| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Browser leitet mich ständig um - wie kann ich das ändernWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.04.2014, 16:19
| #16 |
 |  Browser leitet mich ständig um - wie kann ich das ändern Hm, Hallo Cosinus, also ... muss heute ein bisserl durch den Wind sein :-(. Also dann jetzt Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Alexander at 2014-04-01 17:14:06
Running from C:\Users\Alexander\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
AMD Accelerated Video Transcoding (Version: 13.15.100.31001 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1001.1804.30597 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{E722C305-F584-0E98-E742-8884D07EB1CC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
BlockAndSurf (HKLM-x32\...\c4ee05be-ade6-438d-8333-4dec7508a8bd) (Version: - BlockAndSurf software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1001.1804.30597 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1001.1804.30597 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2013.1001.1804.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1001.1804.30597 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.4107 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0711 - lenovo)
Flash Player Pro V5.86 (HKLM-x32\...\Flash Player Pro_is1) (Version: 5.86 - FlashPlayerPro.com)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.2.2 - Genesys Logic)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.6.14.0 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.3.0 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{C51863E5-EB09-43A5-9D43-26A32587EEAC}) (Version: 2.4.002.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{84DAF9F1-513C-49F8-89D2-63CB3F4A7E39}) (Version: 8.5.7.1 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Easy Color Manager (HKLM-x32\...\{778EACF8-06C1-47AA-9284-91550E9BAD39}) (Version: 3.02.04 - Samsung Electronics Co., Ltd.)
Shopping Helper Smartbar (HKLM-x32\...\{AC6E9B2A-A7E6-4B17-8A6C-29D519673E12}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
==================== Restore Points =========================
28-03-2014 22:31:54 Windows Modules Installer
31-03-2014 21:00:34 Installiert Samsung Easy Color Manager
==================== Hosts content: ==========================
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05E1DFA4-6ED2-4186-A780-6B5AA8B66890} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {07EB16C2-9696-47FD-9B21-DBE44D956DD4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-19] (Lenovo)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1747F984-D989-4FCF-AAA5-595DE082C00A} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-02-19] (Lenovo)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2A9333A0-3904-4EA8-AFE6-D92285F9FA88} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-09-17] ()
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2DF49F53-D479-4992-9C94-070674009889} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-03-14] (Lenovo)
Task: {34A904F7-E31D-4F7F-9D9B-DF9EB6703CC9} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\BlockAndSurf-soft\BnSup.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {444D6DE6-A10F-4D71-A258-05192CA28D49} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4AACBB93-5DDB-4ED8-92AE-72AB0B69EFB7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2712879693-1085652998-2071342517-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4B9576B3-6725-47FE-AEA7-D64AB20634AF} - System32\Tasks\BlockAndSurf_wd => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurf_wd.exe
Task: {6766BD9C-BEC2-4FBB-91CB-92C52527655D} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8CE8B90F-F4F9-4C3C-BDF9-A316F279C187} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-02] (Microsoft Corporation)
Task: {93C4B129-6903-4277-95EA-7A6BA707343F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITSPLATZ01-Alexander Arbeitsplatz01 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-03-29] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A7F18A53-4BE0-4AFF-9706-170951FD6589} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()
Task: {B572A00D-8756-428C-83EE-A833C5F3AD21} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {C204D107-5878-427A-A845-AFC2BAEFE969} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {C7276967-9FE1-4764-9ED8-F3444EC02C63} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-02-19] (Lenovo)
Task: {CE0378D0-F40E-4BAB-99E9-9C41EDC6E4CC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2712879693-1085652998-2071342517-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D1F0C021-0BF3-4A79-B5F5-604C87576885} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\SystemAgent\AutoUpdate.exe [2013-09-17] ()
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB3DC54F-A1B4-4021-88AB-05A134698FB6} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E89514B0-8906-4813-945F-6CDE57DECF63} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-02-19] ()
Task: {EAB6C5BC-0E81-495F-B9F8-2E8F743B2DE0} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2712879693-1085652998-2071342517-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {EB5C6E42-B56D-4BB8-928F-C5B77CD98FD9} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-02-19] (Lenovo)
Task: {FA933DE3-73AF-45E5-9138-E4C482187604} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FD08ED33-404C-4AF9-9D17-77EB7EDF8439} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\WINDOWS\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\BlockAndSurf-soft\BnSup.exe
Task: C:\WINDOWS\Tasks\BlockAndSurf_wd.job => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurf_wd.exe
==================== Loaded Modules (whitelisted) =============
2014-03-29 09:03 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-29 00:58 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-01-17 19:15 - 2011-08-16 21:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-01-17 19:38 - 2013-05-14 20:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-08-22 14:31 - 2013-08-22 14:31 - 00204288 _____ () C:\WINDOWS\system32\SaMinDr8.dll
2014-01-17 19:15 - 2011-08-16 21:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-01-17 19:15 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2014-03-29 09:03 - 2014-03-29 10:57 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2014-01-17 19:14 - 2013-09-12 11:39 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-03-29 09:13 - 2014-03-29 11:11 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2014-03-29 09:03 - 2014-03-29 10:57 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Alexander\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/01/2014 08:59:28 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/30/2014 10:07:36 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/30/2014 09:55:58 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/29/2014 09:56:33 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/29/2014 09:34:46 AM) (Source: Application Hang) (User: )
Description: Programm LiveComm.exe, Version 17.4.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17a0
Startzeit: 01cf4b20a581d85d
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 99253da2-b714-11e3-8257-c03fd538b4d3
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (03/29/2014 09:15:57 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/29/2014 09:15:51 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/29/2014 09:15:04 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/29/2014 09:05:47 AM) (Source: Application Hang) (User: )
Description: Programm LiveComm.exe, Version 17.4.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1aa0
Startzeit: 01cf4b1c9984689a
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 8d15e0d3-b710-11e3-8257-c03fd538b4d3
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (03/29/2014 08:53:29 AM) (Source: Application Hang) (User: )
Description: Programm LiveComm.exe, Version 17.4.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 684
Startzeit: 01cf4b1ae0158a0a
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: d4a1f0ec-b70e-11e3-8257-c03fd538b4d3
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
System errors:
=============
Error: (04/01/2014 02:04:20 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ADMIN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{35A189F7-5541-4AA3-AD13-9B24B5D97546}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (04/01/2014 02:03:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/01/2014 01:53:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MgAssist Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/01/2014 01:53:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1243
Error: (04/01/2014 01:52:57 PM) (Source: GeneStor) (User: )
Description: GeneStor driver startedGeneStor driver started (2)
Error: (04/01/2014 01:40:21 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ADMIN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{35A189F7-5541-4AA3-AD13-9B24B5D97546}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (04/01/2014 00:40:18 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ADMIN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{35A189F7-5541-4AA3-AD13-9B24B5D97546}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (04/01/2014 11:16:55 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ADMIN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{35A189F7-5541-4AA3-AD13-9B24B5D97546}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (04/01/2014 08:48:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/31/2014 09:46:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (04/01/2014 08:59:28 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (03/30/2014 10:07:36 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (03/30/2014 09:55:58 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (03/29/2014 09:56:33 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (03/29/2014 09:34:46 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.4.9600.1638417a001cf4b20a581d85d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe99253da2-b714-11e3-8257-c03fd538b4d3microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (03/29/2014 09:15:57 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (03/29/2014 09:15:51 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (03/29/2014 09:15:04 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Program Files (x86)\Real\RealPlayer\realplay.exe
Error: (03/29/2014 09:05:47 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.4.9600.163841aa001cf4b1c9984689a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe8d15e0d3-b710-11e3-8257-c03fd538b4d3microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (03/29/2014 08:53:29 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.4.9600.1638468401cf4b1ae0158a0a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exed4a1f0ec-b70e-11e3-8257-c03fd538b4d3microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
==================== Memory info ===========================
Percentage of memory in use: 17%
Total physical RAM: 12236.27 MB
Available physical RAM: 10112.45 MB
Total Pagefile: 14668.27 MB
Available Pagefile: 12496.4 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:920.8 GB) (Free:883.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (TectRoyal 2014) (Fixed) (Total:915.95 GB) (Free:893.16 GB) NTFS
Drive f: (TR FILESAFE) (Removable) (Total:119.21 GB) (Free:119.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 5CF5C1CF)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 119 GB) (Disk ID: 4BD5CF4E)
Partition 1: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Alexander (administrator) on ARBEITSPLATZ01 on 01-04-2014 17:13:44
Running from C:\Users\Alexander\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\WINDOWS\SysWOW64\NLSSRV32.EXE
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\WINDOWS\system32\wwahost.exe
(Microsoft Corporation) C:\WINDOWS\sysWow64\SearchProtocolHost.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] - C:\WINDOWS\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] - C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [LVT] - C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-03-29] (RealNetworks, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5613BAD6-6C53-43C6-88B2-BE3DA76414A8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {5613BAD6-6C53-43C6-88B2-BE3DA76414A8} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 217.237.150.188 217.237.151.142
FireFox:
========
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\l8jk90oa.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Redirect Cleaner - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\l8jk90oa.default\Extensions\redirectcleaner@example.net.xpi [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-17]
==================== Services (Whitelisted) =================
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] ()
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [585032 2013-09-17] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
S2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [X]
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [103656 2013-10-21] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-01-18] (Microsoft Corporation)
R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-29] (StdLib)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-01 14:21 - 2014-04-01 14:21 - 00000000 ____D () C:\Users\Alexander\Downloads\Alt
