04:04 - 2014-06-07 04:04 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-07 04:04 - 2014-06-07 04:04 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-07 04:04 - 2014-06-07 04:04 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-06-07 04:04 - 2014-06-07 04:04 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-06-07 04:04 - 2014-06-07 04:04 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-06-07 04:04 - 2014-06-07 04:04 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-06-07 04:04 - 2014-06-07 04:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-06-07 04:04 - 2014-06-07 04:04 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-06-07 04:04 - 2014-06-07 04:04 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-07 04:00 - 2014-06-07 04:10 - 00012562 _____ () C:\windows\IE11_main.log
2014-06-07 03:24 - 2014-06-07 03:26 - 00000000 ____D () C:\windows\system32\MRT
2014-06-07 03:01 - 2014-06-07 03:01 - 00264636 _____ () C:\windows\msxml4-KB2758694-enu.LOG
2014-06-06 22:52 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-06-06 22:52 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-06-06 22:52 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-06-06 22:52 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-06-06 22:52 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-06-06 22:52 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-06-06 22:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-06-06 22:52 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2014-06-06 22:52 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2014-06-06 22:52 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll
2014-06-06 22:52 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-06-06 22:52 - 2013-02-15 08:06 - 03717632 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-06-06 22:52 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-06-06 22:52 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-06-06 22:52 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-06-06 22:52 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-06-06 22:51 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-06 22:51 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-06 22:51 - 2014-01-01 01:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-06-06 22:51 - 2014-01-01 01:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-06-06 22:51 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2014-06-06 22:51 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2014-06-06 22:51 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-06-06 22:51 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2014-06-06 22:50 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-06-06 22:50 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-06-06 22:50 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-06 22:50 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-06 22:50 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-06 22:50 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-06 22:50 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-06-06 22:50 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-06-06 22:50 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-06-06 22:50 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-06-06 22:50 - 2013-10-05 22:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-06-06 22:50 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-06-06 22:50 - 2013-09-28 03:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-06-06 22:50 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-06-06 22:50 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2014-06-06 22:50 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-06-06 22:50 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2014-06-06 22:49 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-06 22:49 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-06-06 22:49 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-06-06 22:49 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-06-06 22:49 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-06-06 22:49 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-06-06 22:49 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-06-06 22:49 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-06-06 22:49 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-06-06 22:49 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-06-06 22:49 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-06-06 22:49 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-06-06 22:49 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-06-06 22:49 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-06-06 22:49 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-06-06 22:49 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-06-06 22:49 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-06-06 22:49 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-06-06 22:49 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-06-06 22:49 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-06-06 22:49 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2014-06-06 22:49 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2014-06-06 22:49 - 2013-10-04 04:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-06-06 22:49 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2014-06-06 22:49 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2014-06-06 22:49 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-06-06 22:49 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2014-06-06 22:49 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-06-06 22:49 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2014-06-06 22:49 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-06-06 22:49 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2014-06-06 22:49 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2014-06-06 22:49 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2014-06-06 22:49 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2014-06-06 22:49 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2014-06-06 22:49 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2014-06-06 22:49 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2014-06-06 22:49 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2014-06-06 22:49 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2014-06-06 22:49 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2014-06-06 22:49 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2014-06-06 22:49 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2014-06-06 22:48 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-06-06 22:48 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-06-06 22:48 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-06-06 22:48 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-06-06 22:48 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-06-06 22:48 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-06-06 22:48 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-06-06 22:48 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-06-06 22:48 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-06-06 22:48 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-06-06 22:48 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-06-06 22:48 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-06-06 22:48 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-06-06 22:48 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-06-06 22:48 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-06-06 22:48 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-06-06 22:48 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-06-06 22:48 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-06-06 22:48 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2014-06-06 22:48 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2014-06-06 22:48 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2014-06-06 22:48 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2014-06-06 22:48 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-06-06 22:48 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2014-06-06 22:48 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2014-06-06 22:48 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys
2014-06-06 22:48 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-06-06 22:48 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-06-06 22:48 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-06-06 22:48 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-06-06 22:48 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-06-06 22:48 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-06-06 22:48 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-06-06 22:48 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2014-06-06 22:48 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2014-06-06 22:48 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-06-06 22:48 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2014-06-06 22:48 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2014-06-06 22:47 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-06-06 22:47 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-06-06 22:47 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-06-06 22:47 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-06-06 22:47 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-06-06 22:47 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-06-06 22:47 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-06-06 22:47 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-06-06 22:47 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-06-06 22:47 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-06-06 22:47 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-06 22:47 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2014-06-06 22:47 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2014-06-06 22:47 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-06-06 22:47 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2014-06-06 22:47 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2014-06-06 22:47 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-06-06 22:47 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2014-06-06 22:47 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2014-06-06 22:47 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-06-06 22:47 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-06-06 22:46 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-06-06 22:46 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-06-06 22:46 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-06-06 22:46 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-06-06 22:46 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-06-06 22:46 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-06-06 22:46 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-06-06 22:46 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-06-06 22:46 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-06-06 22:46 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-06-06 22:46 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-06-06 22:46 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-06-06 22:46 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-06-06 22:46 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-06-06 22:46 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-06 22:46 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-06 22:46 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-06-06 22:46 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-06-06 22:46 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-06-06 22:46 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-06-06 22:46 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-06-06 22:46 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2014-06-06 22:46 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2014-06-06 22:46 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2014-06-06 22:46 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2014-06-06 22:46 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2014-06-06 22:46 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2014-06-06 22:46 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-06-06 22:46 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2014-06-06 22:46 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2014-06-06 22:21 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-06-06 22:21 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-06-06 22:21 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2014-06-06 22:21 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-06-06 22:21 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2014-06-06 22:21 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-06-06 22:21 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2014-06-06 22:21 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-06-06 22:21 - 2013-08-01 11:19 - 00984512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-06-06 22:21 - 2013-08-01 11:19 - 00265152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-06-06 22:20 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-06-06 22:20 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-06-06 22:20 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2014-06-06 22:20 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-06-06 22:20 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2014-06-06 22:20 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2014-06-06 22:20 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2014-06-06 22:20 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2014-06-06 22:20 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-06-06 22:20 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Acronis Agent User\AppData\Local\temp
2014-06-06 21:19 - 2014-06-06 22:14 - 00000000 ____D () C:\ComboFix
2014-06-06 21:19 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-06-06 21:19 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-06-06 21:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-06-06 21:09 - 2014-06-06 21:19 - 00000000 ____D () C:\Qoobox
2014-06-06 21:08 - 2014-06-06 21:42 - 00000000 ____D () C:\windows\erdnt
2014-06-06 21:07 - 2014-06-06 20:59 - 05205146 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-06-06 20:56 - 2014-06-06 20:59 - 05205146 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-06 20:38 - 2014-06-06 20:39 - 02072576 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-06-06 15:50 - 2014-06-06 15:50 - 00012806 _____ () C:\Users\user\Desktop\gmer.log
2014-06-06 15:40 - 2014-06-06 15:40 - 00054927 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-06 15:39 - 2014-06-06 15:39 - 00043208 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-06 15:34 - 2014-06-06 15:35 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357 (1).exe
2014-06-06 15:33 - 2014-06-06 15:33 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00050477 _____ () C:\Users\user\Downloads\Defogger.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00000242 _____ () C:\Users\user\Desktop\defogger_enable.log
2014-06-06 15:31 - 2014-06-06 15:32 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log
2014-06-06 15:31 - 2014-06-06 15:32 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-06-06 15:20 - 2014-06-09 09:56 - 00000000 ____D () C:\FRST
2014-06-06 12:49 - 2014-06-06 12:49 - 00275208 _____ () C:\windows\Minidump\060614-21730-01.dmp
2014-06-04 15:47 - 2014-06-04 15:54 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-05-21 09:48 - 2014-05-21 09:48 - 00000000 ____D () C:\Users\user\Documents\Need for Speed World
2014-05-20 12:06 - 2014-05-20 12:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Need for Speed World
2014-05-20 11:24 - 2014-06-06 12:23 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-20 11:24 - 2014-06-06 12:23 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-05-20 11:24 - 2014-05-20 11:24 - 00000000 ____D () C:\Users\user\AppData\Local\Electronic_Arts_Inc
2014-05-13 09:18 - 2014-05-13 09:24 - 00009081 _____ () C:\Users\user\Desktop\Kennwort Outlook.xlsx

