| |
| |||||||
Log-Analyse und Auswertung: Windows7: auf Webseiten erscheinen unzählige automatische Links zu WerbeseitenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.03.2014, 19:27
| #1 |
| |  Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten Hallo, als erstes möchte ich Ihnen mitteilen, dass ich selbständig ("ein-Mann-Büro") tätig bin, hoffe aber trotzdem auf Ihre Hilfe. Den PC habe ich mir erst im Februar angeschafft und habe seit gestern deutliche Probleme mit meinem Internet. Zu meinem Problem: Es werden kleine Werbefenster geöffnet und wenn man diese schließen will, öffnet sich ein neuer Tab, in dem zunächst im Tabreiter "redirect" steht. Teilweise kommt die Meldung, dass Fehler auf dem Computer sind und dass der Videoplayer nicht aktuell ist. Beim Schließen der Meldung wird man zwangsweise weitergeleitet zu Software-Seiten für den Schutzsoftware für den Computer. Ich arbeite mit Firefox. Den CCleaner habe ich heute aktualisiert und auch angewendet. Firefox und den VCL-Media-Player habe ich deinstalliert und neu aus dem Internet geladen und wieder installiert. Jetzt erscheint mir auf fast allen Web-Seiten normaler Text mit Links (Wörter in grüner Schrift hervorgehoben und doppelt unterstrichen) und es öffnen sich Popup-Werbefenster beim drübergleiten mit dem Mauszeiger. Man wird auf Werbeseiten weitergeleitet (teilweise Seiten, die Software zum Reparieren des PC anbieten). Entsprechend Ihrer Anleitung habe ich bereits die Schritte 1-3 durchgeführt und hoffe, dass Sie mir helfen können. Viele Grüße, Williams Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:57 on 20/03/2014 (Wilhelms)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Wilhelms (administrator) on WILHELMS-THINK on 20-03-2014 15:14:23
Running from C:\Users\Wilhelms\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
() C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
() C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe
() C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Jumping Bytes) C:\Program Files (x86)\PureSync\PureSyncTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2012-01-11] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [289648 2012-05-24] (Lenovo Group Limited)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-02-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Power Manager Startup Utility] - C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [23352 2012-02-22] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [ScanSoft OmniPage SE 16-reminder] - C:\Program Files (x86)\ScanSoft\OmniPage16\Ereg\Ereg.exe [54560 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-20] (Google Inc.)
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\Run: [PureSync] - C:\Program Files (x86)\PureSync\PureSyncTray.exe [906928 2013-12-20] (Jumping Bytes)
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-921028674-1557540371-993933637-1000\...\MountPoints2: {4963afac-c126-11e2-b484-806e6f6e6963} - Q:\LenovoQDrive.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE574
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE574
BHO: Weather It Up - {11111111-1111-1111-1111-110411911136} - C:\Program Files (x86)\Weather It Up\Weather It Up-bho64.dll (Phoenix Media)
BHO: addplushd - {11111111-1111-1111-1111-110511291116} - C:\Program Files (x86)\addplushd\addplushd-bho64.dll (hdideo)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Weather It Up - {11111111-1111-1111-1111-110411911136} - C:\Program Files (x86)\Weather It Up\Weather It Up-bho.dll (Phoenix Media)
BHO-x32: addplushd - {11111111-1111-1111-1111-110511291116} - C:\Program Files (x86)\addplushd\addplushd-bho.dll (hdideo)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: ResultsAlpha - {cbab673a-a480-4050-bd2b-5de24a7a0282} - C:\Program Files (x86)\ResultsAlpha\ResultsAlphabho.dll (ResultsAlpha)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Wilhelms\AppData\Roaming\Mozilla\Firefox\Profiles\38bnys50.default
FF user.js: detected! => C:\Users\Wilhelms\AppData\Roaming\Mozilla\Firefox\Profiles\38bnys50.default\user.js
FF Homepage: https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?tab%3Dwm&scc=1<mpl=googlemail&emr=1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 bupService; C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe [1005056 2014-03-19] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2013-03-19] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2785280 2013-03-19] (Firebird Project)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [70968 2012-02-22] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [165176 2012-02-22] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 Update ResultsAlpha; C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe [348960 2014-03-19] ()