2014-03-31 23:27 - 2014-03-31 23:27 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-03-31 23:00 - 2014-03-31 23:00 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\InstallShield
2014-03-31 23:00 - 2014-03-31 23:00 - 00000000 ____D () C:\Program Files (x86)\Samsung Easy Color Manager
2014-03-31 22:57 - 2014-03-31 22:59 - 49677664 _____ (Macrovision Corporation) C:\Users\Alexander\Downloads\EasyColorManager_V3.02.04.exe
2014-03-31 21:35 - 2014-03-31 21:35 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-03-31 19:47 - 2014-03-31 19:47 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-31 19:37 - 2014-03-31 19:39 - 00000000 ____D () C:\AdwCleaner
2014-03-31 18:56 - 2014-03-31 18:56 - 01038974 _____ (Thisisu) C:\Users\Alexander\Downloads\JRT.exe
2014-03-31 18:55 - 2014-03-31 18:55 - 01950720 _____ () C:\Users\Alexander\Downloads\adwcleaner.exe
2014-03-31 18:23 - 2014-03-31 18:23 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-31 18:22 - 2014-03-31 18:22 - 01110476 _____ () C:\Users\Alexander\Downloads\7z920.exe
2014-03-31 18:09 - 2014-04-01 17:13 - 00018173 _____ () C:\Users\Alexander\Downloads\FRST.txt
2014-03-31 18:09 - 2014-04-01 17:13 - 00000000 ____D () C:\FRST
2014-03-31 18:06 - 2014-03-31 18:06 - 02157056 _____ (Farbar) C:\Users\Alexander\Downloads\FRST64.exe
2014-03-31 12:26 - 2014-03-31 12:33 - 00000000 ____D () C:\Users\Alexander\Documents\ELOFA Änderung SDB
2014-03-30 23:22 - 2014-04-01 13:53 - 00003360 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-30 23:22 - 2014-04-01 13:53 - 00003308 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-30 19:14 - 2014-03-30 19:14 - 00000000 ____D () C:\Users\Alexander\Documents\OneNote-Notizbücher
2014-03-30 14:24 - 2013-12-09 02:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-03-30 14:24 - 2013-12-09 01:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-03-30 14:23 - 2014-01-07 09:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-03-30 14:23 - 2014-01-07 07:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-03-30 14:23 - 2013-11-23 06:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-03-30 14:23 - 2013-11-23 06:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-03-30 14:23 - 2013-11-09 08:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-03-30 14:23 - 2013-11-09 08:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-03-30 14:23 - 2013-11-09 07:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-03-30 11:50 - 2014-03-30 11:52 - 00000000 ____D () C:\Users\Alexander\Documents\Office2013 Schulungsdateien
2014-03-30 09:55 - 2014-03-30 09:59 - 00003382 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-30 09:55 - 2014-03-30 09:59 - 00003330 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-30 09:55 - 2014-03-30 09:55 - 00003402 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-29 21:15 - 2014-03-29 21:15 - 00099919 _____ () C:\Users\Alexander\Downloads\videocacheview265_Download.zip
2014-03-29 21:06 - 2014-03-29 21:06 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Macromedia
2014-03-29 21:04 - 2014-03-29 21:04 - 00002197 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-29 21:04 - 2014-03-29 21:04 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-29 21:04 - 2014-03-29 21:04 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-03-29 19:05 - 2014-03-29 19:07 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Mozilla
2014-03-29 19:05 - 2014-03-29 19:05 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-29 19:05 - 2014-03-29 19:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 18:49 - 2014-03-29 18:49 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-03-29 18:49 - 2014-03-29 18:49 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\LSC
2014-03-29 18:47 - 2014-04-01 13:10 - 00000000 ____D () C:\ProgramData\hps
2014-03-29 18:47 - 2014-03-29 18:47 - 00000000 ____D () C:\ProgramData\tmp
2014-03-29 17:01 - 2014-03-29 17:01 - 00011264 ___SH () C:\Users\Alexander\Desktop\Thumbs.db
2014-03-29 16:45 - 2014-03-31 18:47 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Microsoft Help
2014-03-29 16:06 - 2014-03-29 16:06 - 00086904 _____ () C:\Users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-29 16:06 - 2014-03-29 16:06 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\PDF Architect
2014-03-29 16:01 - 2014-03-29 16:04 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-03-29 16:01 - 2014-03-29 16:01 - 00001058 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-03-29 16:01 - 2014-03-29 16:01 - 00001020 _____ () C:\Users\Alexander\Desktop\PDF Architect.lnk
2014-03-29 16:01 - 2014-03-29 16:01 - 00000000 ____D () C:\Users\Alexander\Documents\PDF Architect Files
2014-03-29 16:01 - 2014-03-29 16:01 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-03-29 16:01 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2014-03-29 16:01 - 2013-01-09 15:52 - 01070152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2014-03-29 16:01 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCT2.OCX
2014-03-29 16:01 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMAPI32.OCX
2014-03-29 16:01 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPIDE.DLL
2014-03-29 16:01 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB6DE.DLL
2014-03-29 16:01 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCMCDE.DLL
2014-03-29 16:01 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCC2DE.DLL
2014-03-29 15:54 - 2014-03-29 15:57 - 69734576 _____ (pdfforge ) C:\Users\Alexander\Downloads\PDFCreator-1_7_2_setup_offline.exe
2014-03-29 15:39 - 2014-03-29 15:39 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Nitro
2014-03-29 15:39 - 2014-03-29 15:39 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\FileOpen
2014-03-29 15:39 - 2014-03-29 15:39 - 00000000 ____D () C:\ProgramData\FileOpen
2014-03-29 15:26 - 2014-03-31 21:34 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Nitro PDF
2014-03-29 15:21 - 2014-03-29 15:21 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\ATI
2014-03-29 15:21 - 2014-03-29 15:21 - 00000000 ____D () C:\Users\Alexander\AppData\Local\ATI
2014-03-29 15:21 - 2014-03-29 15:21 - 00000000 ____D () C:\ProgramData\ATI
2014-03-29 15:18 - 2014-03-29 15:18 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\WebApp
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Users\Alexander\Documents\CyberLink
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\CyberLink
2014-03-29 11:58 - 2014-04-01 17:13 - 00000000 ____D () C:\Users\Alexander\Documents\Outlook-Dateien
2014-03-29 11:37 - 2014-04-01 16:32 - 00005176 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITSPLATZ01-Alexander Arbeitsplatz01
2014-03-29 11:37 - 2014-03-29 11:37 - 00003116 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-29 11:15 - 2013-09-23 14:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2014-03-29 10:53 - 2014-03-29 10:53 - 00003570 _____ () C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2014-03-29 10:30 - 2014-03-29 10:30 - 00061112 _____ (StdLib) C:\WINDOWS\system32\Drivers\wStLibG64.sys
2014-03-29 09:41 - 2014-03-29 09:44 - 00001130 _____ () C:\Users\Alexander\Desktop\Flash Player Pro.lnk
2014-03-29 09:41 - 2014-03-29 09:44 - 00000000 ____D () C:\Program Files (x86)\Flash Player Pro
2014-03-29 09:41 - 2014-03-29 09:41 - 00000000 ____D () C:\Users\Alexander\Documents\Flash Player Pro
2014-03-29 09:38 - 2014-03-29 09:38 - 00229664 _____ (Premium Installer ) C:\Users\Alexander\Downloads\Media_Player_Setup.exe
2014-03-29 09:36 - 2014-03-29 09:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-29 09:36 - 2014-03-02 15:05 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-29 09:32 - 2014-03-29 09:32 - 00000000 ___RD () C:\WINDOWS\BrowserChoice
2014-03-29 09:32 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-29 09:32 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-29 09:32 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-29 09:32 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-29 09:32 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-29 09:32 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-29 09:32 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-29 09:32 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-29 09:32 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-29 09:32 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-29 09:32 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-29 09:32 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-29 09:32 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-29 09:32 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-29 09:32 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-29 09:32 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-29 09:32 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-29 09:32 - 2014-02-06 13:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-03-29 09:32 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-03-29 09:32 - 2014-02-06 13:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-03-29 09:32 - 2014-02-06 13:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-03-29 09:32 - 2014-02-06 12:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-03-29 09:32 - 2014-02-06 12:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-03-29 09:32 - 2014-02-06 12:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-03-29 09:32 - 2014-02-06 12:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-03-29 09:32 - 2014-02-06 12:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-03-29 09:32 - 2014-02-06 12:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-03-29 09:32 - 2014-02-06 12:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-03-29 09:32 - 2014-02-06 12:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-03-29 09:32 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-03-29 09:32 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-03-29 09:32 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-03-29 09:32 - 2014-02-06 11:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-03-29 09:32 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-03-29 09:32 - 2014-02-06 11:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-03-29 09:32 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-03-29 09:32 - 2014-02-06 11:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-03-29 09:31 - 2014-04-01 09:31 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2014-03-29 09:31 - 2014-03-29 10:48 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2014-03-29 09:31 - 2014-03-29 09:55 - 00000380 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2014-03-29 09:31 - 2014-03-29 09:31 - 00002818 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
2014-03-29 09:31 - 2014-03-29 09:31 - 00002816 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
2014-03-29 09:31 - 2014-03-29 09:31 - 00002816 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
2014-03-29 09:29 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-29 09:29 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-29 09:29 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-29 09:29 - 2014-01-31 18:15 - 00311640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-29 09:29 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-29 09:29 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-29 09:29 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-29 09:29 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-29 09:29 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-29 09:29 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-29 09:29 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-29 09:29 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-29 09:29 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-29 09:29 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-29 09:29 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-29 09:29 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-29 09:29 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-29 09:29 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-29 09:29 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-29 09:29 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-29 09:29 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-29 09:29 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-29 09:29 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-29 09:29 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-29 09:29 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-29 09:29 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-29 09:29 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-29 09:29 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-29 09:29 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-29 09:29 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-29 09:29 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-29 09:29 - 2014-01-27 13:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-29 09:29 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-29 09:29 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-29 09:29 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-29 09:29 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-29 09:28 - 2014-01-08 03:46 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-03-29 09:28 - 2014-01-08 03:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-03-29 09:28 - 2014-01-08 03:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-03-29 09:28 - 2014-01-04 17:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-03-29 09:28 - 2014-01-04 17:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-03-29 09:28 - 2014-01-04 16:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-03-29 09:28 - 