==================== One Month Modified Files and Folders =======

2014-06-09 09:56 - 2014-06-06 15:20 - 00000000 ____D () C:\FRST
2014-06-09 09:56 - 2011-11-10 15:14 - 00000000 ____D () C:\Users\user\AppData\Local\Temp
2014-06-09 09:48 - 2011-09-27 14:32 - 01499225 _____ () C:\windows\WindowsUpdate.log
2014-06-09 09:47 - 2014-06-07 19:52 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-09 09:47 - 2011-11-23 12:14 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 09:43 - 2011-11-23 12:14 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 09:22 - 2012-04-02 09:19 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-09 03:57 - 2011-11-10 22:10 - 00000000 ____D () C:\windows\rescache
2014-06-09 03:29 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 03:29 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-09 03:24 - 2013-05-08 08:19 - 00004140 _____ () C:\windows\System32\Tasks\Google Software Updater
2014-06-09 03:24 - 2013-05-08 08:19 - 00001034 _____ () C:\windows\Tasks\Google Software Updater.job
2014-06-09 03:20 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-09 03:19 - 2011-09-27 15:05 - 00436452 _____ () C:\windows\PFRO.log
2014-06-09 03:19 - 2009-07-14 06:51 - 00171693 _____ () C:\windows\setupact.log
2014-06-09 01:17 - 2013-10-08 13:08 - 00000000 ____D () C:\Program Files (x86)\SeeSimilar
2014-06-08 20:40 - 2011-11-23 12:13 - 00000000 ____D () C:\ProgramData\Google Updater
2014-06-08 17:51 - 2013-11-18 14:42 - 00807424 _____ () C:\Users\user\Desktop\Monatsausgaben 2013-2014.xls
2014-06-08 17:21 - 2014-06-08 17:21 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe
2014-06-08 17:15 - 2012-08-07 08:36 - 00000000 ____D () C:\Users\user\Documents\Outlook-Dateien
2014-06-08 03:23 - 2014-03-16 10:54 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForuser.job
2014-06-08 03:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-06-08 03:03 - 2011-03-08 19:03 - 00705108 _____ () C:\windows\system32\perfh007.dat
2014-06-08 03:03 - 2011-03-08 19:03 - 00151476 _____ () C:\windows\system32\perfc007.dat
2014-06-08 03:03 - 2011-03-08 18:27 - 01607396 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-06-08 03:02 - 2009-07-14 07:13 - 01607396 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-07 19:51 - 2014-06-07 19:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-07 19:49 - 2014-06-07 19:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-07 19:44 - 2014-06-07 19:44 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2014-06-07 19:44 - 2014-06-07 19:44 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2014-06-07 19:39 - 2011-11-10 15:35 - 00000000 ___RD () C:\Users\user\Virtual Machines
2014-06-07 19:39 - 2011-11-10 15:35 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-07 19:39 - 2011-11-10 15:35 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-07 19:39 - 2009-07-14 07:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-06-07 19:39 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-07 19:38 - 2011-11-17 13:23 - 00001425 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-07 19:35 - 2009-07-14 06:45 - 00482936 _____ () C:\windows\system32\FNTCACHE.DAT
2014-06-07 19:34 - 2012-05-18 23:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-07 19:34 - 2012-05-18 23:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-07 04:30 - 2014-06-07 04:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-07 04:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-07 04:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-07 04:30 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-06-07 04:29 - 2009-07-27 16:36 - 00000000 ____D () C:\Program Files\Windows Journal
2014-06-07 04:25 - 2011-11-21 14:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-07 04:10 - 2014-06-07 04:00 - 00012562 _____ () C:\windows\IE11_main.log
2014-06-07 04:04 - 2014-06-07 04:04 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-07 04:04 - 2014-06-07 04:04 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-07 04:04 - 2014-06-07 04:04 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-06-07 04:04 - 2014-06-07 04:04 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-06-07 04:04 - 2014-06-07 04:04 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-06-07 04:04 - 2014-06-07 04:04 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-06-07 04:04 - 2014-06-07 04:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-06-07 04:04 - 2014-06-07 04:04 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-06-07 04:04 - 2014-06-07 04:04 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-07 03:56 - 2012-08-07 13:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-07 03:56 - 2012-08-07 13:21 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 03:48 - 2013-10-08 13:18 - 00002057 _____ () C:\windows\epplauncher.mif
2014-06-07 03:47 - 2009-07-14 04:34 - 00000646 _____ () C:\windows\win.ini
2014-06-07 03:32 - 2013-10-08 13:18 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-07 03:31 - 2013-10-08 13:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-07 03:31 - 2013-10-08 13:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-07 03:26 - 2014-06-07 03:24 - 00000000 ____D () C:\windows\system32\MRT
2014-06-07 03:06 - 2012-05-18 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-07 03:01 - 2014-06-07 03:01 - 00264636 _____ () C:\windows\msxml4-KB2758694-enu.LOG
2014-06-06 22:14 - 2014-06-06 21:19 - 00000000 ____D () C:\ComboFix
2014-06-06 21:58 - 2011-11-10 15:15 - 00000000 ____D () C:\Users\user\AppData\Roaming\hpqLog
2014-06-06 21:57 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-06-06 21:42 - 2014-06-06 21:08 - 00000000 ____D () C:\windows\erdnt
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Acronis Agent User\AppData\Local\temp
2014-06-06 21:19 - 2014-06-06 21:09 - 00000000 ____D () C:\Qoobox
2014-06-06 20:59 - 2014-06-06 21:07 - 05205146 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-06-06 20:59 - 2014-06-06 20:56 - 05205146 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-06 20:39 - 2014-06-06 20:38 - 02072576 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-06-06 15:50 - 2014-06-06 15:50 - 00012806 _____ () C:\Users\user\Desktop\gmer.log
2014-06-06 15:40 - 2014-06-06 15:40 - 00054927 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-06 15:39 - 2014-06-06 15:39 - 00043208 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-06 15:35 - 2014-06-06 15:34 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357 (1).exe
2014-06-06 15:33 - 2014-06-06 15:33 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00050477 _____ () C:\Users\user\Downloads\Defogger.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00000242 _____ () C:\Users\user\Desktop\defogger_enable.log
2014-06-06 15:32 - 2014-06-06 15:31 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log
2014-06-06 15:32 - 2014-06-06 15:31 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-06-06 15:09 - 2012-08-07 10:35 - 00000000 ____D () C:\Users\user\Documents\Privat
2014-06-06 12:49 - 2014-06-06 12:49 - 00275208 _____ () C:\windows\Minidump\060614-21730-01.dmp
2014-06-06 12:49 - 2012-09-11 22:26 - 681168329 _____ () C:\windows\MEMORY.DMP
2014-06-06 12:49 - 2012-09-11 22:26 - 00000000 ____D () C:\windows\Minidump
2014-06-06 12:36 - 2012-04-06 11:51 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-06 12:34 - 2013-08-06 10:49 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-06-06 12:34 - 2013-08-06 10:49 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-06-06 12:29 - 2013-05-08 08:19 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-06 12:23 - 2014-05-20 11:24 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-06 12:23 - 2014-05-20 11:24 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-06-06 12:23 - 2013-05-08 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-06 12:23 - 2013-03-14 15:06 - 00000000 ____D () C:\Users\Public\Documents\Profi cash
2014-06-06 12:23 - 2011-11-23 14:59 - 00000000 ____D () C:\windows\system32\Macromed
2014-06-06 12:23 - 2011-11-22 16:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\IrfanView
2014-06-06 12:23 - 2011-11-10 15:17 - 00000000 ____D () C:\Users\user\AppData\Local\Hewlett-Packard
2014-06-06 12:23 - 2011-03-08 18:55 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-06-06 12:23 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-06 12:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2014-06-06 12:22 - 2012-08-07 14:36 - 00000000 ____D () C:\Users\user\Documents\Projekte
2014-06-06 12:18 - 2012-03-05 11:01 - 00000000 ___RD () C:\MSOCache
2014-06-06 11:29 - 2013-03-27 15:45 - 00000000 ____D () C:\Users\user\Desktop\Dateien
2014-06-05 11:22 - 2012-12-06 08:57 - 00000000 ____D () C:\Users\user\Documents\WISO Haushaltsbuch
2014-06-04 18:20 - 2008-03-10 11:26 - 00002124 ____H () C:\Users\user\Documents\Default.rdp
2014-06-04 15:54 - 2014-06-04 15:47 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-06-02 15:22 - 2013-11-10 20:57 - 00000000 ____D () C:\Users\user\Desktop\Vermögensübersichten
2014-06-02 10:43 - 2013-03-25 09:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\GLS Vereinsmeister
2014-06-02 10:43 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-06-01 22:29 - 2010-03-25 16:36 - 00157696 _____ () C:\Users\user\Desktop\Neu Microsoft Excel-Arbeitsblatt.xls
2014-05-21 09:48 - 2014-05-21 09:48 - 00000000 ____D () C:\Users\user\Documents\Need for Speed World
2014-05-20 12:06 - 2014-05-20 12:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Need for Speed World
2014-05-20 11:24 - 2014-05-20 11:24 - 00000000 ____D () C:\Users\user\AppData\Local\Electronic_Arts_Inc
2014-05-16 07:34 - 2009-07-14 07:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-05-14 15:22 - 2012-04-02 09:19 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 15:22 - 2012-04-02 09:19 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 15:22 - 2011-11-23 14:59 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 09:24 - 2014-05-13 09:18 - 00009081 _____ () C:\Users\user\Desktop\Kennwort Outlook.xlsx
2014-05-12 16:35 - 2013-03-14 15:06 - 00000000 ____D () C:\Program Files (x86)\Profi cash
2014-05-12 12:38 - 2011-11-23 12:14 - 00004102 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 12:38 - 2011-11-23 12:14 - 00003850 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-12 07:26 - 2014-06-07 19:51 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-07 19:51 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-07 19:51 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 00:50

==================== End Of Log ============================
--- --- ---

--- --- ---

deeprybka 09.06.2014 11:21
Ok... :daumenhoc

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
URLSearchHook: HKLM-x32 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
URLSearchHook: HKCU - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
CHR HKLM-x32\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-09-29]
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKCU - {F626F1A9-F18D-42C8-AF56-918773ACE65A} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
BHO-x32: NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} -
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Password.lnk
ShortcutTarget: Password.lnk -> C:\Windows\Temp\Password.exe (No File)
C:\Users\user\AppData\LocalLow\NCH_DE
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pickdmmkcajdddggmoaommkkoafandof\
C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx
C:\Users\user\AppData\Local\Conduit
C:\Program Files (x86)\SeeSimilar
C:\Program Files (x86)\NCH_DE
C:\Program Files (x86)\NCH Software
C:\Program Files (x86)\Conduit
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
Code:
Running from C:\FRST\FRST-OlderVersion
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.


Schritt 2

Deine Version von Java
Code:
Java(TM) 6 Update 31
bitte deinstallieren.
Java-Update: http://deeprybka.trojaner-board.de/b...clean/java.pngDownload

Schritt 3

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan. Bitte poste mir die beiden Logs.

zorin74 10.06.2014 07:14
hier die Fixlog.txt


Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-06-2014
Ran by user at 2014-06-10 07:52:50 Run:2
Running from C:\FRST\FRST-OlderVersion
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
URLSearchHook: HKLM-x32 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
URLSearchHook: HKCU - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
CHR HKLM-x32\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-09-29]
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKCU - {F626F1A9-F18D-42C8-AF56-918773ACE65A} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
BHO-x32: NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} -
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Password.lnk
ShortcutTarget: Password.lnk -> C:\Windows\Temp\Password.exe (No File)
C:\Users\user\AppData\LocalLow\NCH_DE
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pickdmmkcajdddggmoaommkkoafandof\
C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx
C:\Users\user\AppData\Local\Conduit
C:\Program Files (x86)\SeeSimilar
C:\Program Files (x86)\NCH_DE
C:\Program Files (x86)\NCH Software
C:\Program Files (x86)\Conduit
*****************

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{b106b661-3e1b-4015-af5c-195e909f35c6} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{b106b661-3e1b-4015-af5c-195e909f35c6}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{b106b661-3e1b-4015-af5c-195e909f35c6} => value deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pickdmmkcajdddggmoaommkkoafandof' => Key deleted successfully.
C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
'HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.
'HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F626F1A9-F18D-42C8-AF56-918773ACE65A}' => Key deleted successfully.
'HKCR\CLSID\{F626F1A9-F18D-42C8-AF56-918773ACE65A}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b106b661-3e1b-4015-af5c-195e909f35c6}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{b106b661-3e1b-4015-af5c-195e909f35c6}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{b106b661-3e1b-4015-af5c-195e909f35c6} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{b106b661-3e1b-4015-af5c-195e909f35c6}'=> Key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Password.lnk => Moved successfully.
C:\Windows\Temp\Password.exe not found.
C:\Users\user\AppData\LocalLow\NCH_DE => Moved successfully.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pickdmmkcajdddggmoaommkkoafandof => Moved successfully.
"C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx" => File/Directory not found.
C:\Users\user\AppData\Local\Conduit => Moved successfully.
C:\Program Files (x86)\SeeSimilar => Moved successfully.
C:\Program Files (x86)\NCH_DE => Moved successfully.
C:\Program Files (x86)\NCH Software => Moved successfully.
C:\Program Files (x86)\Conduit => Moved successfully.