R2 Util ResultsAlpha; C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe [348960 2014-03-19] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-18] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
S3 cxbu1x64; C:\Windows\System32\DRIVERS\cxbu1x64.sys [177152 2012-02-02] ( )
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-20 15:14 - 2014-03-20 15:14 - 00017724 _____ () C:\Users\Wilhelms\Downloads\FRST.txt
2014-03-20 15:14 - 2014-03-20 15:14 - 00000000 ____D () C:\FRST
2014-03-20 15:12 - 2014-03-20 15:12 - 02157056 _____ (Farbar) C:\Users\Wilhelms\Downloads\FRST64.exe
2014-03-20 14:57 - 2014-03-20 14:57 - 00000478 _____ () C:\Users\Wilhelms\Downloads\defogger_disable.log
2014-03-20 14:57 - 2014-03-20 14:57 - 00000000 _____ () C:\Users\Wilhelms\defogger_reenable
2014-03-20 14:54 - 2014-03-20 14:54 - 00050477 _____ () C:\Users\Wilhelms\Downloads\Defogger.exe
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\vlc
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-20 13:24 - 2014-03-20 13:26 - 25055851 _____ () C:\Users\Wilhelms\Downloads\vlc-2.1.4-win64.exe
2014-03-20 13:16 - 2014-03-20 14:43 - 00003106 _____ () C:\Windows\Tasks\Weather It Up-chromeinstaller.job
2014-03-20 13:16 - 2014-03-20 14:43 - 00002440 _____ () C:\Windows\Tasks\Weather It Up-firefoxinstaller.job
2014-03-20 13:16 - 2014-03-20 14:43 - 00001524 _____ () C:\Windows\Tasks\Weather It Up-updater.job
2014-03-20 13:16 - 2014-03-20 14:43 - 00001478 _____ () C:\Windows\Tasks\Weather It Up-codedownloader.job
2014-03-20 13:16 - 2014-03-20 14:43 - 00001358 _____ () C:\Windows\Tasks\Weather It Up-enabler.job
2014-03-20 13:16 - 2014-03-20 13:16 - 00004554 _____ () C:\Windows\System32\Tasks\Weather It Up-updater
2014-03-20 13:16 - 2014-03-20 13:16 - 00004508 _____ () C:\Windows\System32\Tasks\Weather It Up-codedownloader
2014-03-20 13:16 - 2014-03-20 13:16 - 00004388 _____ () C:\Windows\System32\Tasks\Weather It Up-enabler
2014-03-20 13:16 - 2014-03-20 13:16 - 00000000 ____D () C:\Program Files (x86)\Weather It Up
2014-03-20 13:13 - 2014-03-20 13:13 - 00000000 ____D () C:\ProgramData\Real
2014-03-20 12:22 - 2014-03-20 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 11:36 - 2014-03-20 14:43 - 00000168 _____ () C:\Windows\setupact.log
2014-03-20 11:36 - 2014-03-20 11:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-19 19:53 - 2014-03-19 19:53 - 00000000 ____D () C:\Users\Wilhelms\Documents\AgroView SN Profile
2014-03-19 19:52 - 2014-03-19 19:52 - 00002651 _____ () C:\Users\Public\Desktop\AgroView 2014.lnk
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\Program Files (x86)\GAF
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\AgroView SN
2014-03-19 12:12 - 2014-03-20 07:50 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\systweak
2014-03-19 12:12 - 2014-02-26 18:45 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-03-19 08:53 - 2014-03-19 08:53 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-19 08:53 - 2014-03-19 08:53 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-19 08:53 - 2014-03-19 08:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-19 08:51 - 2014-03-19 08:52 - 03690256 _____ (Piriform Ltd) C:\Users\Wilhelms\Downloads\ccsetup411_slim.exe
2014-03-19 08:42 - 2014-03-20 14:43 - 00003090 _____ () C:\Windows\Tasks\addplushd-chromeinstaller.job
2014-03-19 08:42 - 2014-03-20 14:43 - 00002308 _____ () C:\Windows\Tasks\addplushd-firefoxinstaller.job
2014-03-19 08:42 - 2014-03-20 14:43 - 00001502 _____ () C:\Windows\Tasks\addplushd-updater.job
2014-03-19 08:42 - 2014-03-20 14:43 - 00001456 _____ () C:\Windows\Tasks\addplushd-codedownloader.job
2014-03-19 08:42 - 2014-03-20 14:43 - 00001356 _____ () C:\Windows\Tasks\addplushd-enabler.job
2014-03-19 08:42 - 2014-03-19 15:33 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha
2014-03-19 08:42 - 2014-03-19 08:42 - 00004532 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-19 08:42 - 2014-03-19 08:42 - 00004486 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-19 08:42 - 2014-03-19 08:42 - 00004386 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Security System 2
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\BupSystem
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Program Files (x86)\addplushd
2014-03-19 08:39 - 2014-03-19 08:50 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\DownloadGuide
2014-03-17 13:27 - 2014-03-17 13:27 - 00000000 ___SD () C:\Users\Wilhelms\Documents\Meine Datenquellen