2014-01-04 15:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-03-29 09:28 - 2014-01-03 01:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-03-29 09:28 - 2014-01-03 01:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-03-29 09:28 - 2014-01-01 03:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-03-29 09:28 - 2014-01-01 03:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-03-29 09:28 - 2014-01-01 02:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-03-29 09:28 - 2014-01-01 02:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-03-29 09:28 - 2014-01-01 01:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-03-29 09:28 - 2014-01-01 01:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-03-29 09:28 - 2014-01-01 01:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-03-29 09:28 - 2013-12-31 01:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-03-29 09:28 - 2013-12-31 01:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-03-29 09:28 - 2013-12-31 01:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-03-29 09:28 - 2013-12-31 01:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-03-29 09:28 - 2013-12-31 01:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-03-29 09:28 - 2013-12-27 17:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-03-29 09:28 - 2013-12-27 11:21 - 13192704 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-03-29 09:28 - 2013-12-27 10:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-03-29 09:28 - 2013-12-27 10:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-03-29 09:28 - 2013-12-27 10:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-03-29 09:28 - 2013-12-27 09:27 - 11688448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-03-29 09:28 - 2013-12-27 09:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-03-29 09:28 - 2013-12-27 09:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-03-29 09:28 - 2013-12-27 08:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-03-29 09:28 - 2013-12-21 09:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-03-29 09:28 - 2013-12-17 09:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-03-29 09:28 - 2013-12-14 08:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-03-29 09:28 - 2013-12-14 08:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-03-29 09:28 - 2013-12-13 12:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-03-29 09:28 - 2013-12-13 08:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-03-29 09:28 - 2013-12-13 07:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-03-29 09:28 - 2013-12-09 10:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-29 09:28 - 2013-12-09 06:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-29 09:28 - 2013-12-09 01:43 - 01104896 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-03-29 09:28 - 2013-12-09 01:25 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-03-29 09:27 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-29 09:27 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-29 09:26 - 2013-11-27 17:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-03-29 09:26 - 2013-11-27 13:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-03-29 09:26 - 2013-11-27 10:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-29 09:26 - 2013-11-27 10:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-29 09:26 - 2013-11-27 10:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-03-29 09:26 - 2013-11-27 10:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-03-29 09:26 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-29 09:26 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-29 09:26 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-29 09:23 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-29 09:23 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-29 09:22 - 2013-12-09 02:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-03-29 09:22 - 2013-12-09 02:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-03-29 09:22 - 2013-11-27 17:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-03-29 09:22 - 2013-11-27 17:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-03-29 09:22 - 2013-11-27 16:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-03-29 09:22 - 2013-11-27 15:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-03-29 09:22 - 2013-11-27 14:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-03-29 09:22 - 2013-11-27 12:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-03-29 09:22 - 2013-11-27 11:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-03-29 09:22 - 2013-11-27 11:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-03-29 09:22 - 2013-11-27 11:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-03-29 09:22 - 2013-11-27 11:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-03-29 09:22 - 2013-11-27 10:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-03-29 09:22 - 2013-11-27 10:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-03-29 09:22 - 2013-11-27 10:20 - 04106240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-03-29 09:22 - 2013-11-26 15:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-03-29 09:22 - 2013-11-26 15:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-03-29 09:22 - 2013-11-26 13:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-03-29 09:22 - 2013-11-25 03:45 - 00142680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-03-29 09:22 - 2013-11-25 03:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-03-29 09:22 - 2013-11-25 01:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-03-29 09:22 - 2013-11-25 01:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-03-29 09:22 - 2013-11-23 14:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-03-29 09:22 - 2013-11-23 09:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-03-29 09:22 - 2013-11-23 09:13 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-03-29 09:22 - 2013-11-23 09:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-03-29 09:22 - 2013-11-23 06:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-03-29 09:22 - 2013-11-23 05:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-03-29 09:22 - 2013-11-23 05:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-03-29 09:22 - 2013-11-21 08:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-03-29 09:22 - 2013-11-21 08:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-03-29 09:22 - 2013-11-15 16:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-03-29 09:22 - 2013-11-15 16:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-03-29 09:22 - 2013-11-15 16:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-03-29 09:22 - 2013-11-15 15:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-03-29 09:22 - 2013-10-31 02:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-03-29 09:22 - 2013-10-31 01:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-03-29 09:20 - 2013-12-11 09:55 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-03-29 09:17 - 2013-11-11 04:48 - 00039768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-03-29 09:17 - 2013-11-09 08:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-03-29 09:17 - 2013-11-09 07:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-03-29 09:17 - 2013-11-08 12:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-03-29 09:17 - 2013-11-08 06:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-03-29 09:17 - 2013-11-08 06:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-03-29 09:17 - 2013-11-08 06:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-03-29 09:17 - 2013-11-08 05:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-03-29 09:17 - 2013-11-08 05:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-03-29 09:17 - 2013-11-05 16:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-03-29 09:17 - 2013-11-05 15:17 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-03-29 09:17 - 2013-11-04 15:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-03-29 09:17 - 2013-11-04 13:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-03-29 09:17 - 2013-11-04 12:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-03-29 09:17 - 2013-11-04 04:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-03-29 09:17 - 2013-11-04 03:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-03-29 09:17 - 2013-11-01 13:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-03-29 09:17 - 2013-11-01 08:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-03-29 09:17 - 2013-11-01 07:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-03-29 09:17 - 2013-10-31 02:58 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-03-29 09:17 - 2013-10-31 02:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-03-29 09:17 - 2013-10-31 02:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-03-29 09:17 - 2013-10-31 02:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-03-29 09:17 - 2013-10-26 03:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-03-29 09:17 - 2013-10-24 11:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-03-29 09:17 - 2013-10-24 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-03-29 09:17 - 2013-10-17 13:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-03-29 09:17 - 2013-10-17 12:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-03-29 09:17 - 2013-10-05 16:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-03-29 09:17 - 2013-10-05 16:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-03-29 09:17 - 2013-10-05 14:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-03-29 09:17 - 2013-10-05 14:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-03-29 09:16 - 2014-03-29 09:16 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\RealNetworks
2014-03-29 09:15 - 2014-03-29 09:16 - 00000324 _____ () C:\Users\Alexander\AppData\Roaming\aps.uninstall.scan.results
2014-03-29 09:15 - 2014-03-29 09:15 - 00272896 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00201872 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00006656 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5016.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00005632 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5032.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00001295 _____ () C:\Users\Public\Desktop\RealPlayer.lnk
2014-03-29 09:15 - 2014-03-29 09:15 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-29 09:15 - 2014-03-29 09:15 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-29 09:14 - 2014-03-29 15:34 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Real
2014-03-29 09:14 - 2014-03-29 09:15 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-29 09:13 - 2014-04-01 13:53 - 00000446 _____ () C:\WINDOWS\Tasks\BlockAndSurf_wd.job
2014-03-29 09:13 - 2014-04-01 13:53 - 00000442 _____ () C:\WINDOWS\Tasks\BlockAndSurf Update.job
2014-03-29 09:13 - 2014-04-01 13:53 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-29 09:13 - 2014-03-29 09:13 - 00003090 _____ () C:\WINDOWS\System32\Tasks\BlockAndSurf Update
2014-03-29 09:13 - 2014-03-29 09:13 - 00003034 _____ () C:\WINDOWS\System32\Tasks\BlockAndSurf_wd
2014-03-29 09:09 - 2014-03-29 09:21 - 00000000 ____D () C:\ProgramData\Real
2014-03-29 09:09 - 2014-03-28 17:38 - 01172776 _____ (AnyProtect.com) C:\Users\Alexander\AppData\Local\AnyProtectScannerSetup.exe
2014-03-29 09:07 - 2014-01-07 07:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-03-29 09:07 - 2014-01-07 06:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-03-29 09:07 - 2013-12-09 02:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-03-29 09:07 - 2013-12-09 01:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-03-29 09:07 - 2013-11-21 08:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-03-29 09:07 - 2013-11-21 07:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-03-29 09:07 - 2013-10-19 10:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-03-29 09:07 - 2013-10-19 09:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-03-29 09:04 - 2013-12-09 04:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-03-29 09:04 - 2013-12-09 03:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-03-29 09:04 - 2013-10-15 10:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-03-29 09:04 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-03-29 09:03 - 2014-03-29 19:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 09:03 - 2014-03-29 09:03 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Mozilla
2014-03-29 09:03 - 2014-03-29 09:03 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-29 08:57 - 2014-03-29 09:00 - 00000000 ____D () C:\Users\Alexander\AppData\Local\cache
2014-03-29 08:57 - 2014-03-29 08:57 - 00000000 ____D () C:\Users\Alexander\.android
2014-03-29 08:57 - 2014-03-29 08:57 - 00000000 _____ () C:\Users\Alexander\daemonprocess.txt
2014-03-29 08:53 - 2014-03-29 08:54 - 00000000 ____D () C:\Users\Alexander\AppData\Local\LPT
2014-03-29 08:50 - 2014-03-31 16:10 - 00002183 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startmenü.lnk
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Programme
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-03-29 01:33 - 2014-03-29 01:33 - 00000000 ____D () C:\Users\Alexander\Documents\Benutzerdefinierte Office-Vorlagen
2014-03-29 01:18 - 2014-03-29 01:18 - 00000000 __RHD () C:\MSOCache
2014-03-29 01:05 - 2014-03-29 21:05 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Adobe
2014-03-29 01:05 - 2014-03-29 18:49 - 00000000 ____D () C:\Users\Alexander\AppData\Local\LSC