==== End of Fixlog ====
hier die frst.txt:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by user (administrator) on SPF-11-20040 on 10-06-2014 08:08:08
Running from C:\FRST\FRST-OlderVersion
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\NuanceWDS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2012-02-08] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [382816 2009-11-28] (Acronis)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2996792 2011-07-15] (Hewlett-Packard Company)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-12-29] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-12-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-08-26] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DsMgr] => C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe [93240 2011-03-11] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [BackupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1550280 2009-11-28] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe [959192 2009-11-28] (Acronis)
HKLM-x32\...\Run: [TrayMonitor.exe] => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [843016 2009-11-28] (Acronis)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-04-23] (Vodafone)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: G - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {6b73e069-6382-11e1-8ac7-806e6f6e6963} - F:\start.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {a6fbee3a-84a3-11e2-8060-028037ec0200} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {a9e93f89-0b9d-11e1-b946-402cf41d5fe7} - H:\Password.exe
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {B106B661-3E1B-4015-AF5C-195E909F35C6} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{236D54DF-DBFD-4378-B4D1-E1F3A8E85253}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=11 - C:\Program Files (x86)\Google\Google Updater\2.2.969.23408\npCIDetect11.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @autodesk.com/DWF - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com [2013-10-08]
FF HKCU\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com [2013-10-08]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Autodesk Design Review Browser Add-on v1.2) - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files (x86)\Google\Google Updater\2.2.969.23408\npCIDetect11.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-08]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-08]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-08]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-08]
CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hekmimebcpbncnklfjadbpnjiaffabee [2013-10-08]
CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-04]
CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-08]
CHR HKCU\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-05-08]
CHR HKLM-x32\...\Chrome\Extension: [hekmimebcpbncnklfjadbpnjiaffabee] - C:\Users\user\AppData\Roaming\SeeSimilar\SeeSimilar.crx [2013-10-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [1877848 2009-11-28] (Acronis)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-06] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-08-24] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-11-22] (Macrovision Europe Ltd.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [322048 2011-08-26] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-20] (Infineon Technologies AG)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-02-08] () [File not signed]
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [4290896 2009-11-28] (Acronis)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2078112 2011-09-28] (Microsoft Corp.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-20] (Infineon Technologies AG)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2012-12-29] (IDT, Inc.) [File not signed]
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2012-04-23] (Vodafone) [File not signed]
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [4819968 2011-09-27] (Broadcom Corporation) [File not signed]
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [586280 2011-03-03] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
R3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [101416 2011-02-28] (Ericsson AB)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-12-22] (JMicron Technology Corp.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-02-08] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-02-08] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
R3 vdfusbwwan; C:\Windows\System32\DRIVERS\vdfusbwwan.sys [768512 2012-04-23] (ZTE Corporation)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [277032 2011-03-04] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 08:02 - 2014-06-10 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-10 08:02 - 2014-06-10 08:01 - 00313256 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-06-10 08:02 - 2014-06-10 08:01 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-06-10 08:02 - 2014-06-10 08:01 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-06-10 08:02 - 2014-06-10 08:01 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-06-10 08:01 - 2014-06-10 08:01 - 00000000 ____D () C:\Program Files\Java
2014-06-10 08:00 - 2014-06-10 08:01 - 30984104 _____ (Oracle Corporation) C:\Users\user\Downloads\jre-7u60-windows-x64.com
2014-06-10 07:59 - 2014-06-10 07:59 - 00000000 ____D () C:\windows\system32\appmgmt
2014-06-09 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-08 17:21 - 2014-06-08 17:21 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe
2014-06-08 03:05 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-08 03:05 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-08 03:05 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-08 03:05 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-08 03:05 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-08 03:05 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-07 19:52 - 2014-06-10 07:54 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-07 19:51 - 2014-06-07 19:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-07 19:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-07 19:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-07 19:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-07 19:49 - 2014-06-07 19:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-07 19:44 - 2014-06-07 19:44 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2014-06-07 19:44 - 2014-06-07 19:44 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2014-06-07 04:30 - 2014-06-07 04:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-07 04:24 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-06-07 04:24 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-06-07 04:24 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2014-06-07 04:24 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-06-07 04:10 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2014-06-07 04:04 - 2014-06-07 04:04 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-07 04:04 - 2014-06-07 04:04 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-07 04:04 - 2014-06-07 04:04 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-06-07 04:04 - 2014-06-07 04:04 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-06-07 04:04 - 2014-06-07 04:04 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-06-07 04:04 - 2014-06-07 04:04 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-06-07 04:04 - 2014-06-07 04:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-06-07 04:04 - 2014-06-07 04:04 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-06-07 04:04 - 2014-06-07 04:04 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-07 04:00 - 2014-06-07 04:10 - 00012562 _____ () C:\windows\IE11_main.log
2014-06-07 03:24 - 2014-06-07 03:26 - 00000000 ____D () C:\windows\system32\MRT
2014-06-07 03:01 - 2014-06-07 03:01 - 00264636 _____ () C:\windows\msxml4-KB2758694-enu.LOG
2014-06-06 22:52 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-06-06 22:52 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-06-06 22:52 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-06-06 22:52 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-06-06 22:52 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-06-06 22:52 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-06-06 22:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-06-06 22:52 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2014-06-06 22:52 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2014-06-06 22:52 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll
2014-06-06 22:52 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-06-06 22:52 - 2013-02-15 08:06 - 03717632 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-06-06 22:52 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-06-06 22:52 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-06-06 22:52 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-06-06 22:52 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-06-06 22:51 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-06 22:51 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-06 22:51 - 2014-01-01 01:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-06-06 22:51 - 2014-01-01 01:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-06-06 22:51 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2014-06-06 22:51 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2014-06-06 22:51 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-06-06 22:51 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2014-06-06 22:50 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-06-06 22:50 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-06-06 22:50 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-06 22:50 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-06 22:50 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-06 22:50 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-06 22:50 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-06-06 22:50 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-06-06 22:50 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-06-06 22:50 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-06-06 22:50 - 2013-10-05 22:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-06-06 22:50 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-06-06 22:50 - 2013-09-28 03:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-06-06 22:50 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-06-06 22:50 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2014-06-06 22:50 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-06-06 22:50 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2014-06-06 22:49 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-06 22:49 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-06-06 22:49 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-06-06 22:49 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-06-06 22:49 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-06-06 22:49 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-06-06 22:49 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-06-06 22:49 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-06-06 22:49 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-06-06 22:49 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-06-06 22:49 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-06-06 22:49 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-06-06 22:49 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-06-06 22:49 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-06-06 22:49 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-06-06 22:49 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-06-06 22:49 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-06-06 22:49 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-06-06 22:49 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-06-06 22:49 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-06-06 22:49 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2014-06-06 22:49 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2014-06-06 22:49 - 2013-10-04 04:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-06-06 22:49 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2014-06-06 22:49 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2014-06-06 22:49 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-06-06 22:49 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2014-06-06 22:49 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-06-06 22:49 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2014-06-06 22:49 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-06-06 22:49 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2014-06-06 22:49 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2014-06-06 22:49 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2014-06-06 22:49 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2014-06-06 22:49 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2014-06-06 22:49 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2014-06-06 22:49 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2014-06-06 22:49 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2014-06-06 22:49 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2014-06-06 22:49 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2014-06-06 22:49 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2014-06-06 22:49 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2014-06-06 22:48 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-06-06 22:48 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-06-06 22:48 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-06-06 22:48 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-06-06 22:48 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-06-06 22:48 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-06-06 22:48 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-06-06 22:48 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-06-06 22:48 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-06-06 22:48 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-06-06 22:48 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-06-06 22:48 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-06-06 22:48 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-06-06 22:48 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-06-06 22:48 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-06-06 22:48 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-06-06 22:48 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-06-06 22:48 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-06-06 22:48 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2014-06-06 22:48 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2014-06-06 22:48 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2014-06-06 22:48 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2014-06-06 22:48 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-06-06 22:48 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2014-06-06 22:48 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2014-06-06 22:48 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys
2014-06-06 22:48 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-06-06 22:48 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-06-06 22:48 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-06-06 22:48 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-06-06 22:48 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-06-06 22:48 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-06-06 22:48 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-06-06 22:48 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2014-06-06 22:48 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2014-06-06 22:48 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-06-06 22:48 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2014-06-06 22:48 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2014-06-06 22:47 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-06-06 22:47 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-06-06 22:47 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-06-06 22:47 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-06-06 22:47 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-06-06 22:47 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-06-06 22:47 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-06-06 22:47 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-06-06 22:47 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-06-06 22:47 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-06-06 22:47 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-06 22:47 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2014-06-06 22:47 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2014-06-06 22:47 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-06-06 22:47 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2014-06-06 22:47 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2014-06-06 22:47 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-06-06 22:47 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2014-06-06 22:47 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2014-06-06 22:47 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-06-06 22:47 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-06-06 22:46 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-06-06 22:46 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-06-06 22:46 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-06-06 22:46 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-06-06 22:46 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-06-06 22:46 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-06-06 22:46 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-06-06 22:46 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-06-06 22:46 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-06-06 22:46 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-06-06 22:46 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-06-06 22:46 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-06-06 22:46 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-06-06 22:46 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-06-06 22:46 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-06 22:46 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-06 22:46 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-06-06 22:46 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-06-06 22:46 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-06-06 22:46 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-06-06 22:46 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-06-06 22:46 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2014-06-06 22:46 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2014-06-06 22:46 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2014-06-06 22:46 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2014-06-06 22:46 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2014-06-06 22:46 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2014-06-06 22:46 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-06-06 22:46 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2014-06-06 22:46 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2014-06-06 22:21 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-06-06 22:21 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-06-06 22:21 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2014-06-06 22:21 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-06-06 22:21 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2014-06-06 22:21 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-06-06 22:21 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2014-06-06 22:21 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-06-06 22:21 - 2013-08-01 11:19 - 00984512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-06-06 22:21 - 2013-08-01 11:19 - 00265152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-06-06 22:20 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-06-06 22:20 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-06-06 22:20 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2014-06-06 22:20 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-06-06 22:20 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2014-06-06 22:20 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2014-06-06 22:20 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2014-06-06 22:20 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2014-06-06 22:20 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-06-06 22:20 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Acronis Agent User\AppData\Local\temp
2014-06-06 21:19 - 2014-06-06 22:14 - 00000000 ____D () C:\ComboFix
2014-06-06 21:19 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-06-06 21:19 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-06-06 21:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-06-06 21:09 - 2014-06-06 21:19 - 00000000 ____D () C:\Qoobox
2014-06-06 21:08 - 2014-06-06 21:42 - 00000000 ____D () C:\windows\erdnt
2014-06-06 21:07 - 2014-06-06 20:59 - 05205146 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-06-06 20:56 - 2014-06-06 20:59 - 05205146 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-06 20:38 - 2014-06-06 20:39 - 02072576 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-06-06 15:50 - 2014-06-06 15:50 - 00012806 _____ () C:\Users\user\Desktop\gmer.log
2014-06-06 15:40 - 2014-06-06 15:40 - 00054927 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-06 15:39 - 2014-06-06 15:39 - 00043208 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-06 15:34 - 2014-06-06 15:35 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357 (1).exe
2014-06-06 15:33 - 2014-06-06 15:33 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00050477 _____ () C:\Users\user\Downloads\Defogger.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00000242 _____ () C:\Users\user\Desktop\defogger_enable.log
2014-06-06 15:31 - 2014-06-06 15:32 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log
2014-06-06 15:31 - 2014-06-06 15:32 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-06-06 15:20 - 2014-06-10 08:08 - 00000000 ____D () C:\FRST
2014-06-06 12:49 - 2014-06-06 12:49 - 00275208 _____ () C:\windows\Minidump\060614-21730-01.dmp
2014-06-04 15:47 - 2014-06-04 15:54 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-05-21 09:48 - 2014-05-21 09:48 - 00000000 ____D () C:\Users\user\Documents\Need for Speed World
2014-05-20 12:06 - 2014-05-20 12:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Need for Speed World
2014-05-20 11:24 - 2014-06-06 12:23 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-20 11:24 - 2014-06-06 12:23 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-05-20 11:24 - 2014-05-20 11:24 - 00000000 ____D () C:\Users\user\AppData\Local\Electronic_Arts_Inc
2014-05-13 09:18 - 2014-05-13 09:24 - 00009081 _____ () C:\Users\user\Desktop\Kennwort Outlook.xlsx