2014-03-17 08:29 - 2014-03-17 08:29 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-03-12 10:27 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 10:27 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 10:27 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 10:27 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 10:27 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 10:27 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 10:27 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 10:27 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 10:27 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 10:27 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 10:27 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 10:27 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 10:27 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 10:27 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 10:27 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 10:27 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 10:27 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 10:27 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 10:27 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 10:27 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 10:27 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 10:27 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 10:27 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 10:27 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 10:27 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 10:27 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 10:27 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 10:27 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 10:27 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 10:27 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 10:27 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 10:27 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 10:27 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 10:27 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 10:27 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 10:27 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 10:27 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 10:27 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 10:27 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 10:27 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 10:27 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 10:27 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 10:27 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 10:27 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 10:24 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 10:24 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 10:24 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 10:24 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-05 10:25 - 2014-03-05 10:32 - 00000557 _____ () C:\Windows\wiso.ini
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fahrtenbuch
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Buhl Data Service
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl Data Service
2014-03-05 10:24 - 2014-03-05 10:29 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl
2014-03-04 13:28 - 2014-03-04 14:25 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files\SECUNET
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\USB CCID
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\SECUNET
2014-03-04 13:15 - 2014-03-04 13:16 - 22825680 _____ () C:\Users\Wilhelms\Downloads\GuD_StarSign_USB_Token_fuer_ELSTER_64-1.2.0.exe
2014-03-03 07:58 - 2014-03-03 07:58 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\PDF24
2014-03-03 07:56 - 2014-03-03 07:56 - 00001090 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00001070 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-03-03 07:53 - 2014-03-03 07:55 - 16204160 _____ (Geek Software GmbH ) C:\Users\Wilhelms\Downloads\pdf24-creator-6.3.2.exe
2014-03-03 07:51 - 2014-03-03 07:51 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-02-28 11:13 - 2014-02-28 11:13 - 02866912 _____ () C:\Users\Wilhelms\Downloads\OKW3C03Z117_tcm3-142581.exe
2014-02-28 11:13 - 2013-06-27 15:02 - 00000000 ____D () C:\Users\Wilhelms\Downloads\OKW3C03Z117
2014-02-28 10:45 - 2014-02-28 10:47 - 21268992 _____ () C:\Users\Wilhelms\Downloads\MC351MC361MC561%20Twain%2032Bit%20Driver_tcm3-121597.exe
2014-02-28 10:05 - 2014-02-28 10:05 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fax
2014-02-28 09:37 - 2014-02-28 09:37 - 00347816 _____ (Microsoft Corporation) C:\Users\Wilhelms\Downloads\MicrosoftFixit.Printing.Run.exe
2014-02-25 09:35 - 2014-02-28 10:59 - 00000000 ____D () C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170
2014-02-25 09:34 - 2014-02-25 09:35 - 10356344 _____ (Oki Data Corporation) C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170.exe
2014-02-25 09:31 - 2014-02-25 09:31 - 00003254 _____ () C:\Windows\System32\Tasks\{F5AF33FE-0D6B-43F9-A2C4-9AC95B3C40D7}