2014-03-29 01:02 - 2014-03-29 01:02 - 00002147 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-29 01:02 - 2014-03-29 01:02 - 00002147 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-29 01:02 - 2014-03-29 01:02 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-03-29 01:02 - 2014-03-29 01:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-03-29 00:58 - 2014-03-29 10:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-29 00:58 - 2014-03-29 10:56 - 00962240 _____ (Microsoft Corporation) C:\Users\Alexander\Downloads\Setup.X86.de-DE_HomeBusinessRetail_5cf0bcd6-92ef-4fef-b9b2-43d327b58416_TX_DB_.exe
2014-03-29 00:45 - 2014-04-01 17:05 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{514E0437-3AB4-468C-B646-7FAA7ADECD18}
2014-03-29 00:45 - 2014-04-01 15:40 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-29 00:42 - 2014-04-01 08:38 - 00000000 __RDO () C:\Users\Alexander\SkyDrive
2014-03-29 00:41 - 2014-03-29 08:50 - 00002337 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-03-29 00:41 - 2014-03-29 00:41 - 00000000 ____D () C:\Users\Public\Pokki
2014-03-29 00:41 - 2014-03-29 00:41 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Intel Corporation
2014-03-29 00:40 - 2014-04-01 13:53 - 00000369 _____ () C:\Users\Alexander\AppData\Local\RegisteredPackageInformation.xml
2014-03-29 00:40 - 2014-03-31 19:39 - 00001026 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-29 00:40 - 2014-03-30 19:14 - 00000000 ___RD () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-29 00:40 - 2014-03-30 11:52 - 00000000 ____D () C:\Users\Alexander\AppData\Local\VirtualStore
2014-03-29 00:40 - 2014-03-29 10:53 - 00000000 ___RD () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-29 00:40 - 2014-03-29 01:04 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Adobe
2014-03-29 00:40 - 2014-03-29 00:42 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Lenovo
2014-03-29 00:40 - 2014-03-29 00:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-03-29 00:40 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Lenovo
2014-03-29 00:40 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Power2Go
2014-03-29 00:39 - 2014-03-31 10:29 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Packages
2014-03-29 00:39 - 2014-03-29 08:57 - 00000000 ____D () C:\Users\Alexander
2014-03-29 00:39 - 2014-03-29 00:39 - 00000020 ___SH () C:\Users\Alexander\ntuser.ini
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Vorlagen
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Startmenü
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Netzwerkumgebung
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Lokale Einstellungen
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Eigene Dateien
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Druckumgebung
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Documents\Eigene Musik
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Documents\Eigene Bilder
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\AppData\Local\Verlauf
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\AppData\Local\Anwendungsdaten
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Anwendungsdaten
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 ____D () C:\ProgramData\eBay
2014-03-29 00:39 - 2014-01-17 19:40 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Macromedia
2014-03-29 00:39 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-29 00:39 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-29 00:39 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-03-29 00:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-29 00:30 - 2014-04-01 15:52 - 01714340 _____ () C:\WINDOWS\WindowsUpdate.log
==================== One Month Modified Files and Folders =======
2014-04-01 17:13 - 2014-03-31 18:09 - 00018173 _____ () C:\Users\Alexander\Downloads\FRST.txt
2014-04-01 17:13 - 2014-03-31 18:09 - 00000000 ____D () C:\FRST
2014-04-01 17:13 - 2014-03-29 11:58 - 00000000 ____D () C:\Users\Alexander\Documents\Outlook-Dateien
2014-04-01 17:05 - 2014-03-29 00:45 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{514E0437-3AB4-468C-B646-7FAA7ADECD18}
2014-04-01 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-01 16:32 - 2014-03-29 11:37 - 00005176 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITSPLATZ01-Alexander Arbeitsplatz01
2014-04-01 15:52 - 2014-03-29 00:30 - 01714340 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-01 15:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-04-01 15:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-04-01 15:41 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-01 15:40 - 2014-03-29 00:45 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2712879693-1085652998-2071342517-1001
2014-04-01 14:21 - 2014-04-01 14:21 - 00000000 ____D () C:\Users\Alexander\Downloads\Alt
2014-04-01 13:57 - 2014-01-18 04:01 - 00765378 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-01 13:57 - 2014-01-18 04:01 - 00159696 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-01 13:57 - 2014-01-17 19:35 - 00001871 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk
2014-04-01 13:57 - 2013-08-31 17:40 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-01 13:53 - 2014-03-30 23:22 - 00003360 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-04-01 13:53 - 2014-03-30 23:22 - 00003308 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-04-01 13:53 - 2014-03-29 09:13 - 00000446 _____ () C:\WINDOWS\Tasks\BlockAndSurf_wd.job
2014-04-01 13:53 - 2014-03-29 09:13 - 00000442 _____ () C:\WINDOWS\Tasks\BlockAndSurf Update.job
2014-04-01 13:53 - 2014-03-29 09:13 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-01 13:53 - 2014-03-29 00:40 - 00000369 _____ () C:\Users\Alexander\AppData\Local\RegisteredPackageInformation.xml
2014-04-01 13:53 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-01 13:52 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-01 13:47 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-04-01 13:10 - 2014-03-29 18:47 - 00000000 ____D () C:\ProgramData\hps
2014-04-01 09:31 - 2014-03-29 09:31 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2014-04-01 08:38 - 2014-03-29 00:42 - 00000000 __RDO () C:\Users\Alexander\SkyDrive
2014-03-31 23:27 - 2014-03-31 23:27 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-03-31 23:27 - 2013-08-22 16:46 - 00020404 _____ () C:\WINDOWS\setupact.log
2014-03-31 23:00 - 2014-03-31 23:00 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\InstallShield
2014-03-31 23:00 - 2014-03-31 23:00 - 00000000 ____D () C:\Program Files (x86)\Samsung Easy Color Manager
2014-03-31 23:00 - 2014-01-17 19:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-31 22:59 - 2014-03-31 22:57 - 49677664 _____ (Macrovision Corporation) C:\Users\Alexander\Downloads\EasyColorManager_V3.02.04.exe
2014-03-31 21:35 - 2014-03-31 21:35 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-03-31 21:34 - 2014-03-29 15:26 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Nitro PDF
2014-03-31 21:34 - 2014-01-17 19:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-03-31 21:34 - 2014-01-17 19:16 - 00000000 ____D () C:\ProgramData\Lenovo
2014-03-31 19:47 - 2014-03-31 19:47 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-31 19:41 - 2014-01-17 19:34 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-31 19:40 - 2013-08-31 17:36 - 00009586 _____ () C:\WINDOWS\PFRO.log
2014-03-31 19:39 - 2014-03-31 19:37 - 00000000 ____D () C:\AdwCleaner
2014-03-31 19:39 - 2014-03-29 00:40 - 00001026 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-31 18:56 - 2014-03-31 18:56 - 01038974 _____ (Thisisu) C:\Users\Alexander\Downloads\JRT.exe
2014-03-31 18:55 - 2014-03-31 18:55 - 01950720 _____ () C:\Users\Alexander\Downloads\adwcleaner.exe
2014-03-31 18:47 - 2014-03-29 16:45 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Microsoft Help
2014-03-31 18:23 - 2014-03-31 18:23 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-31 18:22 - 2014-03-31 18:22 - 01110476 _____ () C:\Users\Alexander\Downloads\7z920.exe
2014-03-31 18:06 - 2014-03-31 18:06 - 02157056 _____ (Farbar) C:\Users\Alexander\Downloads\FRST64.exe
2014-03-31 16:10 - 2014-03-29 08:50 - 00002183 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startmenü.lnk
2014-03-31 12:33 - 2014-03-31 12:26 - 00000000 ____D () C:\Users\Alexander\Documents\ELOFA Änderung SDB
2014-03-31 10:29 - 2014-03-29 00:39 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Packages
2014-03-31 09:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-31 07:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-30 19:14 - 2014-03-30 19:14 - 00000000 ____D () C:\Users\Alexander\Documents\OneNote-Notizbücher
2014-03-30 19:14 - 2014-03-29 00:40 - 00000000 ___RD () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 11:52 - 2014-03-30 11:50 - 00000000 ____D () C:\Users\Alexander\Documents\Office2013 Schulungsdateien
2014-03-30 11:52 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Alexander\AppData\Local\VirtualStore
2014-03-30 09:59 - 2014-03-30 09:55 - 00003382 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-30 09:59 - 2014-03-30 09:55 - 00003330 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-30 09:55 - 2014-03-30 09:55 - 00003402 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-29 21:15 - 2014-03-29 21:15 - 00099919 _____ () C:\Users\Alexander\Downloads\videocacheview265_Download.zip
2014-03-29 21:06 - 2014-03-29 21:06 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Macromedia
2014-03-29 21:05 - 2014-03-29 01:05 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Adobe
2014-03-29 21:04 - 2014-03-29 21:04 - 00002197 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-29 21:04 - 2014-03-29 21:04 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-29 21:04 - 2014-03-29 21:04 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-03-29 19:07 - 2014-03-29 19:05 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Mozilla
2014-03-29 19:05 - 2014-03-29 19:05 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-29 19:05 - 2014-03-29 19:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 19:05 - 2014-03-29 09:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 18:56 - 2014-01-17 19:16 - 00000000 ____D () C:\Program Files\lenovo
2014-03-29 18:49 - 2014-03-29 18:49 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-03-29 18:49 - 2014-03-29 18:49 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\LSC
2014-03-29 18:49 - 2014-03-29 01:05 - 00000000 ____D () C:\Users\Alexander\AppData\Local\LSC
2014-03-29 18:48 - 2014-01-17 19:40 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-03-29 18:47 - 2014-03-29 18:47 - 00000000 ____D () C:\ProgramData\tmp
2014-03-29 17:01 - 2014-03-29 17:01 - 00011264 ___SH () C:\Users\Alexander\Desktop\Thumbs.db
2014-03-29 16:06 - 2014-03-29 16:06 - 00086904 _____ () C:\Users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-29 16:06 - 2014-03-29 16:06 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\PDF Architect
2014-03-29 16:04 - 2014-03-29 16:01 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-03-29 16:01 - 2014-03-29 16:01 - 00001058 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-03-29 16:01 - 2014-03-29 16:01 - 00001020 _____ () C:\Users\Alexander\Desktop\PDF Architect.lnk
2014-03-29 16:01 - 2014-03-29 16:01 - 00000000 ____D () C:\Users\Alexander\Documents\PDF Architect Files
2014-03-29 16:01 - 2014-03-29 16:01 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-03-29 15:57 - 2014-03-29 15:54 - 69734576 _____ (pdfforge ) C:\Users\Alexander\Downloads\PDFCreator-1_7_2_setup_offline.exe
2014-03-29 15:39 - 2014-03-29 15:39 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Nitro
2014-03-29 15:39 - 2014-03-29 15:39 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\FileOpen
2014-03-29 15:39 - 2014-03-29 15:39 - 00000000 ____D () C:\ProgramData\FileOpen
2014-03-29 15:34 - 2014-03-29 09:14 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Real
2014-03-29 15:21 - 2014-03-29 15:21 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\ATI
2014-03-29 15:21 - 2014-03-29 15:21 - 00000000 ____D () C:\Users\Alexander\AppData\Local\ATI
2014-03-29 15:21 - 2014-03-29 15:21 - 00000000 ____D () C:\ProgramData\ATI
2014-03-29 15:18 - 2014-03-29 15:18 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\WebApp
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Users\Alexander\Documents\CyberLink
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\CyberLink
2014-03-29 15:17 - 2014-01-17 19:37 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-29 11:37 - 2014-03-29 11:37 - 00003116 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-29 11:09 - 2014-01-17 19:34 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-03-29 11:08 - 2014-01-17 19:34 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-29 11:08 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-03-29 10:57 - 2014-03-29 00:58 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-29 10:56 - 2014-03-29 00:58 - 00962240 _____ (Microsoft Corporation) C:\Users\Alexander\Downloads\Setup.X86.de-DE_HomeBusinessRetail_5cf0bcd6-92ef-4fef-b9b2-43d327b58416_TX_DB_.exe
2014-03-29 10:53 - 2014-03-29 10:53 - 00003570 _____ () C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2014-03-29 10:53 - 2014-03-29 00:40 - 00000000 ___RD () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-29 10:48 - 2014-03-29 09:31 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2014-03-29 10:48 - 2013-08-22 16:44 - 00379704 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-29 10:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-29 10:45 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-29 10:45 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-29 10:45 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-03-29 10:45 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-03-29 10:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-29 10:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-29 10:45 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-03-29 10:45 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-03-29 10:30 - 2014-03-29 10:30 - 00061112 _____ (StdLib) C:\WINDOWS\system32\Drivers\wStLibG64.sys