==================== One Month Modified Files and Folders =======

2014-06-10 08:09 - 2011-11-10 15:14 - 00000000 ____D () C:\Users\user\AppData\Local\Temp
2014-06-10 08:08 - 2014-06-06 15:20 - 00000000 ____D () C:\FRST
2014-06-10 08:02 - 2014-06-10 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-10 08:01 - 2014-06-10 08:02 - 00313256 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-06-10 08:01 - 2014-06-10 08:02 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-06-10 08:01 - 2014-06-10 08:02 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-06-10 08:01 - 2014-06-10 08:02 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-06-10 08:01 - 2014-06-10 08:01 - 00000000 ____D () C:\Program Files\Java
2014-06-10 08:01 - 2014-06-10 08:00 - 30984104 _____ (Oracle Corporation) C:\Users\user\Downloads\jre-7u60-windows-x64.com
2014-06-10 07:59 - 2014-06-10 07:59 - 00000000 ____D () C:\windows\system32\appmgmt
2014-06-10 07:55 - 2011-09-27 14:32 - 01561328 _____ () C:\windows\WindowsUpdate.log
2014-06-10 07:54 - 2014-06-07 19:52 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 07:52 - 2013-10-08 13:09 - 00000000 ____D () C:\Users\user\AppData\Local\CRE
2014-06-10 07:52 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-10 07:43 - 2011-11-23 12:14 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 07:41 - 2012-08-07 08:36 - 00000000 ____D () C:\Users\user\Documents\Outlook-Dateien
2014-06-10 07:35 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 07:35 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 07:32 - 2013-05-08 08:19 - 00004140 _____ () C:\windows\System32\Tasks\Google Software Updater
2014-06-10 07:32 - 2013-05-08 08:19 - 00001034 _____ () C:\windows\Tasks\Google Software Updater.job
2014-06-10 07:32 - 2011-03-08 19:03 - 00705108 _____ () C:\windows\system32\perfh007.dat
2014-06-10 07:32 - 2011-03-08 19:03 - 00151476 _____ () C:\windows\system32\perfc007.dat
2014-06-10 07:32 - 2009-07-14 07:13 - 01629372 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-10 07:30 - 2011-11-23 12:13 - 00000000 ____D () C:\ProgramData\Google Updater
2014-06-10 07:25 - 2012-04-02 09:19 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 07:25 - 2011-11-23 12:14 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 07:25 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-10 07:25 - 2009-07-14 06:51 - 00171861 _____ () C:\windows\setupact.log
2014-06-09 10:02 - 2011-09-27 15:05 - 00437270 _____ () C:\windows\PFRO.log
2014-06-09 10:01 - 2013-11-18 14:42 - 00807424 _____ () C:\Users\user\Desktop\Monatsausgaben 2013-2014.xls
2014-06-09 03:57 - 2011-11-10 22:10 - 00000000 ____D () C:\windows\rescache
2014-06-08 17:21 - 2014-06-08 17:21 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe
2014-06-08 03:23 - 2014-03-16 10:54 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForuser.job
2014-06-08 03:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-06-08 03:03 - 2011-03-08 18:27 - 01607396 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-06-07 19:51 - 2014-06-07 19:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-07 19:49 - 2014-06-07 19:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-07 19:44 - 2014-06-07 19:44 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2014-06-07 19:44 - 2014-06-07 19:44 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2014-06-07 19:39 - 2011-11-10 15:35 - 00000000 ___RD () C:\Users\user\Virtual Machines
2014-06-07 19:39 - 2011-11-10 15:35 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-07 19:39 - 2011-11-10 15:35 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-07 19:39 - 2009-07-14 07:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-06-07 19:39 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-07 19:38 - 2011-11-17 13:23 - 00001425 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-07 19:35 - 2009-07-14 06:45 - 00482936 _____ () C:\windows\system32\FNTCACHE.DAT
2014-06-07 19:34 - 2012-05-18 23:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-07 19:34 - 2012-05-18 23:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-07 04:30 - 2014-06-07 04:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-07 04:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-07 04:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-07 04:30 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-06-07 04:29 - 2009-07-27 16:36 - 00000000 ____D () C:\Program Files\Windows Journal
2014-06-07 04:25 - 2011-11-21 14:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-07 04:10 - 2014-06-07 04:00 - 00012562 _____ () C:\windows\IE11_main.log
2014-06-07 04:04 - 2014-06-07 04:04 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-07 04:04 - 2014-06-07 04:04 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-07 04:04 - 2014-06-07 04:04 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-06-07 04:04 - 2014-06-07 04:04 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-06-07 04:04 - 2014-06-07 04:04 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-06-07 04:04 - 2014-06-07 04:04 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-06-07 04:04 - 2014-06-07 04:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-06-07 04:04 - 2014-06-07 04:04 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-06-07 04:04 - 2014-06-07 04:04 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-07 03:56 - 2012-08-07 13:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-07 03:56 - 2012-08-07 13:21 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 03:48 - 2013-10-08 13:18 - 00002057 _____ () C:\windows\epplauncher.mif
2014-06-07 03:47 - 2009-07-14 04:34 - 00000646 _____ () C:\windows\win.ini
2014-06-07 03:32 - 2013-10-08 13:18 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-07 03:31 - 2013-10-08 13:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-07 03:31 - 2013-10-08 13:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-07 03:26 - 2014-06-07 03:24 - 00000000 ____D () C:\windows\system32\MRT
2014-06-07 03:06 - 2012-05-18 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-07 03:01 - 2014-06-07 03:01 - 00264636 _____ () C:\windows\msxml4-KB2758694-enu.LOG
2014-06-06 22:14 - 2014-06-06 21:19 - 00000000 ____D () C:\ComboFix
2014-06-06 21:58 - 2011-11-10 15:15 - 00000000 ____D () C:\Users\user\AppData\Roaming\hpqLog
2014-06-06 21:57 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-06-06 21:42 - 2014-06-06 21:08 - 00000000 ____D () C:\windows\erdnt
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Acronis Agent User\AppData\Local\temp
2014-06-06 21:19 - 2014-06-06 21:09 - 00000000 ____D () C:\Qoobox
2014-06-06 20:59 - 2014-06-06 21:07 - 05205146 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-06-06 20:59 - 2014-06-06 20:56 - 05205146 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-06 20:39 - 2014-06-06 20:38 - 02072576 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-06-06 15:50 - 2014-06-06 15:50 - 00012806 _____ () C:\Users\user\Desktop\gmer.log
2014-06-06 15:40 - 2014-06-06 15:40 - 00054927 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-06 15:39 - 2014-06-06 15:39 - 00043208 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-06 15:35 - 2014-06-06 15:34 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357 (1).exe
2014-06-06 15:33 - 2014-06-06 15:33 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00050477 _____ () C:\Users\user\Downloads\Defogger.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00000242 _____ () C:\Users\user\Desktop\defogger_enable.log
2014-06-06 15:32 - 2014-06-06 15:31 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log
2014-06-06 15:32 - 2014-06-06 15:31 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-06-06 15:09 - 2012-08-07 10:35 - 00000000 ____D () C:\Users\user\Documents\Privat
2014-06-06 12:49 - 2014-06-06 12:49 - 00275208 _____ () C:\windows\Minidump\060614-21730-01.dmp
2014-06-06 12:49 - 2012-09-11 22:26 - 681168329 _____ () C:\windows\MEMORY.DMP
2014-06-06 12:49 - 2012-09-11 22:26 - 00000000 ____D () C:\windows\Minidump
2014-06-06 12:36 - 2012-04-06 11:51 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-06 12:34 - 2013-08-06 10:49 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-06-06 12:34 - 2013-08-06 10:49 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-06-06 12:29 - 2013-05-08 08:19 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-06 12:23 - 2014-05-20 11:24 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-06 12:23 - 2014-05-20 11:24 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-06-06 12:23 - 2013-05-08 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-06 12:23 - 2013-03-14 15:06 - 00000000 ____D () C:\Users\Public\Documents\Profi cash
2014-06-06 12:23 - 2011-11-23 14:59 - 00000000 ____D () C:\windows\system32\Macromed
2014-06-06 12:23 - 2011-11-22 16:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\IrfanView
2014-06-06 12:23 - 2011-11-10 15:17 - 00000000 ____D () C:\Users\user\AppData\Local\Hewlett-Packard
2014-06-06 12:23 - 2011-03-08 18:55 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-06-06 12:23 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-06 12:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2014-06-06 12:22 - 2012-08-07 14:36 - 00000000 ____D () C:\Users\user\Documents\Projekte
2014-06-06 12:18 - 2012-03-05 11:01 - 00000000 ___RD () C:\MSOCache
2014-06-06 11:29 - 2013-03-27 15:45 - 00000000 ____D () C:\Users\user\Desktop\Dateien
2014-06-05 11:22 - 2012-12-06 08:57 - 00000000 ____D () C:\Users\user\Documents\WISO Haushaltsbuch
2014-06-04 18:20 - 2008-03-10 11:26 - 00002124 ____H () C:\Users\user\Documents\Default.rdp
2014-06-04 15:54 - 2014-06-04 15:47 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-06-02 15:22 - 2013-11-10 20:57 - 00000000 ____D () C:\Users\user\Desktop\Vermögensübersichten
2014-06-02 10:43 - 2013-03-25 09:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\GLS Vereinsmeister
2014-06-02 10:43 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-06-01 22:29 - 2010-03-25 16:36 - 00157696 _____ () C:\Users\user\Desktop\Neu Microsoft Excel-Arbeitsblatt.xls
2014-05-21 09:48 - 2014-05-21 09:48 - 00000000 ____D () C:\Users\user\Documents\Need for Speed World
2014-05-20 12:06 - 2014-05-20 12:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Need for Speed World
2014-05-20 11:24 - 2014-05-20 11:24 - 00000000 ____D () C:\Users\user\AppData\Local\Electronic_Arts_Inc
2014-05-16 07:34 - 2009-07-14 07:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-05-14 15:22 - 2012-04-02 09:19 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 15:22 - 2012-04-02 09:19 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 15:22 - 2011-11-23 14:59 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 09:24 - 2014-05-13 09:18 - 00009081 _____ () C:\Users\user\Desktop\Kennwort Outlook.xlsx
2014-05-12 16:35 - 2013-03-14 15:06 - 00000000 ____D () C:\Program Files (x86)\Profi cash
2014-05-12 12:38 - 2011-11-23 12:14 - 00004102 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 12:38 - 2011-11-23 12:14 - 00003850 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-12 07:26 - 2014-06-07 19:51 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-07 19:51 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-07 19:51 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 00:50