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-02-22 20:48 - 2014-02-28 18:09 - 00000031 _____ () C:\Users\Wilhelms\AppData\Roaming\Opusbext.dat
2014-02-22 19:57 - 2014-02-22 19:57 - 00000000 ____D () C:\Program Files\Okidata
2014-02-22 19:55 - 2014-02-22 19:55 - 00002031 _____ () C:\Users\Public\Desktop\Template Manager 4.0.lnk
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\Documents\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\InstallShield
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\ProgramData\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Program Files (x86)\Okidata
2014-02-22 19:52 - 2014-02-22 19:58 - 00000000 ____D () C:\ProgramData\InstallShield
2014-02-22 19:52 - 2014-02-22 19:52 - 00000407 _____ () C:\Windows\MAXLINK.INI
2014-02-22 19:52 - 2014-02-22 19:52 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-02-22 19:51 - 2014-02-22 19:51 - 00000000 ____D () C:\Program Files (x86)\ScanSoft
2014-02-22 19:36 - 2014-02-22 19:36 - 00000000 ____D () C:\ProgramData\Okidata
2014-02-20 22:45 - 2014-02-20 22:45 - 00000000 ____D () C:\Style
2014-02-19 11:13 - 2014-02-19 11:13 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\webkit
2014-02-19 11:12 - 2014-02-19 11:12 - 00000893 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-02-19 10:34 - 2014-02-19 10:34 - 00003304 _____ () C:\Users\Wilhelms\AppData\Local\recently-used.xbel
2014-02-19 10:07 - 2014-02-19 10:34 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\gtk-2.0
2014-02-19 10:07 - 2014-02-19 10:07 - 00000000 ____D () C:\Users\Wilhelms\.thumbnails
2014-02-19 10:06 - 2014-02-19 11:21 - 00000000 ____D () C:\Users\Wilhelms\.gimp-2.8
2014-02-19 10:06 - 2014-02-19 10:06 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\gegl-0.2
2014-02-19 10:04 - 2014-02-19 10:04 - 00000000 ____D () C:\Program Files\GIMP 2
2014-02-19 09:32 - 2014-02-19 09:38 - 90396104 _____ (The GIMP Team ) C:\Users\Wilhelms\Downloads\gimp-2.8.10-setup.exe
2014-02-19 08:41 - 2014-02-19 08:41 - 00005298 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-19 08:41 - 2014-02-19 08:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-18 19:18 - 2014-02-18 19:23 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Windows Live Writer
2014-02-18 19:18 - 2014-02-18 19:18 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Windows Live Writer
2014-02-18 19:18 - 2014-02-18 19:18 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\{6FF997C2-2B85-4A05-9162-404303D1463F}
2014-02-18 19:18 - 2014-02-18 19:18 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\{2B3194B4-E0FE-430F-8F1A-692B86C2406B}
2014-02-18 18:52 - 2014-02-18 18:52 - 00001726 _____ () C:\Users\Public\Desktop\Sprengnetter-Bibliothek 25.0.lnk
2014-02-18 18:51 - 2014-02-18 18:51 - 00000000 ____D () C:\WFSoftware
2014-02-18 18:13 - 2014-02-18 18:35 - 330404011 _____ () C:\Users\Wilhelms\Downloads\bibliothek.zip
2014-02-18 16:57 - 2014-02-18 16:57 - 00000000 ____D () C:\ProgramData\Sprengnetter
2014-02-18 15:08 - 2014-02-19 08:41 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ___SD () C:\Users\Public\Desktop\Sprengnetter-Software
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ____D () C:\ProgramData\Sun
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ____D () C:\Program Files (x86)\Firebird
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ____D () C:\Program Files (x86)\Borland
2014-02-18 15:08 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-18 15:08 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-18 15:08 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-18 15:08 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-18 15:08 - 2013-03-19 11:00 - 00462848 _____ (IBPhoenix) C:\Windows\SysWOW64\Firebird2Control.cpl
2014-02-18 15:08 - 2013-03-19 10:58 - 00450560 _____ (Firebird Project) C:\Windows\SysWOW64\GDS32.DLL
2014-02-18 15:08 - 2013-03-19 10:58 - 00450560 _____ (Firebird Project) C:\Windows\SysWOW64\FBCLIENT.DLL
2014-02-18 15:08 - 1999-11-12 05:11 - 00184832 _____ () C:\Windows\SysWOW64\BDEADMIN.CPL
2014-02-18 15:07 - 2014-02-18 18:45 - 00000000 ____D () C:\Program Files (x86)\WFSoftware
2014-02-18 14:46 - 2014-03-04 14:05 - 00000000 ____D () C:\Users\Wilhelms\Documents\Steuerfälle
2014-02-18 14:24 - 2014-02-18 14:56 - 441516978 _____ () C:\Users\Wilhelms\Downloads\Setup_2013.zip
2014-02-18 13:41 - 2014-03-07 20:16 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Skype
2014-02-18 13:41 - 2014-02-18 13:41 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-18 13:41 - 2014-02-18 13:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-18 13:41 - 2014-02-18 13:41 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Skype
2014-02-18 13:41 - 2014-02-18 13:41 - 00000000 ____D () C:\ProgramData\Skype