2014-03-29 09:55 - 2014-03-29 09:31 - 00000380 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2014-03-29 09:44 - 2014-03-29 09:41 - 00001130 _____ () C:\Users\Alexander\Desktop\Flash Player Pro.lnk
2014-03-29 09:44 - 2014-03-29 09:41 - 00000000 ____D () C:\Program Files (x86)\Flash Player Pro
2014-03-29 09:41 - 2014-03-29 09:41 - 00000000 ____D () C:\Users\Alexander\Documents\Flash Player Pro
2014-03-29 09:38 - 2014-03-29 09:38 - 00229664 _____ (Premium Installer ) C:\Users\Alexander\Downloads\Media_Player_Setup.exe
2014-03-29 09:37 - 2014-03-29 09:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-29 09:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-29 09:32 - 2014-03-29 09:32 - 00000000 ___RD () C:\WINDOWS\BrowserChoice
2014-03-29 09:31 - 2014-03-29 09:31 - 00002818 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
2014-03-29 09:31 - 2014-03-29 09:31 - 00002816 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
2014-03-29 09:31 - 2014-03-29 09:31 - 00002816 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
2014-03-29 09:21 - 2014-03-29 09:09 - 00000000 ____D () C:\ProgramData\Real
2014-03-29 09:16 - 2014-03-29 09:16 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\RealNetworks
2014-03-29 09:16 - 2014-03-29 09:15 - 00000324 _____ () C:\Users\Alexander\AppData\Roaming\aps.uninstall.scan.results
2014-03-29 09:15 - 2014-03-29 09:15 - 00272896 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00201872 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00006656 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5016.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00005632 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5032.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00001295 _____ () C:\Users\Public\Desktop\RealPlayer.lnk
2014-03-29 09:15 - 2014-03-29 09:15 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-29 09:15 - 2014-03-29 09:15 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-29 09:15 - 2014-03-29 09:14 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-29 09:14 - 2014-01-17 19:35 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2014-03-29 09:14 - 2014-01-17 19:35 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2014-03-29 09:13 - 2014-03-29 09:13 - 00003090 _____ () C:\WINDOWS\System32\Tasks\BlockAndSurf Update
2014-03-29 09:13 - 2014-03-29 09:13 - 00003034 _____ () C:\WINDOWS\System32\Tasks\BlockAndSurf_wd
2014-03-29 09:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-03-29 09:03 - 2014-03-29 09:03 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Mozilla
2014-03-29 09:03 - 2014-03-29 09:03 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-29 09:00 - 2014-03-29 08:57 - 00000000 ____D () C:\Users\Alexander\AppData\Local\cache
2014-03-29 08:57 - 2014-03-29 08:57 - 00000000 ____D () C:\Users\Alexander\.android
2014-03-29 08:57 - 2014-03-29 08:57 - 00000000 _____ () C:\Users\Alexander\daemonprocess.txt
2014-03-29 08:57 - 2014-03-29 00:39 - 00000000 ____D () C:\Users\Alexander
2014-03-29 08:54 - 2014-03-29 08:53 - 00000000 ____D () C:\Users\Alexander\AppData\Local\LPT
2014-03-29 08:50 - 2014-03-29 00:41 - 00002337 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Programme
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-03-29 07:15 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-03-29 07:15 - 2013-08-22 15:36 - 00000000 ___HD () C:\Users\Default
2014-03-29 01:33 - 2014-03-29 01:33 - 00000000 ____D () C:\Users\Alexander\Documents\Benutzerdefinierte Office-Vorlagen
2014-03-29 01:18 - 2014-03-29 01:18 - 00000000 __RHD () C:\MSOCache
2014-03-29 01:04 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Adobe
2014-03-29 01:02 - 2014-03-29 01:02 - 00002147 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-29 01:02 - 2014-03-29 01:02 - 00002147 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-29 01:02 - 2014-03-29 01:02 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-03-29 01:02 - 2014-03-29 01:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-03-29 00:42 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Lenovo
2014-03-29 00:41 - 2014-03-29 00:41 - 00000000 ____D () C:\Users\Public\Pokki
2014-03-29 00:41 - 2014-03-29 00:41 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Intel Corporation
2014-03-29 00:40 - 2014-03-29 00:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-03-29 00:40 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Lenovo
2014-03-29 00:40 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Power2Go
2014-03-29 00:40 - 2014-01-18 04:46 - 00080744 ____H () C:\WINDOWS\modules.log
2014-03-29 00:39 - 2014-03-29 00:39 - 00000020 ___SH () C:\Users\Alexander\ntuser.ini
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Vorlagen
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Startmenü
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Netzwerkumgebung
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Lokale Einstellungen
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Eigene Dateien
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Druckumgebung
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Documents\Eigene Musik
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Documents\Eigene Bilder
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\AppData\Local\Verlauf
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\AppData\Local\Anwendungsdaten
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Anwendungsdaten
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 ____D () C:\ProgramData\eBay
2014-03-29 00:39 - 2013-08-31 18:36 - 00000000 ____D () C:\WINDOWS\Panther
2014-03-29 00:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-03-28 17:38 - 2014-03-29 09:09 - 01172776 _____ (AnyProtect.com) C:\Users\Alexander\AppData\Local\AnyProtectScannerSetup.exe
2014-03-05 00:53 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:53 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-02 15:05 - 2014-03-29 09:36 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-29 09:29] - [2014-01-31 18:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2013-08-31 17:36
==================== End Of Log ============================
--- --- --- |
|
01.04.2014, 22:55
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Browser leitet mich ständig um - wie kann ich das ändern Das ist noch etwas Müll drin....
__________________Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {34A904F7-E31D-4F7F-9D9B-DF9EB6703CC9} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\BlockAndSurf-soft\BnSup.exe
Task: {4B9576B3-6725-47FE-AEA7-D64AB20634AF} - System32\Tasks\BlockAndSurf_wd => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurf_wd.exe
Task: {6766BD9C-BEC2-4FBB-91CB-92C52527655D} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B572A00D-8756-428C-83EE-A833C5F3AD21} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DB3DC54F-A1B4-4021-88AB-05A134698FB6} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\WINDOWS\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\BlockAndSurf-soft\BnSup.exe
Task: C:\WINDOWS\Tasks\BlockAndSurf_wd.job => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurf_wd.exe
C:\Program Files (x86)\AnyProtectEx
C:\Program Files (x86)\BlockAndSurf-soft
C:\WINDOWS\Tasks\APSnotifierPP3.job
C:\WINDOWS\Tasks\APSnotifierPP2.job
C:\WINDOWS\Tasks\APSnotifierPP1.job
C:\WINDOWS\System32\Tasks\APSnotifierPP1
C:\WINDOWS\System32\Tasks\APSnotifierPP3
C:\WINDOWS\System32\Tasks\APSnotifierPP2
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ |
|
02.04.2014, 07:49
| #18 |
| | Browser leitet mich ständig um - wie kann ich das ändern Guten Morgen Cosinus,
__________________anbei Fixlog.txt. Gruß Alexander Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Alexander at 2014-04-02 08:46:39 Run:2
Running from C:\Users\Alexander\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {34A904F7-E31D-4F7F-9D9B-DF9EB6703CC9} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\BlockAndSurf-soft\BnSup.exe
Task: {4B9576B3-6725-47FE-AEA7-D64AB20634AF} - System32\Tasks\BlockAndSurf_wd => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurf_wd.exe
Task: {6766BD9C-BEC2-4FBB-91CB-92C52527655D} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B572A00D-8756-428C-83EE-A833C5F3AD21} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DB3DC54F-A1B4-4021-88AB-05A134698FB6} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\WINDOWS\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\BlockAndSurf-soft\BnSup.exe
Task: C:\WINDOWS\Tasks\BlockAndSurf_wd.job => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurf_wd.exe
C:\Program Files (x86)\AnyProtectEx
C:\Program Files (x86)\BlockAndSurf-soft
C:\WINDOWS\Tasks\APSnotifierPP3.job
C:\WINDOWS\Tasks\APSnotifierPP2.job
C:\WINDOWS\Tasks\APSnotifierPP1.job
C:\WINDOWS\System32\Tasks\APSnotifierPP1
C:\WINDOWS\System32\Tasks\APSnotifierPP3
C:\WINDOWS\System32\Tasks\APSnotifierPP2
*****************
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{34A904F7-E31D-4F7F-9D9B-DF9EB6703CC9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34A904F7-E31D-4F7F-9D9B-DF9EB6703CC9} => Key deleted successfully.
C:\Windows\System32\Tasks\BlockAndSurf Update => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlockAndSurf Update => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B9576B3-6725-47FE-AEA7-D64AB20634AF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B9576B3-6725-47FE-AEA7-D64AB20634AF} => Key deleted successfully.
C:\Windows\System32\Tasks\BlockAndSurf_wd => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlockAndSurf_wd => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6766BD9C-BEC2-4FBB-91CB-92C52527655D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6766BD9C-BEC2-4FBB-91CB-92C52527655D} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B572A00D-8756-428C-83EE-A833C5F3AD21} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B572A00D-8756-428C-83EE-A833C5F3AD21} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB3DC54F-A1B4-4021-88AB-05A134698FB6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB3DC54F-A1B4-4021-88AB-05A134698FB6} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key deleted successfully.
C:\WINDOWS\Tasks\APSnotifierPP1.job => Moved successfully.
C:\WINDOWS\Tasks\APSnotifierPP2.job => Moved successfully.
C:\WINDOWS\Tasks\APSnotifierPP3.job => Moved successfully.
C:\WINDOWS\Tasks\BlockAndSurf Update.job => Moved successfully.
C:\WINDOWS\Tasks\BlockAndSurf_wd.job => Moved successfully.
"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
"C:\Program Files (x86)\BlockAndSurf-soft" => File/Directory not found.
"C:\WINDOWS\Tasks\APSnotifierPP3.job" => File/Directory not found.
"C:\WINDOWS\Tasks\APSnotifierPP2.job" => File/Directory not found.
"C:\WINDOWS\Tasks\APSnotifierPP1.job" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\APSnotifierPP1" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\APSnotifierPP3" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\APSnotifierPP2" => File/Directory not found.
==== End of Fixlog ====
|
|
02.04.2014, 08:08
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Browser leitet mich ständig um - wie kann ich das ändern Ok, Kontrollscans bitte Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.04.2014, 10:09
| #20 |
| | Browser leitet mich ständig um - wie kann ich das ändern Hallo Cosinus, bin heute ein bisschen im Streß, weil meine Kunden ... naja. Also ich habe Malware laufen lassen, anbei also die FRST Dateien und die Datei mbam.txt Reihenfolge: Addition ... FRST ... mbam.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Alexander at 2014-04-02 09:26:53
Running from C:\Users\Alexander\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
AMD Accelerated Video Transcoding (Version: 13.15.100.31001 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1001.1804.30597 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{E722C305-F584-0E98-E742-8884D07EB1CC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
BlockAndSurf (HKLM-x32\...\c4ee05be-ade6-438d-8333-4dec7508a8bd) (Version: - BlockAndSurf software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1001.1804.30597 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1001.1804.30597 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2013.1001.1804.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1001.1803.30597 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1001.1804.30597 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.4107 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0711 - lenovo)
Flash Player Pro V5.86 (HKLM-x32\...\Flash Player Pro_is1) (Version: 5.86 - FlashPlayerPro.com)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.2.2 - Genesys Logic)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.6.14.0 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.3.0 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{C51863E5-EB09-43A5-9D43-26A32587EEAC}) (Version: 2.4.002.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{84DAF9F1-513C-49F8-89D2-63CB3F4A7E39}) (Version: 8.5.7.1 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Easy Color Manager (HKLM-x32\...\{778EACF8-06C1-47AA-9284-91550E9BAD39}) (Version: 3.02.04 - Samsung Electronics Co., Ltd.)