==================== End Of Log ============================
--- --- ---

--- --- ---

zorin74 10.06.2014 07:15
und hier die Addition.txt:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by user (administrator) on SPF-11-20040 on 10-06-2014 08:08:08
Running from C:\FRST\FRST-OlderVersion
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\NuanceWDS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2012-02-08] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [382816 2009-11-28] (Acronis)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2996792 2011-07-15] (Hewlett-Packard Company)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-12-29] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-12-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-08-26] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DsMgr] => C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe [93240 2011-03-11] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [BackupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1550280 2009-11-28] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe [959192 2009-11-28] (Acronis)
HKLM-x32\...\Run: [TrayMonitor.exe] => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [843016 2009-11-28] (Acronis)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-04-23] (Vodafone)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1526961270-1597272826-2573395482-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: G - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {6b73e069-6382-11e1-8ac7-806e6f6e6963} - F:\start.exe
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {a6fbee3a-84a3-11e2-8060-028037ec0200} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1526961270-1597272826-2573395482-1003\...\MountPoints2: {a9e93f89-0b9d-11e1-b946-402cf41d5fe7} - H:\Password.exe
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {B106B661-3E1B-4015-AF5C-195E909F35C6} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{236D54DF-DBFD-4378-B4D1-E1F3A8E85253}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=11 - C:\Program Files (x86)\Google\Google Updater\2.2.969.23408\npCIDetect11.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @autodesk.com/DWF - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com [2013-10-08]
FF HKCU\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\user\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com [2013-10-08]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Autodesk Design Review Browser Add-on v1.2) - C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files (x86)\Google\Google Updater\2.2.969.23408\npCIDetect11.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-08]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-08]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-08]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-08]
CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hekmimebcpbncnklfjadbpnjiaffabee [2013-10-08]
CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-04]
CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-08]
CHR HKCU\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\user\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-05-08]
CHR HKLM-x32\...\Chrome\Extension: [hekmimebcpbncnklfjadbpnjiaffabee] - C:\Users\user\AppData\Roaming\SeeSimilar\SeeSimilar.crx [2013-10-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [1877848 2009-11-28] (Acronis)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-06] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-08-24] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-11-22] (Macrovision Europe Ltd.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [322048 2011-08-26] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-20] (Infineon Technologies AG)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-02-08] () [File not signed]
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [4290896 2009-11-28] (Acronis)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2078112 2011-09-28] (Microsoft Corp.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-20] (Infineon Technologies AG)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2012-12-29] (IDT, Inc.) [File not signed]
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2012-04-23] (Vodafone) [File not signed]
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [4819968 2011-09-27] (Broadcom Corporation) [File not signed]
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [586280 2011-03-03] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
R3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [101416 2011-02-28] (Ericsson AB)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-12-22] (JMicron Technology Corp.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-02-08] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-02-08] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
R3 vdfusbwwan; C:\Windows\System32\DRIVERS\vdfusbwwan.sys [768512 2012-04-23] (ZTE Corporation)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [277032 2011-03-04] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 08:02 - 2014-06-10 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-10 08:02 - 2014-06-10 08:01 - 00313256 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-06-10 08:02 - 2014-06-10 08:01 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-06-10 08:02 - 2014-06-10 08:01 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-06-10 08:02 - 2014-06-10 08:01 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-06-10 08:01 - 2014-06-10 08:01 - 00000000 ____D () C:\Program Files\Java
2014-06-10 08:00 - 2014-06-10 08:01 - 30984104 _____ (Oracle Corporation) C:\Users\user\Downloads\jre-7u60-windows-x64.com
2014-06-10 07:59 - 2014-06-10 07:59 - 00000000 ____D () C:\windows\system32\appmgmt
2014-06-09 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-08 17:21 - 2014-06-08 17:21 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe
2014-06-08 03:05 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-08 03:05 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-08 03:05 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-08 03:05 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-08 03:05 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-08 03:05 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-07 19:52 - 2014-06-10 07:54 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-07 19:51 - 2014-06-07 19:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-07 19:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-07 19:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-07 19:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-07 19:49 - 2014-06-07 19:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-07 19:44 - 2014-06-07 19:44 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2014-06-07 19:44 - 2014-06-07 19:44 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2014-06-07 04:30 - 2014-06-07 04:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-07 04:24 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-06-07 04:24 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-06-07 04:24 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2014-06-07 04:24 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-06-07 04:10 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2014-06-07 04:04 - 2014-06-07 04:04 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-07 04:04 - 2014-06-07 04:04 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-07 04:04 - 2014-06-07 04:04 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-06-07 04:04 - 2014-06-07 04:04 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-06-07 04:04 - 2014-06-07 04:04 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-06-07 04:04 - 2014-06-07 04:04 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-06-07 04:04 - 2014-06-07 04:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-06-07 04:04 - 2014-06-07 04:04 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-06-07 04:04 - 2014-06-07 04:04 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-07 04:00 - 2014-06-07 04:10 - 00012562 _____ () C:\windows\IE11_main.log
2014-06-07 03:24 - 2014-06-07 03:26 - 00000000 ____D () C:\windows\system32\MRT
2014-06-07 03:01 - 2014-06-07 03:01 - 00264636 _____ () C:\windows\msxml4-KB2758694-enu.LOG
2014-06-06 22:52 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-06-06 22:52 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-06-06 22:52 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-06-06 22:52 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-06-06 22:52 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-06-06 22:52 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-06-06 22:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-06-06 22:52 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2014-06-06 22:52 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2014-06-06 22:52 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll
2014-06-06 22:52 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-06-06 22:52 - 2013-02-15 08:06 - 03717632 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-06-06 22:52 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-06-06 22:52 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-06-06 22:52 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-06-06 22:52 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-06-06 22:51 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-06 22:51 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-06 22:51 - 2014-01-01 01:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-06-06 22:51 - 2014-01-01 01:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-06-06 22:51 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2014-06-06 22:51 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2014-06-06 22:51 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-06-06 22:51 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2014-06-06 22:50 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-06-06 22:50 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-06-06 22:50 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-06 22:50 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-06 22:50 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-06 22:50 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-06 22:50 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-06-06 22:50 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-06-06 22:50 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-06-06 22:50 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-06-06 22:50 - 2013-10-05 22:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-06-06 22:50 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-06-06 22:50 - 2013-09-28 03:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-06-06 22:50 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-06-06 22:50 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2014-06-06 22:50 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-06-06 22:50 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2014-06-06 22:49 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-06 22:49 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-06-06 22:49 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-06-06 22:49 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-06-06 22:49 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-06-06 22:49 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-06-06 22:49 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-06-06 22:49 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-06-06 22:49 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-06-06 22:49 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-06-06 22:49 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-06-06 22:49 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-06-06 22:49 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-06-06 22:49 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-06-06 22:49 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-06-06 22:49 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-06-06 22:49 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-06-06 22:49 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-06-06 22:49 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-06-06 22:49 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-06-06 22:49 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-06-06 22:49 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2014-06-06 22:49 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2014-06-06 22:49 - 2013-10-04 04:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-06-06 22:49 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2014-06-06 22:49 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2014-06-06 22:49 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-06-06 22:49 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2014-06-06 22:49 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-06-06 22:49 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2014-06-06 22:49 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-06-06 22:49 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2014-06-06 22:49 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2014-06-06 22:49 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2014-06-06 22:49 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2014-06-06 22:49 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2014-06-06 22:49 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2014-06-06 22:49 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2014-06-06 22:49 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2014-06-06 22:49 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2014-06-06 22:49 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2014-06-06 22:49 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2014-06-06 22:49 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2014-06-06 22:48 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-06-06 22:48 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-06-06 22:48 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-06-06 22:48 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-06-06 22:48 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-06-06 22:48 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-06-06 22:48 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-06-06 22:48 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-06-06 22:48 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-06-06 22:48 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-06-06 22:48 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-06-06 22:48 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-06-06 22:48 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-06-06 22:48 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-06-06 22:48 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-06-06 22:48 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-06-06 22:48 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-06-06 22:48 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-06-06 22:48 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-06-06 22:48 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-06-06 22:48 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-06-06 22:48 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2014-06-06 22:48 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2014-06-06 22:48 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2014-06-06 22:48 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2014-06-06 22:48 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-06-06 22:48 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2014-06-06 22:48 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2014-06-06 22:48 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys
2014-06-06 22:48 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-06-06 22:48 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-06-06 22:48 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-06-06 22:48 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-06-06 22:48 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-06-06 22:48 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-06-06 22:48 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-06-06 22:48 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2014-06-06 22:48 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2014-06-06 22:48 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-06-06 22:48 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2014-06-06 22:48 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2014-06-06 22:47 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-06-06 22:47 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-06-06 22:47 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-06-06 22:47 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-06-06 22:47 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-06-06 22:47 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-06-06 22:47 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-06-06 22:47 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-06-06 22:47 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-06-06 22:47 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-06-06 22:47 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-06 22:47 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2014-06-06 22:47 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2014-06-06 22:47 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-06-06 22:47 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2014-06-06 22:47 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2014-06-06 22:47 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-06-06 22:47 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2014-06-06 22:47 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2014-06-06 22:47 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-06-06 22:47 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-06-06 22:46 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-06-06 22:46 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-06-06 22:46 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-06-06 22:46 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-06-06 22:46 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-06-06 22:46 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-06-06 22:46 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-06-06 22:46 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-06-06 22:46 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-06-06 22:46 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-06-06 22:46 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-06-06 22:46 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-06-06 22:46 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-06-06 22:46 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-06-06 22:46 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-06 22:46 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-06 22:46 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-06-06 22:46 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-06-06 22:46 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-06-06 22:46 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-06-06 22:46 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-06-06 22:46 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-06-06 22:46 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2014-06-06 22:46 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2014-06-06 22:46 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2014-06-06 22:46 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2014-06-06 22:46 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2014-06-06 22:46 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2014-06-06 22:46 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-06-06 22:46 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2014-06-06 22:46 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2014-06-06 22:21 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-06-06 22:21 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-06-06 22:21 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2014-06-06 22:21 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-06-06 22:21 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2014-06-06 22:21 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-06-06 22:21 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2014-06-06 22:21 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-06-06 22:21 - 2013-08-01 11:19 - 00984512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-06-06 22:21 - 2013-08-01 11:19 - 00265152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-06-06 22:20 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-06-06 22:20 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-06-06 22:20 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2014-06-06 22:20 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-06-06 22:20 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2014-06-06 22:20 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2014-06-06 22:20 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2014-06-06 22:20 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2014-06-06 22:20 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-06-06 22:20 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Acronis Agent User\AppData\Local\temp
2014-06-06 21:19 - 2014-06-06 22:14 - 00000000 ____D () C:\ComboFix
2014-06-06 21:19 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-06-06 21:19 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-06-06 21:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-06-06 21:19 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-06-06 21:09 - 2014-06-06 21:19 - 00000000 ____D () C:\Qoobox
2014-06-06 21:08 - 2014-06-06 21:42 - 00000000 ____D () C:\windows\erdnt
2014-06-06 21:07 - 2014-06-06 20:59 - 05205146 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-06-06 20:56 - 2014-06-06 20:59 - 05205146 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-06 20:38 - 2014-06-06 20:39 - 02072576 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-06-06 15:50 - 2014-06-06 15:50 - 00012806 _____ () C:\Users\user\Desktop\gmer.log
2014-06-06 15:40 - 2014-06-06 15:40 - 00054927 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-06 15:39 - 2014-06-06 15:39 - 00043208 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-06 15:34 - 2014-06-06 15:35 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357 (1).exe
2014-06-06 15:33 - 2014-06-06 15:33 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00050477 _____ () C:\Users\user\Downloads\Defogger.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00000242 _____ () C:\Users\user\Desktop\defogger_enable.log
2014-06-06 15:31 - 2014-06-06 15:32 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log
2014-06-06 15:31 - 2014-06-06 15:32 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-06-06 15:20 - 2014-06-10 08:08 - 00000000 ____D () C:\FRST
2014-06-06 12:49 - 2014-06-06 12:49 - 00275208 _____ () C:\windows\Minidump\060614-21730-01.dmp
2014-06-04 15:47 - 2014-06-04 15:54 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-05-21 09:48 - 2014-05-21 09:48 - 00000000 ____D () C:\Users\user\Documents\Need for Speed World
2014-05-20 12:06 - 2014-05-20 12:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Need for Speed World
2014-05-20 11:24 - 2014-06-06 12:23 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-20 11:24 - 2014-06-06 12:23 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-05-20 11:24 - 2014-05-20 11:24 - 00000000 ____D () C:\Users\user\AppData\Local\Electronic_Arts_Inc
2014-05-13 09:18 - 2014-05-13 09:24 - 00009081 _____ () C:\Users\user\Desktop\Kennwort Outlook.xlsx