2014-02-18 13:37 - 2014-02-18 13:40 - 35670176 _____ (Skype Technologies S.A.) C:\Users\Wilhelms\Downloads\SkypeSetup13Full.exe
2014-02-18 13:36 - 2014-02-18 13:36 - 00008360 _____ () C:\Windows\system32\lvcoinst.log
2014-02-18 13:36 - 2014-02-18 13:36 - 00000000 ____D () C:\Program Files\Common Files\logishrd
==================== One Month Modified Files and Folders =======
2014-03-20 15:14 - 2014-03-20 15:14 - 00017724 _____ () C:\Users\Wilhelms\Downloads\FRST.txt
2014-03-20 15:14 - 2014-03-20 15:14 - 00000000 ____D () C:\FRST
2014-03-20 15:12 - 2014-03-20 15:12 - 02157056 _____ (Farbar) C:\Users\Wilhelms\Downloads\FRST64.exe
2014-03-20 14:57 - 2014-03-20 14:57 - 00000478 _____ () C:\Users\Wilhelms\Downloads\defogger_disable.log
2014-03-20 14:57 - 2014-03-20 14:57 - 00000000 _____ () C:\Users\Wilhelms\defogger_reenable
2014-03-20 14:57 - 2014-02-06 17:06 - 00000000 ____D () C:\Users\Wilhelms
2014-03-20 14:54 - 2014-03-20 14:54 - 00050477 _____ () C:\Users\Wilhelms\Downloads\Defogger.exe
2014-03-20 14:50 - 2009-07-14 05:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-20 14:50 - 2009-07-14 05:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-20 14:47 - 2013-05-20 19:16 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-03-20 14:47 - 2013-05-20 19:16 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-03-20 14:47 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-20 14:46 - 2013-05-20 09:27 - 01831893 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 14:43 - 2014-03-20 13:16 - 00003106 _____ () C:\Windows\Tasks\Weather It Up-chromeinstaller.job
2014-03-20 14:43 - 2014-03-20 13:16 - 00002440 _____ () C:\Windows\Tasks\Weather It Up-firefoxinstaller.job
2014-03-20 14:43 - 2014-03-20 13:16 - 00001524 _____ () C:\Windows\Tasks\Weather It Up-updater.job
2014-03-20 14:43 - 2014-03-20 13:16 - 00001478 _____ () C:\Windows\Tasks\Weather It Up-codedownloader.job
2014-03-20 14:43 - 2014-03-20 13:16 - 00001358 _____ () C:\Windows\Tasks\Weather It Up-enabler.job
2014-03-20 14:43 - 2014-03-20 11:36 - 00000168 _____ () C:\Windows\setupact.log
2014-03-20 14:43 - 2014-03-19 08:42 - 00003090 _____ () C:\Windows\Tasks\addplushd-chromeinstaller.job
2014-03-20 14:43 - 2014-03-19 08:42 - 00002308 _____ () C:\Windows\Tasks\addplushd-firefoxinstaller.job
2014-03-20 14:43 - 2014-03-19 08:42 - 00001502 _____ () C:\Windows\Tasks\addplushd-updater.job
2014-03-20 14:43 - 2014-03-19 08:42 - 00001456 _____ () C:\Windows\Tasks\addplushd-codedownloader.job
2014-03-20 14:43 - 2014-03-19 08:42 - 00001356 _____ () C:\Windows\Tasks\addplushd-enabler.job
2014-03-20 14:43 - 2013-05-20 09:41 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 14:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 14:41 - 2013-05-20 09:39 - 629752320 ___SH () C:\Windows\lenovo_fastboot.img
2014-03-20 14:33 - 2013-05-20 09:41 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 14:24 - 2014-02-11 11:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\vlc
2014-03-20 13:27 - 2014-03-20 13:27 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-20 13:26 - 2014-03-20 13:24 - 25055851 _____ () C:\Users\Wilhelms\Downloads\vlc-2.1.4-win64.exe
2014-03-20 13:20 - 2014-02-10 18:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 13:18 - 2014-02-06 17:33 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-03-20 13:16 - 2014-03-20 13:16 - 00004554 _____ () C:\Windows\System32\Tasks\Weather It Up-updater
2014-03-20 13:16 - 2014-03-20 13:16 - 00004508 _____ () C:\Windows\System32\Tasks\Weather It Up-codedownloader
2014-03-20 13:16 - 2014-03-20 13:16 - 00004388 _____ () C:\Windows\System32\Tasks\Weather It Up-enabler
2014-03-20 13:16 - 2014-03-20 13:16 - 00000000 ____D () C:\Program Files (x86)\Weather It Up
2014-03-20 13:13 - 2014-03-20 13:13 - 00000000 ____D () C:\ProgramData\Real
2014-03-20 12:22 - 2014-03-20 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 11:36 - 2014-03-20 11:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-20 07:50 - 2014-03-19 12:12 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\systweak
2014-03-20 07:28 - 2014-02-06 17:07 - 00085760 _____ () C:\Users\Wilhelms\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-20 07:27 - 2009-07-14 05:45 - 00355912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 19:53 - 2014-03-19 19:53 - 00000000 ____D () C:\Users\Wilhelms\Documents\AgroView SN Profile
2014-03-19 19:52 - 2014-03-19 19:52 - 00002651 _____ () C:\Users\Public\Desktop\AgroView 2014.lnk
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\Program Files (x86)\GAF
2014-03-19 19:50 - 2014-03-19 19:50 - 00000000 ____D () C:\AgroView SN
2014-03-19 15:33 - 2014-03-19 08:42 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha
2014-03-19 09:10 - 2014-02-06 22:39 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-19 08:53 - 2014-03-19 08:53 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-19 08:53 - 2014-03-19 08:53 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-19 08:53 - 2014-03-19 08:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-19 08:52 - 2014-03-19 08:51 - 03690256 _____ (Piriform Ltd) C:\Users\Wilhelms\Downloads\ccsetup411_slim.exe
2014-03-19 08:50 - 2014-03-19 08:39 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\DownloadGuide
2014-03-19 08:42 - 2014-03-19 08:42 - 00004532 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-19 08:42 - 2014-03-19 08:42 - 00004486 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-19 08:42 - 2014-03-19 08:42 - 00004386 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Security System 2
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\BupSystem
2014-03-19 08:42 - 2014-03-19 08:42 - 00000000 ____D () C:\Program Files (x86)\addplushd
2014-03-18 10:08 - 2014-02-06 17:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 10:07 - 2014-02-06 17:36 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 13:27 - 2014-03-17 13:27 - 00000000 ___SD () C:\Users\Wilhelms\Documents\Meine Datenquellen
2014-03-17 08:29 - 2014-03-17 08:29 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-03-17 08:29 - 2014-02-06 17:39 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\LSC
2014-03-17 08:29 - 2013-05-20 19:08 - 00000000 ____D () C:\ProgramData\Lenovo
2014-03-17 08:29 - 2013-05-20 09:35 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-03-17 08:29 - 2013-05-20 09:35 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-03-17 08:29 - 2013-05-20 09:35 - 00000000 ____D () C:\Program Files\Lenovo
2014-03-13 07:42 - 2014-02-06 17:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 07:42 - 2014-02-06 17:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 10:24 - 2014-02-11 11:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 10:24 - 2014-02-11 11:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 10:24 - 2014-02-11 11:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-07 20:16 - 2014-02-18 13:41 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Skype
2014-03-06 14:31 - 2014-02-10 19:52 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Lenovo
2014-03-06 08:18 - 2013-05-20 09:47 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-03-06 08:18 - 2013-05-20 09:35 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-03-05 10:32 - 2014-03-05 10:25 - 00000557 _____ () C:\Windows\wiso.ini
2014-03-05 10:29 - 2014-03-05 10:24 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fahrtenbuch
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Buhl Data Service
2014-03-05 10:25 - 2014-03-05 10:25 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Buhl Data Service
2014-03-05 10:24 - 2014-02-11 19:26 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-03-04 14:25 - 2014-03-04 13:28 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-03-04 14:05 - 2014-02-18 14:46 - 00000000 ____D () C:\Users\Wilhelms\Documents\Steuerfälle
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files\SECUNET
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\USB CCID
2014-03-04 13:24 - 2014-03-04 13:24 - 00000000 ____D () C:\Program Files (x86)\SECUNET
2014-03-04 13:24 - 2013-05-20 09:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-04 13:16 - 2014-03-04 13:15 - 22825680 _____ () C:\Users\Wilhelms\Downloads\GuD_StarSign_USB_Token_fuer_ELSTER_64-1.2.0.exe
2014-03-03 23:42 - 2014-02-13 15:21 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Microsoft Help
2014-03-03 23:10 - 2014-02-11 12:36 - 00000000 ____D () C:\ProgramData\AAV
2014-03-03 07:58 - 2014-03-03 07:58 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\PDF24
2014-03-03 07:56 - 2014-03-03 07:56 - 00001090 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00001070 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk
2014-03-03 07:56 - 2014-03-03 07:56 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-03-03 07:55 - 2014-03-03 07:53 - 16204160 _____ (Geek Software GmbH ) C:\Users\Wilhelms\Downloads\pdf24-creator-6.3.2.exe