Shopping Helper Smartbar (HKLM-x32\...\{AC6E9B2A-A7E6-4B17-8A6C-29D519673E12}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
==================== Restore Points =========================
28-03-2014 22:31:54 Windows Modules Installer
31-03-2014 21:00:34 Installiert Samsung Easy Color Manager
==================== Hosts content: ==========================
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05E1DFA4-6ED2-4186-A780-6B5AA8B66890} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {07EB16C2-9696-47FD-9B21-DBE44D956DD4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-19] (Lenovo)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1747F984-D989-4FCF-AAA5-595DE082C00A} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-02-19] (Lenovo)
Task: {1EDBE656-47E5-41E7-87A8-D2A416C69E9F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2A9333A0-3904-4EA8-AFE6-D92285F9FA88} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-09-17] ()
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2D5A2B91-08AB-4DD6-9D80-AF89D2C82788} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2712879693-1085652998-2071342517-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2DF49F53-D479-4992-9C94-070674009889} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-03-14] (Lenovo)
Task: {2E23F658-DF45-4540-B3F1-15CA58530842} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-02] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {444D6DE6-A10F-4D71-A258-05192CA28D49} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4AACBB93-5DDB-4ED8-92AE-72AB0B69EFB7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2712879693-1085652998-2071342517-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {93C4B129-6903-4277-95EA-7A6BA707343F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITSPLATZ01-Alexander Arbeitsplatz01 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-03-29] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A7F18A53-4BE0-4AFF-9706-170951FD6589} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()
Task: {C204D107-5878-427A-A845-AFC2BAEFE969} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {C7276967-9FE1-4764-9ED8-F3444EC02C63} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-02-19] (Lenovo)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D1F0C021-0BF3-4A79-B5F5-604C87576885} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\SystemAgent\AutoUpdate.exe [2013-09-17] ()
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E89514B0-8906-4813-945F-6CDE57DECF63} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-02-19] ()
Task: {EAB6C5BC-0E81-495F-B9F8-2E8F743B2DE0} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2712879693-1085652998-2071342517-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {EB5C6E42-B56D-4BB8-928F-C5B77CD98FD9} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-02-19] (Lenovo)
Task: {FA933DE3-73AF-45E5-9138-E4C482187604} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
==================== Loaded Modules (whitelisted) =============
2014-03-29 09:03 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-29 00:58 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-01-17 19:15 - 2011-08-16 21:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-01-17 19:38 - 2013-05-14 20:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-08-22 14:31 - 2013-08-22 14:31 - 00204288 _____ () C:\WINDOWS\system32\SaMinDr8.dll
2014-01-17 19:15 - 2011-08-16 21:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-01-17 19:14 - 2013-09-12 11:39 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-03-29 09:19 - 2014-03-29 11:18 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-01-17 19:15 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2014-03-29 09:03 - 2014-03-29 10:57 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2014-03-29 09:13 - 2014-03-29 11:11 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2014-03-29 09:03 - 2014-03-29 10:57 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Alexander\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/02/2014 09:03:33 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/02/2014 08:58:42 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/01/2014 08:59:28 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/30/2014 10:07:36 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/30/2014 09:55:58 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/29/2014 09:56:33 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/29/2014 09:34:46 AM) (Source: Application Hang) (User: )
Description: Programm LiveComm.exe, Version 17.4.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17a0
Startzeit: 01cf4b20a581d85d
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 99253da2-b714-11e3-8257-c03fd538b4d3
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (03/29/2014 09:15:57 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/29/2014 09:15:51 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/29/2014 09:15:04 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (04/02/2014 08:45:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/02/2014 00:12:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MgAssist Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/02/2014 00:12:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1243
Error: (04/02/2014 00:12:33 AM) (Source: GeneStor) (User: )
Description: GeneStor driver startedGeneStor driver started (2)
Error: (04/02/2014 00:00:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/01/2014 11:56:03 PM) (Source: DCOM) (User: ARBEITSPLATZ01)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (04/01/2014 02:04:20 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ADMIN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{35A189F7-5541-4AA3-AD13-9B24B5D97546}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (04/01/2014 02:03:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/01/2014 01:53:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MgAssist Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/01/2014 01:53:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1243
Microsoft Office Sessions:
=========================
Error: (04/02/2014 09:03:33 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (04/02/2014 08:58:42 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (04/01/2014 08:59:28 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (03/30/2014 10:07:36 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (03/30/2014 09:55:58 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (03/29/2014 09:56:33 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (03/29/2014 09:34:46 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.4.9600.1638417a001cf4b20a581d85d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe99253da2-b714-11e3-8257-c03fd538b4d3microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (03/29/2014 09:15:57 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (03/29/2014 09:15:51 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (03/29/2014 09:15:04 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Program Files (x86)\Real\RealPlayer\realplay.exe
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 12236.27 MB
Available physical RAM: 10452.21 MB
Total Pagefile: 14668.27 MB
Available Pagefile: 12768.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:920.8 GB) (Free:883.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (TectRoyal 2014) (Fixed) (Total:915.95 GB) (Free:893.16 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 5CF5C1CF)
Partition: GPT Partition Type.
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Alexander (administrator) on ARBEITSPLATZ01 on 02-04-2014 09:26:30
Running from C:\Users\Alexander\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\WINDOWS\SysWOW64\NLSSRV32.EXE
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\WINDOWS\sysWow64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] - C:\WINDOWS\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] - C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [LVT] - C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-03-29] (RealNetworks, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5613BAD6-6C53-43C6-88B2-BE3DA76414A8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {5613BAD6-6C53-43C6-88B2-BE3DA76414A8} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 217.237.150.188 217.237.151.142
FireFox:
========
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\l8jk90oa.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Redirect Cleaner - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\l8jk90oa.default\Extensions\redirectcleaner@example.net.xpi [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-17]
==================== Services (Whitelisted) =================
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] ()
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [585032 2013-09-17] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
S2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [X]
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [103656 2013-10-21] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-01-18] (Microsoft Corporation)
R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-29] (StdLib)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-02 09:26 - 2014-04-02 09:26 - 00018262 _____ () C:\Users\Alexander\Downloads\FRST.txt
2014-04-01 14:21 - 2014-04-02 08:51 - 00000000 ____D () C:\Users\Alexander\Downloads\Alt
2014-03-31 23:27 - 2014-03-31 23:27 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-03-31 23:00 - 2014-03-31 23:00 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\InstallShield
2014-03-31 23:00 - 2014-03-31 23:00 - 00000000 ____D () C:\Program Files (x86)\Samsung Easy Color Manager
2014-03-31 22:57 - 2014-03-31 22:59 - 49677664 _____ (Macrovision Corporation) C:\Users\Alexander\Downloads\EasyColorManager_V3.02.04.exe
2014-03-31 21:35 - 2014-03-31 21:35 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-03-31 19:47 - 2014-03-31 19:47 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-31 19:37 - 2014-03-31 19:39 - 00000000 ____D () C:\AdwCleaner
2014-03-31 18:56 - 2014-03-31 18:56 - 01038974 _____ (Thisisu) C:\Users\Alexander\Downloads\JRT.exe
2014-03-31 18:55 - 2014-03-31 18:55 - 01950720 _____ () C:\Users\Alexander\Downloads\adwcleaner.exe
2014-03-31 18:23 - 2014-03-31 18:23 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-31 18:22 - 2014-03-31 18:22 - 01110476 _____ () C:\Users\Alexander\Downloads\7z920.exe
2014-03-31 18:09 - 2014-04-02 09:26 - 00000000 ____D () C:\FRST
2014-03-31 18:06 - 2014-03-31 18:06 - 02157056 _____ (Farbar) C:\Users\Alexander\Downloads\FRST64.exe
2014-03-31 12:26 - 2014-03-31 12:33 - 00000000 ____D () C:\Users\Alexander\Documents\ELOFA Änderung SDB
2014-03-30 23:22 - 2014-04-02 08:36 - 00003308 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-30 23:22 - 2014-04-02 08:35 - 00003360 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-30 19:14 - 2014-03-30 19:14 - 00000000 ____D () C:\Users\Alexander\Documents\OneNote-Notizbücher
2014-03-30 14:24 - 2013-12-09 02:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-03-30 14:24 - 2013-12-09 01:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-03-30 14:23 - 2014-01-09 10:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-03-30 14:23 - 2014-01-09 09:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-03-30 14:23 - 2014-01-09 09:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-03-30 14:23 - 2014-01-09 09:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-03-30 14:23 - 2014-01-09 09:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-03-30 14:23 - 2014-01-09 09:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-03-30 14:23 - 2014-01-09 09:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-03-30 14:23 - 2014-01-09 09:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-03-30 14:23 - 2014-01-09 09:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-03-30 14:23 - 2014-01-09 09:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-03-30 14:23 - 2014-01-07 09:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-03-30 14:23 - 2014-01-07 07:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-03-30 14:23 - 2014-01-04 22:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-03-30 14:23 - 2014-01-04 21:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-03-30 14:23 - 2014-01-04 16:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-03-30 14:23 - 2014-01-04 16:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-03-30 14:23 - 2014-01-04 15:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-03-30 14:23 - 2014-01-04 15:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-03-30 14:23 - 2014-01-04 15:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-03-30 14:23 - 2014-01-04 15:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-03-30 14:23 - 2013-12-21 04:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-03-30 14:23 - 2013-12-21 04:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-03-30 14:23 - 2013-12-20 12:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-03-30 14:23 - 2013-12-20 08:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-03-30 14:23 - 2013-12-09 02:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-03-30 14:23 - 2013-11-23 06:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-03-30 14:23 - 2013-11-23 06:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-03-30 14:23 - 2013-11-09 08:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-03-30 14:23 - 2013-11-09 08:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-03-30 14:23 - 2013-11-09 07:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-03-30 11:50 - 2014-03-30 11:52 - 00000000 ____D () C:\Users\Alexander\Documents\Office2013 Schulungsdateien
2014-03-30 09:55 - 2014-03-30 09:59 - 00003382 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-30 09:55 - 2014-03-30 09:59 - 00003330 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-30 09:55 - 2014-03-30 09:55 - 00003402 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-29 21:15 - 2014-03-29 21:15 - 00099919 _____ () C:\Users\Alexander\Downloads\videocacheview265_Download.zip
2014-03-29 21:06 - 2014-03-29 21:06 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Macromedia
2014-03-29 21:04 - 2014-03-29 21:04 - 00002197 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-29 21:04 - 2014-03-29 21:04 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-29 21:04 - 2014-03-29 21:04 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-03-29 19:05 - 2014-03-29 19:07 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Mozilla