==================== One Month Modified Files and Folders =======

2014-06-10 08:09 - 2011-11-10 15:14 - 00000000 ____D () C:\Users\user\AppData\Local\Temp
2014-06-10 08:08 - 2014-06-06 15:20 - 00000000 ____D () C:\FRST
2014-06-10 08:02 - 2014-06-10 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-10 08:01 - 2014-06-10 08:02 - 00313256 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-06-10 08:01 - 2014-06-10 08:02 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-06-10 08:01 - 2014-06-10 08:02 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-06-10 08:01 - 2014-06-10 08:02 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-06-10 08:01 - 2014-06-10 08:01 - 00000000 ____D () C:\Program Files\Java
2014-06-10 08:01 - 2014-06-10 08:00 - 30984104 _____ (Oracle Corporation) C:\Users\user\Downloads\jre-7u60-windows-x64.com
2014-06-10 07:59 - 2014-06-10 07:59 - 00000000 ____D () C:\windows\system32\appmgmt
2014-06-10 07:55 - 2011-09-27 14:32 - 01561328 _____ () C:\windows\WindowsUpdate.log
2014-06-10 07:54 - 2014-06-07 19:52 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 07:52 - 2013-10-08 13:09 - 00000000 ____D () C:\Users\user\AppData\Local\CRE
2014-06-10 07:52 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-10 07:43 - 2011-11-23 12:14 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 07:41 - 2012-08-07 08:36 - 00000000 ____D () C:\Users\user\Documents\Outlook-Dateien
2014-06-10 07:35 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 07:35 - 2009-07-14 06:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 07:32 - 2013-05-08 08:19 - 00004140 _____ () C:\windows\System32\Tasks\Google Software Updater
2014-06-10 07:32 - 2013-05-08 08:19 - 00001034 _____ () C:\windows\Tasks\Google Software Updater.job
2014-06-10 07:32 - 2011-03-08 19:03 - 00705108 _____ () C:\windows\system32\perfh007.dat
2014-06-10 07:32 - 2011-03-08 19:03 - 00151476 _____ () C:\windows\system32\perfc007.dat
2014-06-10 07:32 - 2009-07-14 07:13 - 01629372 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-10 07:30 - 2011-11-23 12:13 - 00000000 ____D () C:\ProgramData\Google Updater
2014-06-10 07:25 - 2012-04-02 09:19 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 07:25 - 2011-11-23 12:14 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 07:25 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-10 07:25 - 2009-07-14 06:51 - 00171861 _____ () C:\windows\setupact.log
2014-06-09 10:02 - 2011-09-27 15:05 - 00437270 _____ () C:\windows\PFRO.log
2014-06-09 10:01 - 2013-11-18 14:42 - 00807424 _____ () C:\Users\user\Desktop\Monatsausgaben 2013-2014.xls
2014-06-09 03:57 - 2011-11-10 22:10 - 00000000 ____D () C:\windows\rescache
2014-06-08 17:21 - 2014-06-08 17:21 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_deu.exe
2014-06-08 03:23 - 2014-03-16 10:54 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForuser.job
2014-06-08 03:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-06-08 03:03 - 2011-03-08 18:27 - 01607396 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-06-07 19:51 - 2014-06-07 19:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-07 19:51 - 2014-06-07 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-07 19:49 - 2014-06-07 19:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-07 19:44 - 2014-06-07 19:44 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2014-06-07 19:44 - 2014-06-07 19:44 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2014-06-07 19:39 - 2011-11-10 15:35 - 00000000 ___RD () C:\Users\user\Virtual Machines
2014-06-07 19:39 - 2011-11-10 15:35 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-07 19:39 - 2011-11-10 15:35 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-07 19:39 - 2009-07-14 07:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-06-07 19:39 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-07 19:38 - 2011-11-17 13:23 - 00001425 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-07 19:35 - 2009-07-14 06:45 - 00482936 _____ () C:\windows\system32\FNTCACHE.DAT
2014-06-07 19:34 - 2012-05-18 23:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-07 19:34 - 2012-05-18 23:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-07 04:30 - 2014-06-07 04:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-07 04:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-07 04:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-07 04:30 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-06-07 04:29 - 2009-07-27 16:36 - 00000000 ____D () C:\Program Files\Windows Journal
2014-06-07 04:25 - 2011-11-21 14:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-07 04:10 - 2014-06-07 04:00 - 00012562 _____ () C:\windows\IE11_main.log
2014-06-07 04:04 - 2014-06-07 04:04 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-07 04:04 - 2014-06-07 04:04 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-07 04:04 - 2014-06-07 04:04 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-06-07 04:04 - 2014-06-07 04:04 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-06-07 04:04 - 2014-06-07 04:04 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-06-07 04:04 - 2014-06-07 04:04 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-06-07 04:04 - 2014-06-07 04:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-06-07 04:04 - 2014-06-07 04:04 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-06-07 04:04 - 2014-06-07 04:04 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-06-07 04:04 - 2014-06-07 04:04 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-06-07 04:04 - 2014-06-07 04:04 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-07 03:56 - 2012-08-07 13:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-07 03:56 - 2012-08-07 13:21 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 03:48 - 2013-10-08 13:18 - 00002057 _____ () C:\windows\epplauncher.mif
2014-06-07 03:47 - 2009-07-14 04:34 - 00000646 _____ () C:\windows\win.ini
2014-06-07 03:32 - 2013-10-08 13:18 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-07 03:31 - 2013-10-08 13:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-07 03:31 - 2013-10-08 13:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-07 03:26 - 2014-06-07 03:24 - 00000000 ____D () C:\windows\system32\MRT
2014-06-07 03:06 - 2012-05-18 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-07 03:01 - 2014-06-07 03:01 - 00264636 _____ () C:\windows\msxml4-KB2758694-enu.LOG
2014-06-06 22:14 - 2014-06-06 21:19 - 00000000 ____D () C:\ComboFix
2014-06-06 21:58 - 2011-11-10 15:15 - 00000000 ____D () C:\Users\user\AppData\Roaming\hpqLog
2014-06-06 21:57 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-06-06 21:42 - 2014-06-06 21:08 - 00000000 ____D () C:\windows\erdnt
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 21:40 - 2014-06-06 21:40 - 00000000 ____D () C:\Users\Acronis Agent User\AppData\Local\temp
2014-06-06 21:19 - 2014-06-06 21:09 - 00000000 ____D () C:\Qoobox
2014-06-06 20:59 - 2014-06-06 21:07 - 05205146 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-06-06 20:59 - 2014-06-06 20:56 - 05205146 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-06-06 20:39 - 2014-06-06 20:38 - 02072576 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-06-06 15:50 - 2014-06-06 15:50 - 00012806 _____ () C:\Users\user\Desktop\gmer.log
2014-06-06 15:40 - 2014-06-06 15:40 - 00054927 _____ () C:\Users\user\Desktop\Addition.txt
2014-06-06 15:39 - 2014-06-06 15:39 - 00043208 _____ () C:\Users\user\Desktop\FRST.txt
2014-06-06 15:35 - 2014-06-06 15:34 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357 (1).exe
2014-06-06 15:33 - 2014-06-06 15:33 - 00380416 _____ () C:\Users\user\Downloads\Gmer-19357.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00050477 _____ () C:\Users\user\Downloads\Defogger.exe
2014-06-06 15:32 - 2014-06-06 15:32 - 00000242 _____ () C:\Users\user\Desktop\defogger_enable.log
2014-06-06 15:32 - 2014-06-06 15:31 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log
2014-06-06 15:32 - 2014-06-06 15:31 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-06-06 15:09 - 2012-08-07 10:35 - 00000000 ____D () C:\Users\user\Documents\Privat
2014-06-06 12:49 - 2014-06-06 12:49 - 00275208 _____ () C:\windows\Minidump\060614-21730-01.dmp
2014-06-06 12:49 - 2012-09-11 22:26 - 681168329 _____ () C:\windows\MEMORY.DMP
2014-06-06 12:49 - 2012-09-11 22:26 - 00000000 ____D () C:\windows\Minidump
2014-06-06 12:36 - 2012-04-06 11:51 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-06 12:34 - 2013-08-06 10:49 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-06-06 12:34 - 2013-08-06 10:49 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-06-06 12:29 - 2013-05-08 08:19 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-06 12:23 - 2014-05-20 11:24 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-06 12:23 - 2014-05-20 11:24 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-06-06 12:23 - 2013-05-08 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-06 12:23 - 2013-03-14 15:06 - 00000000 ____D () C:\Users\Public\Documents\Profi cash
2014-06-06 12:23 - 2011-11-23 14:59 - 00000000 ____D () C:\windows\system32\Macromed
2014-06-06 12:23 - 2011-11-22 16:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\IrfanView
2014-06-06 12:23 - 2011-11-10 15:17 - 00000000 ____D () C:\Users\user\AppData\Local\Hewlett-Packard
2014-06-06 12:23 - 2011-03-08 18:55 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-06-06 12:23 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-06 12:23 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2014-06-06 12:22 - 2012-08-07 14:36 - 00000000 ____D () C:\Users\user\Documents\Projekte
2014-06-06 12:18 - 2012-03-05 11:01 - 00000000 ___RD () C:\MSOCache
2014-06-06 11:29 - 2013-03-27 15:45 - 00000000 ____D () C:\Users\user\Desktop\Dateien
2014-06-05 11:22 - 2012-12-06 08:57 - 00000000 ____D () C:\Users\user\Documents\WISO Haushaltsbuch
2014-06-04 18:20 - 2008-03-10 11:26 - 00002124 ____H () C:\Users\user\Documents\Default.rdp
2014-06-04 15:54 - 2014-06-04 15:47 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-06-02 15:22 - 2013-11-10 20:57 - 00000000 ____D () C:\Users\user\Desktop\Vermögensübersichten
2014-06-02 10:43 - 2013-03-25 09:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\GLS Vereinsmeister
2014-06-02 10:43 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-06-01 22:29 - 2010-03-25 16:36 - 00157696 _____ () C:\Users\user\Desktop\Neu Microsoft Excel-Arbeitsblatt.xls
2014-05-21 09:48 - 2014-05-21 09:48 - 00000000 ____D () C:\Users\user\Documents\Need for Speed World
2014-05-20 12:06 - 2014-05-20 12:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Need for Speed World
2014-05-20 11:24 - 2014-05-20 11:24 - 00000000 ____D () C:\Users\user\AppData\Local\Electronic_Arts_Inc
2014-05-16 07:34 - 2009-07-14 07:08 - 00032632 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-05-14 15:22 - 2012-04-02 09:19 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 15:22 - 2012-04-02 09:19 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 15:22 - 2011-11-23 14:59 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 09:24 - 2014-05-13 09:18 - 00009081 _____ () C:\Users\user\Desktop\Kennwort Outlook.xlsx
2014-05-12 16:35 - 2013-03-14 15:06 - 00000000 ____D () C:\Program Files (x86)\Profi cash
2014-05-12 12:38 - 2011-11-23 12:14 - 00004102 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 12:38 - 2011-11-23 12:14 - 00003850 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-12 07:26 - 2014-06-07 19:51 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-07 19:51 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-07 19:51 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 00:50