2014-03-03 07:51 - 2014-03-03 07:51 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-03-02 18:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-01 07:05 - 2014-03-12 10:27 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 10:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 10:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 10:27 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 10:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 10:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 10:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 10:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 10:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 10:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 10:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 10:27 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 10:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 10:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 10:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 10:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 10:27 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 10:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 10:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 10:27 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 10:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 10:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 10:27 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 10:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 10:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 10:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 10:27 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 10:27 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 10:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 10:27 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 10:27 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 10:27 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 10:27 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 10:27 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 10:27 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 10:27 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 10:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 10:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 10:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 18:09 - 2014-02-22 20:48 - 00000031 _____ () C:\Users\Wilhelms\AppData\Roaming\Opusbext.dat
2014-02-28 11:13 - 2014-02-28 11:13 - 02866912 _____ () C:\Users\Wilhelms\Downloads\OKW3C03Z117_tcm3-142581.exe
2014-02-28 10:59 - 2014-02-25 09:35 - 00000000 ____D () C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170
2014-02-28 10:47 - 2014-02-28 10:45 - 21268992 _____ () C:\Users\Wilhelms\Downloads\MC351MC361MC561%20Twain%2032Bit%20Driver_tcm3-121597.exe
2014-02-28 10:05 - 2014-02-28 10:05 - 00000000 ____D () C:\Users\Wilhelms\Documents\Fax
2014-02-28 09:37 - 2014-02-28 09:37 - 00347816 _____ (Microsoft Corporation) C:\Users\Wilhelms\Downloads\MicrosoftFixit.Printing.Run.exe
2014-02-26 18:45 - 2014-03-19 12:12 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-02-25 09:35 - 2014-02-25 09:34 - 10356344 _____ (Oki Data Corporation) C:\Users\Wilhelms\Downloads\OKB3C042_DEU104_tcm3-135170.exe
2014-02-25 09:31 - 2014-02-25 09:31 - 00003254 _____ () C:\Windows\System32\Tasks\{F5AF33FE-0D6B-43F9-A2C4-9AC95B3C40D7}
2014-02-25 09:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Web
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-23 20:02 - 2014-02-23 20:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-02-22 20:01 - 2014-02-06 17:39 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Adobe
2014-02-22 19:58 - 2014-02-22 19:52 - 00000000 ____D () C:\ProgramData\InstallShield
2014-02-22 19:57 - 2014-02-22 19:57 - 00000000 ____D () C:\Program Files\Okidata
2014-02-22 19:55 - 2014-02-22 19:55 - 00002031 _____ () C:\Users\Public\Desktop\Template Manager 4.0.lnk
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\Documents\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\InstallShield
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\ProgramData\Template Manager
2014-02-22 19:54 - 2014-02-22 19:54 - 00000000 ____D () C:\Program Files (x86)\Okidata
2014-02-22 19:52 - 2014-02-22 19:52 - 00000407 _____ () C:\Windows\MAXLINK.INI
2014-02-22 19:52 - 2014-02-22 19:52 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-02-22 19:51 - 2014-02-22 19:51 - 00000000 ____D () C:\Program Files (x86)\ScanSoft
2014-02-22 19:36 - 2014-02-22 19:36 - 00000000 ____D () C:\ProgramData\Okidata
2014-02-20 22:45 - 2014-02-20 22:45 - 00000000 ____D () C:\Style
2014-02-19 11:21 - 2014-02-19 10:06 - 00000000 ____D () C:\Users\Wilhelms\.gimp-2.8
2014-02-19 11:13 - 2014-02-19 11:13 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\webkit
2014-02-19 11:12 - 2014-02-19 11:12 - 00000893 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2014-02-19 10:34 - 2014-02-19 10:34 - 00003304 _____ () C:\Users\Wilhelms\AppData\Local\recently-used.xbel
2014-02-19 10:34 - 2014-02-19 10:07 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\gtk-2.0
2014-02-19 10:07 - 2014-02-19 10:07 - 00000000 ____D () C:\Users\Wilhelms\.thumbnails
2014-02-19 10:06 - 2014-02-19 10:06 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\gegl-0.2
2014-02-19 10:04 - 2014-02-19 10:04 - 00000000 ____D () C:\Program Files\GIMP 2