==================== End Of Log ============================
--- --- ---

deeprybka 10.06.2014 17:37
Hi, die Addition.txt fehlt mir noch... ;)
Bei all den Logs kann man schon mal durcheinanderkommen. Kannst auch nochmal neu scannen und Haken vorher bei Addition.txt setzen... :)

zorin74 11.06.2014 09:05
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2014
Ran by user at 2014-06-10 08:09:40
Running from C:\FRST\FRST-OlderVersion
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Acronis Backup & Recovery 10 Tray Monitor (HKLM-x32\...\{07F6BABF-0653-41A0-BCB7-8C2148AD2F1A}) (Version: 10.0.11345 - Acronis)
Acronis Backup & Recovery 10 Upgrade Tool (HKLM-x32\...\{0665E2D2-2CF0-47C3-A0BA-11DCEFB0636F}) (Version: 10.0.11345 - Acronis)
Acronis Backup & Recovery 10* Agent (HKLM-x32\...\{90859A61-C317-48B9-8E31-4B742611FD19}) (Version: 10.0.11345 - Acronis)
Acronis Backup & Recovery 10*Bootfähige Komponenten und Media Builder (HKLM-x32\...\{FE361859-B039-4E17-96AC-D111183DCF99}) (Version: 10.0.11345 - Acronis)
Acronis Backup & Recovery 10*Standalone*Management*Console (HKLM-x32\...\{4FB3E151-3AFE-458B-8DE8-D8913CCB2527}) (Version: 10.0.11345 - Acronis)
Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.4 - Adobe Systems)
Adobe Acrobat  9 Standard - English, Français, Deutsch (x32 Version: 9.5.4 - Adobe Systems) Hidden
Adobe Acrobat 9.5.4 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}_954) (Version:  - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.16.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.16.0 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{D5526B83-25C4-88A8-A984-98F871DA1415}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Autodesk Design Review 2012 (HKLM-x32\...\Autodesk Design Review 2012) (Version: 12.0.0.98 - Autodesk, Inc.)
Autodesk Design Review 2012 (x32 Version: 12.0.0.98 - Autodesk, Inc.) Hidden
Autodesk Design Review Browser Add-on v1.2  (HKLM-x32\...\{CD49E43B-88B1-48AD-A3AF-43FAAAB41CB8}) (Version: 1.2.0 - Autodesk)
Avira Antivirus Premium (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.60.48.61 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-J5910DW (HKLM-x32\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{8985824A-20E6-499F-97E1-6D20D9ECD869}) (Version: 0.9.24 - Kovid Goyal)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0206.1335.24298 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help English (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help French (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help German (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
ccc-utility64 (Version: 2011.0206.1335.24298 - ATI) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Plug-in - Web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Citrix Online Plug-in (DV) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (HDX) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (USB) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (Web) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.1.0.1 - Hewlett-Packard Company)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.98.29476 - Hewlett-Packard Company)
DWG TrueView 2012 (HKLM\...\DWG TrueView 2012) (Version: 18.2.51.0 - Autodesk)
DWG TrueView 2012 (Version: 18.2.51.0 - Autodesk) Hidden
Embedded Security for HP ProtectTools (HKLM\...\{87821717-5688-4AE6-887A-6B11571D0CD7}) (Version: 6.0.100.2572 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.18 - NCH Software)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4407 - Hewlett-Packard Company)
Farm Frenzy 3 American Pie (HKLM-x32\...\Farm Frenzy 3 American Pie) (Version:  - )
Farm Frenzy 3 Russisches Roulette (HKLM-x32\...\Farm Frenzy 3 Russisches Roulette) (Version:  - )
Farm Frenzy 4 (HKLM-x32\...\Farm Frenzy 4) (Version:  - )
FarmFrenzy Pizza Party (HKLM-x32\...\FarmFrenzy Pizza Party) (Version:  - )
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.15 - Hewlett-Packard Company)
GLS Vereinsmeister 6.1 (HKLM-x32\...\{2C75A885-9B73-4BC4-BB4E-974CDBB37F3C}_is1) (Version: 6.1 - GLS Software & Systeme)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.2.183.29 - Google Inc.) Hidden
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.2.969.23408 - Google Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
honestech Audio Recorder 2.0 Deluxe (HKLM-x32\...\{A0BC5BCD-893F-47F4-8903-FDC7CAC2AFB1}) (Version: 2.0 - honestech)
honestech Audio Recorder 2.0 Deluxe (x32 Version: 2.0 - Honest Technology) Hidden
HP 3D DriveGuard (HKLM\...\{7B4DEBE1-E3E3-45BD-88E6-6C3CA9EEED36}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Automation Agent Preload  (HKLM-x32\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{801EAD7A-7202-4BE4-84A1-299202AD17C0}) (Version: 2.0.7.1 - Hewlett-Packard Company)
HP GPS and Location (HKLM-x32\...\{225C4860-9D03-49F5-B983-943EB938E0B0}) (Version: 1.0.26.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 6.3.5.3 - Ericsson AB)
HP Power Assistant (HKLM\...\{D9355D03-2C06-401B-8A16-F6500379AE21}) (Version: 2.1.0.6 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.06.1004 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 6.06.1004 - Hewlett-Packard Company) Hidden
HP QuickWeb (HKLM-x32\...\{6B5E7B4F-64A2-4DEB-B210-0DD92F940A01}) (Version: 3.0.3.9925 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{D2A2E5CD-801A-4B8D-8119-F79449A09B67}) (Version: 2.3.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6428.0 - IDT)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
JNLP (HKCU\...\JNLP) (Version:  - JNLP)
Juniper Citrix Services Client (HKCU\...\Juniper_Citrix_Services) (Version: 6.5.0.15991 - Juniper Networks)
Juniper Installer Service (HKLM-x32\...\SetupService) (Version: 2.1.2.5973 - Juniper Networks)
Juniper Networks Cache Cleaner 6.5.0 (HKCU\...\Juniper_Networks_Cache_Cleaner 6.5.0) (Version: 6.5.0.15991 - Juniper Networks)
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.2.0.22071 - Juniper Networks)
Juniper Networks Network Connect 6.5.0 (HKLM-x32\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.15991 - Juniper Networks)
Juniper Networks Network Connect 7.2.0 (HKLM-x32\...\Juniper Network Connect 7.2.0) (Version: 7.2.0.22071 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.2.5.26817 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Lotus Notes 8.0.2 de (HKLM-x32\...\{A653AE3D-2B82-46F2-BB14-6AA4EB5EB56C}) (Version: 8.02.8255 - IBM)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Online Services-Anmeldeassistent (HKLM\...\{E20B2752-0909-4B28-B8A9-A9BE519CA1A1}) (Version: 7.250.4287.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NCH DE Toolbar (HKLM-x32\...\NCH_DE Toolbar) (Version: 6.10.2.5 - NCH DE)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
ORCA AVA (HKLM-x32\...\{8AF681AD-7AB3-4F87-B056-62F056638118}) (Version: 18.00.0010 - ORCA Software GmbH)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Privacy Manager for HP ProtectTools (HKLM\...\{5476AB75-E584-4497-80AF-7F205D8F6F54}) (Version: 6.01.842 - Hewlett-Packard Company)
Profi cash (HKLM-x32\...\Profi cash) (Version:  - )
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio MyDVD Business 2010 (HKLM-x32\...\{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}) (Version: 12.1.74.13 - Roxio)
Roxio MyDVD Business 2010 (x32 Version: 1.0.410 - Roxio) Hidden
Roxio Secure Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.8.73.2 - Roxio)
Roxio Secure Burn (x32 Version: 1.8 - Roxio) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
SeeSimilar (HKLM-x32\...\SeeSimilar) (Version: 1.0.0.6 - SeeSimilar.com)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version:  - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.9 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.33 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.33 - Hewlett-Packard Company) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{BFA2D2A7-4FAC-4862-B7A3-960B329C2177}) (Version: 4.3.216.0 - Validity Sensors, Inc.)
ViewCompanion Standard 6.01 (HKLM-x32\...\ViewCompanion Standard_is1) (Version: 6.01.0.0 - Software Companions)
VIP Access SDK (1.0.1.5)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.5 - Symantec Inc.)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.204.39000 - Vodafone)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WISO Haushaltsbuch 2013 (HKLM-x32\...\WISO Haushaltsbuch 2013) (Version:  - Buhl Data Service GmbH)
WISO Haushaltsbuch 2013 (x32 Version: 15.0.0.1 - Buhl Data Service GmbH) Hidden
WISO Mein Geld 2010 Professional (HKLM-x32\...\WISO Mein Geld 2010 Professional) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2010 Professional (x32 Version: 11.00.00.0025 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)