2014-02-19 09:38 - 2014-02-19 09:32 - 90396104 _____ (The GIMP Team ) C:\Users\Wilhelms\Downloads\gimp-2.8.10-setup.exe
2014-02-19 08:41 - 2014-02-19 08:41 - 00005298 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-19 08:41 - 2014-02-19 08:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-19 08:41 - 2014-02-18 15:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-18 19:23 - 2014-02-18 19:18 - 00000000 ____D () C:\Users\Wilhelms\AppData\Roaming\Windows Live Writer
2014-02-18 19:18 - 2014-02-18 19:18 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Windows Live Writer
2014-02-18 19:18 - 2014-02-18 19:18 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\{6FF997C2-2B85-4A05-9162-404303D1463F}
2014-02-18 19:18 - 2014-02-18 19:18 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\{2B3194B4-E0FE-430F-8F1A-692B86C2406B}
2014-02-18 18:52 - 2014-02-18 18:52 - 00001726 _____ () C:\Users\Public\Desktop\Sprengnetter-Bibliothek 25.0.lnk
2014-02-18 18:51 - 2014-02-18 18:51 - 00000000 ____D () C:\WFSoftware
2014-02-18 18:45 - 2014-02-18 15:07 - 00000000 ____D () C:\Program Files (x86)\WFSoftware
2014-02-18 18:35 - 2014-02-18 18:13 - 330404011 _____ () C:\Users\Wilhelms\Downloads\bibliothek.zip
2014-02-18 18:28 - 2013-05-20 09:41 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-18 18:28 - 2013-05-20 09:41 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 16:57 - 2014-02-18 16:57 - 00000000 ____D () C:\ProgramData\Sprengnetter
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ___SD () C:\Users\Public\Desktop\Sprengnetter-Software
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ____D () C:\ProgramData\Sun
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ____D () C:\Program Files (x86)\Firebird
2014-02-18 15:08 - 2014-02-18 15:08 - 00000000 ____D () C:\Program Files (x86)\Borland
2014-02-18 14:56 - 2014-02-18 14:24 - 441516978 _____ () C:\Users\Wilhelms\Downloads\Setup_2013.zip
2014-02-18 13:41 - 2014-02-18 13:41 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-18 13:41 - 2014-02-18 13:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-18 13:41 - 2014-02-18 13:41 - 00000000 ____D () C:\Users\Wilhelms\AppData\Local\Skype
2014-02-18 13:41 - 2014-02-18 13:41 - 00000000 ____D () C:\ProgramData\Skype
2014-02-18 13:40 - 2014-02-18 13:37 - 35670176 _____ (Skype Technologies S.A.) C:\Users\Wilhelms\Downloads\SkypeSetup13Full.exe
2014-02-18 13:36 - 2014-02-18 13:36 - 00008360 _____ () C:\Windows\system32\lvcoinst.log
2014-02-18 13:36 - 2014-02-18 13:36 - 00000000 ____D () C:\Program Files\Common Files\logishrd
Some content of TEMP:
====================
C:\Users\Wilhelms\AppData\Local\Temp\FPPSetup.exe
C:\Users\Wilhelms\AppData\Local\Temp\lowproc.exe
C:\Users\Wilhelms\AppData\Local\Temp\RealPlayer2_20140108.exe
C:\Users\Wilhelms\AppData\Local\Temp\stubhelper.dll
C:\Users\Wilhelms\AppData\Local\Temp\weather-it-up_20140311.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-11 10:55
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-20 15:49:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000DM rev.CC56 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Wilhelms\AppData\Local\Temp\fftdipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
.text C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
.text C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
.text C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
.text C:\Program Files (x86)\PureSync\PureSyncTray.exe[3964] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Program Files (x86)\PureSync\PureSyncTray.exe[3964] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
.text C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe[4220] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076281465 2 bytes [28, 76]
.text C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe[4220] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000762814bb 2 bytes [28, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Process C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe (*** suspicious ***) @ C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe [1652](2014-03-19 07:42:39) 0000000000400000
Library C:\Users\Wilhelms\AppData\Roaming\BupSystem\sub\default.dll (*** suspicious ***) @ C:\Users\Wilhelms\AppData\Roaming\BupSystem\bup.exe [1652](2014-03-19 07:42:48) 0000000002f50000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu Windows7: auf Webseiten erscheinen unzählige automatische Links zu Werbeseiten |
| administrator, adobe, automatische weiterleitung zu werbeseiten, browser, ccsetup, computer, continue, desktop, explorer, fehler, flash player, google, helper, homepage, mozilla, pdf, realtek, registry, scan, security, services.exe, svchost.exe, symantec, system, usb, werbefenster, windows, winlogon.exe |
Baum-Darstellung