==================== Restore Points  =========================

07-06-2014 01:00:50 Windows Update
08-06-2014 01:00:16 Windows Update
09-06-2014 01:00:16 Windows Update
10-06-2014 05:58:30 Removed Java(TM) 6 Update 31
10-06-2014 06:01:46 Installed Java 7 Update 60 (64-bit)

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-06 21:56 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {14831B42-E48C-449A-90BD-1057FD4F063A} - System32\Tasks\HPCeeScheduleForuser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {15F35C20-E7B6-454C-B323-DF3C9BBDCECF} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {27272250-B58F-4F32-A794-87EF17C9DE40} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {4CC58D82-EBA1-4466-86C4-8816231CE357} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23] (Google Inc.)
Task: {4E1A0603-8305-4365-AE88-3384F11281BF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {5F09F09D-97DC-470C-B854-AD0C38DA93E6} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-05-08] (Google)
Task: {6B1C7CBC-9B47-4076-B7E4-81350EA7DF65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7BA78D53-CAF0-4A99-BDE5-D15A48C0D105} - System32\Tasks\NCH Software\SwitchReminder => C:\Program Files (x86)\NCH Software\Switch\Switch.exe
Task: {7C066AA3-9170-473F-BE3A-B8BB92CBB1A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23] (Google Inc.)
Task: {7E98C35A-96FA-4F56-8E58-A62E644760E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8360D29A-7FEA-4CBB-947A-81F8BB8E8EF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {C31496B2-DDF1-44AF-A918-EE85016D2FFC} - System32\Tasks\fvw434495 => C:\windows\fvwuac434495.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForuser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-02-08 12:52 - 2012-02-08 12:52 - 01956864 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcNp64.DLL
2010-11-04 11:53 - 2007-02-09 11:41 - 00014848 _____ () C:\windows\System32\KOAZXJ_L.dll
2011-04-08 04:18 - 2011-04-08 04:18 - 00027648 _____ () C:\windows\System32\sdf2ml6.dll
2011-07-18 16:48 - 2011-07-18 16:48 - 00156216 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-02-08 13:00 - 2012-02-08 13:00 - 03401216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-09-06 13:18 - 2010-09-06 13:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-02-08 12:08 - 2012-02-08 12:08 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2012-02-08 12:10 - 2012-02-08 12:10 - 01323008 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2011-02-16 10:58 - 2011-02-16 10:58 - 00818160 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2012-02-08 12:44 - 2012-02-08 12:44 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2011-02-12 01:26 - 2011-02-12 01:26 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-02-12 01:26 - 2011-02-12 01:26 - 00024576 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2011-02-06 22:34 - 2011-02-06 22:34 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-08 19:01 - 2011-06-11 12:42 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-08 12:40 - 2012-02-08 12:40 - 02830336 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-02-08 12:08 - 2012-02-08 12:08 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-02-08 12:43 - 2012-02-08 12:43 - 02863104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-02-08 12:41 - 2012-02-08 12:41 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-02-08 12:12 - 2012-02-08 12:12 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-02-08 12:13 - 2012-02-08 12:13 - 01945600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2012-02-08 12:39 - 2012-02-08 12:39 - 03092480 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2011-09-27 14:41 - 2010-02-17 20:20 - 00065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
2009-11-28 01:33 - 2009-11-28 01:33 - 00202896 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\events_trace.dll
2009-11-28 01:33 - 2009-11-28 01:33 - 00282768 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\fnls.dll
2009-11-28 01:42 - 2009-11-28 01:42 - 00423544 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\FileTrace.dll
2012-04-23 17:49 - 2012-04-23 17:49 - 00396800 _____ () C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-08-29 13:42 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-06-07 20:37 - 2014-06-07 20:37 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2011-09-27 14:36 - 2011-01-13 03:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk => C:\windows\pss\Google Updater.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^honestech Audio Recorder 2.0 Deluxe Launcher.lnk => C:\windows\pss\honestech Audio Recorder 2.0 Deluxe Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Zahlungserinnerung.lnk => C:\windows\pss\Zahlungserinnerung.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\user\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: IFXSPMGT => "c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: QLBController => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2014 07:43:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi

Error: (06/09/2014 09:51:02 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/09/2014 09:50:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/09/2014 09:43:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi

Error: (06/09/2014 08:43:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi

Error: (06/09/2014 07:43:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi

Error: (06/09/2014 06:43:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi

Error: (06/09/2014 05:43:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi

Error: (06/09/2014 04:43:26 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi

Error: (06/09/2014 03:43:03 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi


System errors:
=============
Error: (06/10/2014 07:30:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Mobile 2003-basierte Gerätekonnektivität" wurde mit folgendem Fehler beendet:
%%193

Error: (06/10/2014 07:28:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {373E19B5-76AA-46D5-93A9-2E39A99B39B2}

Error: (06/10/2014 07:28:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Mobile 2003-basierte Gerätekonnektivität" wurde mit folgendem Fehler beendet:
%%193

Error: (06/10/2014 07:27:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070

Error: (06/10/2014 07:27:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Email Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070

Error: (06/10/2014 07:27:47 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet.

Error: (06/10/2014 07:27:13 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/10/2014 07:23:00 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/09/2014 10:08:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Mobile 2003-basierte Gerätekonnektivität" wurde mit folgendem Fehler beendet:
%%193

Error: (06/09/2014 10:08:21 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {373E19B5-76AA-46D5-93A9-2E39A99B39B2}


Microsoft Office Sessions:
=========================
Error: (06/10/2014 07:43:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/09/2014 09:51:02 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/09/2014 09:50:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Downloads\esetsmartinstaller_deu.exe

Error: (06/09/2014 09:43:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/09/2014 08:43:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/09/2014 07:43:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/09/2014 06:43:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/09/2014 05:43:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/09/2014 04:43:26 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/09/2014 03:43:03 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\4_Update_9-4-2.msi(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-06-10 07:58:22.669
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-10 07:57:59.808
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-10 07:52:47.957
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-10 07:52:44.242
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-10 07:50:53.960
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-10 07:50:47.269
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-10 07:50:40.105
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-10 07:50:28.806
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-10 07:50:25.510
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-10 07:49:53.292
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\AESTAR64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 4070.36 MB
Available physical RAM: 1681.36 MB
Total Pagefile: 8138.9 MB
Available Pagefile: 4674.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:444.61 GB) (Free:314.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:15.86 GB) (Free:2.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.12 GB) FAT32
Drive f: (SSU) (CDROM) (Total:0.69 GB) (Free:0.33 GB) UDF
Drive g: (10.3.204.39000_ZTE) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2DFC636B)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End Of Log ============================

deeprybka 11.06.2014 11:25
Gute Arbeit!
Aber bitte nicht zwei Antivirusprogramme installiert lassen. Das erzeugt antagonistische Effekte.

Code:
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
Aufräumen:
Defogger: Falls benutzt worden, Defogger nochmal starten und auf re-enable klicken.
Anschließend:

Schritt 1
http://deeprybka.trojaner-board.de/b...s/combofix.png Combofix-Deinstallation.
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

http://deeprybka.trojaner-board.de/b...ean/fragen.png Gibts jetzt noch Probleme mit Deinem Rechner? Oder hast Du noch Fragen?

NEIN?

Alle Logs gepostet? Ja! Dann lade Dir bitte http://filepony.de/icon/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

>>clean<<
Wir haben es geschafft! :abklatsch:
Die Logs sehen für mich im Moment sauber aus. :daumenhoc

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem http://deeprybka.trojaner-board.de/b...an/windows.pngWindows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die http://deeprybka.trojaner-board.de/b...an/updates.PNGautomatischen Updates aktiviert sind.

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für die Browser http://deeprybka.trojaner-board.de/b...n/browsers.png, Java http://deeprybka.trojaner-board.de/b...clean/java.png, Flash-Player http://filepony.de/icon/flashplayer_firefox.png und PDF-Reader http://filepony.de/icon/adobe_reader.png, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine infizierte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox http://deeprybka.trojaner-board.de/b...an/firefox.png einsetzen, für welchen es zwei nützliche Addons als Empfehlung gibt:
  • http://filepony.de/icon/noscript.png NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • http://filepony.de/icon/adblock_firefox.pngAdblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.

  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.
  • Optional: Auch http://deeprybka.trojaner-board.de/b...virustotal.png virustotal.com ist Dein Freund! Lade dubiose oder unbekannte Dateien hoch, bevor Du diese startest oder installierst.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista/7/8 ).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131