2014-03-29 19:05 - 2014-03-29 19:05 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-29 19:05 - 2014-03-29 19:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 18:49 - 2014-03-29 18:49 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-03-29 18:49 - 2014-03-29 18:49 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\LSC
2014-03-29 18:47 - 2014-04-01 13:10 - 00000000 ____D () C:\ProgramData\hps
2014-03-29 18:47 - 2014-03-29 18:47 - 00000000 ____D () C:\ProgramData\tmp
2014-03-29 17:01 - 2014-03-29 17:01 - 00011264 ___SH () C:\Users\Alexander\Desktop\Thumbs.db
2014-03-29 16:45 - 2014-03-31 18:47 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Microsoft Help
2014-03-29 16:06 - 2014-03-29 16:06 - 00086904 _____ () C:\Users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-29 16:06 - 2014-03-29 16:06 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\PDF Architect
2014-03-29 16:01 - 2014-03-29 16:04 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-03-29 16:01 - 2014-03-29 16:01 - 00001058 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-03-29 16:01 - 2014-03-29 16:01 - 00001020 _____ () C:\Users\Alexander\Desktop\PDF Architect.lnk
2014-03-29 16:01 - 2014-03-29 16:01 - 00000000 ____D () C:\Users\Alexander\Documents\PDF Architect Files
2014-03-29 16:01 - 2014-03-29 16:01 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-03-29 16:01 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2014-03-29 16:01 - 2013-01-09 15:52 - 01070152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2014-03-29 16:01 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCT2.OCX
2014-03-29 16:01 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMAPI32.OCX
2014-03-29 16:01 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPIDE.DLL
2014-03-29 16:01 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB6DE.DLL
2014-03-29 16:01 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCMCDE.DLL
2014-03-29 16:01 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCC2DE.DLL
2014-03-29 15:54 - 2014-03-29 15:57 - 69734576 _____ (pdfforge ) C:\Users\Alexander\Downloads\PDFCreator-1_7_2_setup_offline.exe
2014-03-29 15:39 - 2014-03-29 15:39 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Nitro
2014-03-29 15:39 - 2014-03-29 15:39 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\FileOpen
2014-03-29 15:39 - 2014-03-29 15:39 - 00000000 ____D () C:\ProgramData\FileOpen
2014-03-29 15:26 - 2014-03-31 21:34 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Nitro PDF
2014-03-29 15:21 - 2014-03-29 15:21 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\ATI
2014-03-29 15:21 - 2014-03-29 15:21 - 00000000 ____D () C:\Users\Alexander\AppData\Local\ATI
2014-03-29 15:21 - 2014-03-29 15:21 - 00000000 ____D () C:\ProgramData\ATI
2014-03-29 15:18 - 2014-03-29 15:18 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\WebApp
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Users\Alexander\Documents\CyberLink
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\CyberLink
2014-03-29 11:58 - 2014-04-02 09:26 - 00000000 ____D () C:\Users\Alexander\Documents\Outlook-Dateien
2014-03-29 11:37 - 2014-04-02 08:46 - 00005176 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITSPLATZ01-Alexander Arbeitsplatz01
2014-03-29 11:37 - 2014-03-29 11:37 - 00003116 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-29 11:15 - 2013-09-23 14:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2014-03-29 10:53 - 2014-03-29 10:53 - 00003570 _____ () C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2014-03-29 10:30 - 2014-03-29 10:30 - 00061112 _____ (StdLib) C:\WINDOWS\system32\Drivers\wStLibG64.sys
2014-03-29 09:41 - 2014-03-29 09:44 - 00001130 _____ () C:\Users\Alexander\Desktop\Flash Player Pro.lnk
2014-03-29 09:41 - 2014-03-29 09:44 - 00000000 ____D () C:\Program Files (x86)\Flash Player Pro
2014-03-29 09:41 - 2014-03-29 09:41 - 00000000 ____D () C:\Users\Alexander\Documents\Flash Player Pro
2014-03-29 09:38 - 2014-03-29 09:38 - 00229664 _____ (Premium Installer ) C:\Users\Alexander\Downloads\Media_Player_Setup.exe
2014-03-29 09:36 - 2014-03-29 09:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-29 09:36 - 2014-03-02 15:05 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-29 09:32 - 2014-03-29 09:32 - 00000000 ___RD () C:\WINDOWS\BrowserChoice
2014-03-29 09:32 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-29 09:32 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-29 09:32 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-29 09:32 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-29 09:32 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-29 09:32 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-29 09:32 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-29 09:32 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-29 09:32 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-29 09:32 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-29 09:32 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-29 09:32 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-29 09:32 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-29 09:32 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-29 09:32 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-29 09:32 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-29 09:32 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-29 09:32 - 2014-02-06 13:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-03-29 09:32 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-03-29 09:32 - 2014-02-06 13:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-03-29 09:32 - 2014-02-06 13:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-03-29 09:32 - 2014-02-06 12:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-03-29 09:32 - 2014-02-06 12:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-03-29 09:32 - 2014-02-06 12:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-03-29 09:32 - 2014-02-06 12:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-03-29 09:32 - 2014-02-06 12:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-03-29 09:32 - 2014-02-06 12:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-03-29 09:32 - 2014-02-06 12:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-03-29 09:32 - 2014-02-06 12:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-03-29 09:32 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-03-29 09:32 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-03-29 09:32 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-03-29 09:32 - 2014-02-06 11:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-03-29 09:32 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-03-29 09:32 - 2014-02-06 11:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-03-29 09:32 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-03-29 09:32 - 2014-02-06 11:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-03-29 09:29 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-29 09:29 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-29 09:29 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-29 09:29 - 2014-01-31 18:15 - 00311640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-29 09:29 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-29 09:29 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-29 09:29 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-29 09:29 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-29 09:29 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-29 09:29 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-29 09:29 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-29 09:29 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-29 09:29 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-29 09:29 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-29 09:29 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-29 09:29 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-29 09:29 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-29 09:29 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-29 09:29 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-29 09:29 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-29 09:29 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-29 09:29 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-29 09:29 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-29 09:29 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-29 09:29 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-29 09:29 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-29 09:29 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-29 09:29 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-29 09:29 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-29 09:29 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-29 09:29 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-29 09:29 - 2014-01-27 13:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-29 09:29 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-29 09:29 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-29 09:29 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-29 09:29 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-29 09:28 - 2014-01-08 03:46 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-03-29 09:28 - 2014-01-08 03:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-03-29 09:28 - 2014-01-08 03:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-03-29 09:28 - 2014-01-04 17:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-03-29 09:28 - 2014-01-04 17:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-03-29 09:28 - 2014-01-04 16:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-03-29 09:28 - 2014-01-04 15:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-03-29 09:28 - 2014-01-03 01:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-03-29 09:28 - 2014-01-03 01:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-03-29 09:28 - 2014-01-01 03:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-03-29 09:28 - 2014-01-01 03:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-03-29 09:28 - 2014-01-01 02:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-03-29 09:28 - 2014-01-01 02:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-03-29 09:28 - 2014-01-01 01:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-03-29 09:28 - 2014-01-01 01:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-03-29 09:28 - 2014-01-01 01:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-03-29 09:28 - 2013-12-31 01:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-03-29 09:28 - 2013-12-31 01:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-03-29 09:28 - 2013-12-31 01:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-03-29 09:28 - 2013-12-31 01:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-03-29 09:28 - 2013-12-31 01:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-03-29 09:28 - 2013-12-27 17:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-03-29 09:28 - 2013-12-27 10:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-03-29 09:28 - 2013-12-27 10:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-03-29 09:28 - 2013-12-27 10:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-03-29 09:28 - 2013-12-27 09:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-03-29 09:28 - 2013-12-27 09:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-03-29 09:28 - 2013-12-27 08:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-03-29 09:28 - 2013-12-21 09:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-03-29 09:28 - 2013-12-17 09:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-03-29 09:28 - 2013-12-14 08:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-03-29 09:28 - 2013-12-14 08:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-03-29 09:28 - 2013-12-13 12:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-03-29 09:28 - 2013-12-13 08:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-03-29 09:28 - 2013-12-13 07:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-03-29 09:28 - 2013-12-09 10:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-29 09:28 - 2013-12-09 06:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-29 09:27 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-29 09:27 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-29 09:26 - 2013-11-27 17:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-03-29 09:26 - 2013-11-27 13:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-03-29 09:26 - 2013-11-27 10:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-29 09:26 - 2013-11-27 10:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-29 09:26 - 2013-11-27 10:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-03-29 09:26 - 2013-11-27 10:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-03-29 09:26 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-29 09:26 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-29 09:26 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-29 09:23 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-29 09:23 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-29 09:22 - 2013-12-09 02:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-03-29 09:22 - 2013-12-09 02:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-03-29 09:22 - 2013-11-27 17:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-03-29 09:22 - 2013-11-27 17:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-03-29 09:22 - 2013-11-27 16:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-03-29 09:22 - 2013-11-27 15:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-03-29 09:22 - 2013-11-27 14:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-03-29 09:22 - 2013-11-27 12:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-03-29 09:22 - 2013-11-27 11:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-03-29 09:22 - 2013-11-27 11:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-03-29 09:22 - 2013-11-27 11:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-03-29 09:22 - 2013-11-27 11:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-03-29 09:22 - 2013-11-27 10:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-03-29 09:22 - 2013-11-27 10:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-03-29 09:22 - 2013-11-26 15:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-03-29 09:22 - 2013-11-26 15:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-03-29 09:22 - 2013-11-26 13:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-03-29 09:22 - 2013-11-25 03:45 - 00142680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-03-29 09:22 - 2013-11-25 03:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-03-29 09:22 - 2013-11-25 01:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-03-29 09:22 - 2013-11-25 01:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-03-29 09:22 - 2013-11-23 14:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-03-29 09:22 - 2013-11-23 09:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-03-29 09:22 - 2013-11-23 09:13 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-03-29 09:22 - 2013-11-23 09:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-03-29 09:22 - 2013-11-23 06:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-03-29 09:22 - 2013-11-23 05:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-03-29 09:22 - 2013-11-23 05:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-03-29 09:22 - 2013-11-21 08:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-03-29 09:22 - 2013-11-21 08:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-03-29 09:22 - 2013-11-15 16:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-03-29 09:22 - 2013-11-15 16:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-03-29 09:22 - 2013-11-15 16:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-03-29 09:22 - 2013-11-15 15:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-03-29 09:22 - 2013-10-31 02:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-03-29 09:22 - 2013-10-31 01:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-03-29 09:17 - 2013-11-11 04:48 - 00039768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-03-29 09:17 - 2013-11-09 08:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-03-29 09:17 - 2013-11-09 07:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-03-29 09:17 - 2013-11-08 12:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-03-29 09:17 - 2013-11-08 06:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-03-29 09:17 - 2013-11-08 06:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-03-29 09:17 - 2013-11-08 06:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-03-29 09:17 - 2013-11-08 05:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-03-29 09:17 - 2013-11-08 05:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-03-29 09:17 - 2013-11-05 16:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-03-29 09:17 - 2013-11-04 15:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-03-29 09:17 - 2013-11-04 13:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-03-29 09:17 - 2013-11-04 12:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-03-29 09:17 - 2013-11-04 04:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-03-29 09:17 - 2013-11-04 03:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-03-29 09:17 - 2013-11-01 13:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-03-29 09:17 - 2013-11-01 08:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-03-29 09:17 - 2013-11-01 07:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-03-29 09:17 - 2013-10-31 02:58 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-03-29 09:17 - 2013-10-31 02:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-03-29 09:17 - 2013-10-31 02:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-03-29 09:17 - 2013-10-31 02:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-03-29 09:17 - 2013-10-26 03:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-03-29 09:17 - 2013-10-24 11:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-03-29 09:17 - 2013-10-24 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-03-29 09:17 - 2013-10-17 13:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-03-29 09:17 - 2013-10-17 12:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-03-29 09:17 - 2013-10-05 16:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-03-29 09:17 - 2013-10-05 16:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-03-29 09:17 - 2013-10-05 14:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-03-29 09:17 - 2013-10-05 14:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-03-29 09:16 - 2014-03-29 09:16 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\RealNetworks
2014-03-29 09:15 - 2014-03-29 09:16 - 00000324 _____ () C:\Users\Alexander\AppData\Roaming\aps.uninstall.scan.results
2014-03-29 09:15 - 2014-03-29 09:15 - 00272896 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00201872 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00006656 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5016.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00005632 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5032.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00001295 _____ () C:\Users\Public\Desktop\RealPlayer.lnk
2014-03-29 09:15 - 2014-03-29 09:15 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-29 09:15 - 2014-03-29 09:15 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-29 09:14 - 2014-03-29 15:34 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Real
2014-03-29 09:14 - 2014-03-29 09:15 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-29 09:13 - 2014-04-01 13:53 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-29 09:09 - 2014-03-29 09:21 - 00000000 ____D () C:\ProgramData\Real
2014-03-29 09:09 - 2014-03-28 17:38 - 01172776 _____ (AnyProtect.com) C:\Users\Alexander\AppData\Local\AnyProtectScannerSetup.exe
2014-03-29 09:07 - 2014-01-07 07:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-03-29 09:07 - 2014-01-07 06:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-03-29 09:07 - 2013-12-09 02:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-03-29 09:07 - 2013-12-09 01:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-03-29 09:07 - 2013-11-21 08:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-03-29 09:07 - 2013-11-21 07:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-03-29 09:07 - 2013-10-19 10:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-03-29 09:07 - 2013-10-19 09:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-03-29 09:04 - 2013-12-09 04:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-03-29 09:04 - 2013-12-09 03:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-03-29 09:04 - 2013-10-15 10:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-03-29 09:04 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-03-29 09:03 - 2014-03-29 19:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 09:03 - 2014-03-29 09:03 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Mozilla
2014-03-29 09:03 - 2014-03-29 09:03 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-29 08:57 - 2014-03-29 09:00 - 00000000 ____D () C:\Users\Alexander\AppData\Local\cache
2014-03-29 08:57 - 2014-03-29 08:57 - 00000000 ____D () C:\Users\Alexander\.android
2014-03-29 08:57 - 2014-03-29 08:57 - 00000000 _____ () C:\Users\Alexander\daemonprocess.txt
2014-03-29 08:53 - 2014-03-29 08:54 - 00000000 ____D () C:\Users\Alexander\AppData\Local\LPT
2014-03-29 08:50 - 2014-03-31 16:10 - 00002183 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startmenü.lnk
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Programme
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-03-29 01:33 - 2014-03-29 01:33 - 00000000 ____D () C:\Users\Alexander\Documents\Benutzerdefinierte Office-Vorlagen
2014-03-29 01:18 - 2014-03-29 01:18 - 00000000 __RHD () C:\MSOCache
2014-03-29 01:05 - 2014-03-29 21:05 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Adobe
2014-03-29 01:05 - 2014-03-29 18:49 - 00000000 ____D () C:\Users\Alexander\AppData\Local\LSC
2014-03-29 01:02 - 2014-03-29 01:02 - 00002147 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-29 01:02 - 2014-03-29 01:02 - 00002147 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-29 01:02 - 2014-03-29 01:02 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-03-29 01:02 - 2014-03-29 01:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-03-29 00:58 - 2014-03-29 10:57 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-29 00:58 - 2014-03-29 10:56 - 00962240 _____ (Microsoft Corporation) C:\Users\Alexander\Downloads\Setup.X86.de-DE_HomeBusinessRetail_5cf0bcd6-92ef-4fef-b9b2-43d327b58416_TX_DB_.exe
2014-03-29 00:45 - 2014-04-02 08:58 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-29 00:45 - 2014-04-01 23:53 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{514E0437-3AB4-468C-B646-7FAA7ADECD18}
2014-03-29 00:42 - 2014-04-02 08:36 - 00000000 __RDO () C:\Users\Alexander\SkyDrive
2014-03-29 00:41 - 2014-03-29 08:50 - 00002337 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-03-29 00:41 - 2014-03-29 00:41 - 00000000 ____D () C:\Users\Public\Pokki
2014-03-29 00:41 - 2014-03-29 00:41 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Intel Corporation
2014-03-29 00:40 - 2014-04-02 08:35 - 00000369 _____ () C:\Users\Alexander\AppData\Local\RegisteredPackageInformation.xml
2014-03-29 00:40 - 2014-03-31 19:39 - 00001026 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-29 00:40 - 2014-03-30 19:14 - 00000000 ___RD () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-29 00:40 - 2014-03-30 11:52 - 00000000 ____D () C:\Users\Alexander\AppData\Local\VirtualStore
2014-03-29 00:40 - 2014-03-29 10:53 - 00000000 ___RD () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-29 00:40 - 2014-03-29 01:04 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Adobe
2014-03-29 00:40 - 2014-03-29 00:42 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Lenovo
2014-03-29 00:40 - 2014-03-29 00:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-03-29 00:40 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Lenovo
2014-03-29 00:40 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Power2Go
2014-03-29 00:39 - 2014-04-01 23:57 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Packages
2014-03-29 00:39 - 2014-03-29 08:57 - 00000000 ____D () C:\Users\Alexander
2014-03-29 00:39 - 2014-03-29 00:39 - 00000020 ___SH () C:\Users\Alexander\ntuser.ini
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Vorlagen
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Startmenü
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Netzwerkumgebung
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Lokale Einstellungen
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Eigene Dateien
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Druckumgebung
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Documents\Eigene Musik
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Documents\Eigene Bilder
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\AppData\Local\Verlauf
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\AppData\Local\Anwendungsdaten
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Anwendungsdaten
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 ____D () C:\ProgramData\eBay
2014-03-29 00:39 - 2014-01-17 19:40 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Macromedia
2014-03-29 00:39 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-29 00:39 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-29 00:39 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-03-29 00:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-29 00:30 - 2014-04-02 00:11 - 01918496 _____ () C:\WINDOWS\WindowsUpdate.log
==================== One Month Modified Files and Folders =======
2014-04-02 09:26 - 2014-04-02 09:26 - 00018262 _____ () C:\Users\Alexander\Downloads\FRST.txt
2014-04-02 09:26 - 2014-03-31 18:09 - 00000000 ____D () C:\FRST
2014-04-02 09:26 - 2014-03-29 11:58 - 00000000 ____D () C:\Users\Alexander\Documents\Outlook-Dateien
2014-04-02 09:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-02 09:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-02 08:58 - 2014-03-29 00:45 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2712879693-1085652998-2071342517-1001
2014-04-02 08:51 - 2014-04-01 14:21 - 00000000 ____D () C:\Users\Alexander\Downloads\Alt
2014-04-02 08:46 - 2014-03-29 11:37 - 00005176 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITSPLATZ01-Alexander Arbeitsplatz01
2014-04-02 08:40 - 2014-01-17 19:35 - 00001871 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk
2014-04-02 08:36 - 2014-03-30 23:22 - 00003308 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-04-02 08:36 - 2014-03-29 00:42 - 00000000 __RDO () C:\Users\Alexander\SkyDrive
2014-04-02 08:35 - 2014-03-30 23:22 - 00003360 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-04-02 08:35 - 2014-03-29 00:40 - 00000369 _____ () C:\Users\Alexander\AppData\Local\RegisteredPackageInformation.xml
2014-04-02 00:16 - 2014-01-18 04:01 - 00765378 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-02 00:16 - 2014-01-18 04:01 - 00159696 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-02 00:16 - 2013-08-31 17:40 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-02 00:12 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-02 00:12 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-02 00:11 - 2014-03-29 00:30 - 01918496 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-02 00:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-04-02 00:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-04-02 00:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-04-02 00:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-04-01 23:57 - 2014-03-29 00:39 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Packages
2014-04-01 23:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-01 23:53 - 2014-03-29 00:45 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{514E0437-3AB4-468C-B646-7FAA7ADECD18}
2014-04-01 15:41 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-01 13:53 - 2014-03-29 09:13 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-01 13:47 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-04-01 13:10 - 2014-03-29 18:47 - 00000000 ____D () C:\ProgramData\hps
2014-03-31 23:27 - 2014-03-31 23:27 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-03-31 23:27 - 2013-08-22 16:46 - 00020404 _____ () C:\WINDOWS\setupact.log
2014-03-31 23:00 - 2014-03-31 23:00 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\InstallShield
2014-03-31 23:00 - 2014-03-31 23:00 - 00000000 ____D () C:\Program Files (x86)\Samsung Easy Color Manager
2014-03-31 23:00 - 2014-01-17 19:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-31 22:59 - 2014-03-31 22:57 - 49677664 _____ (Macrovision Corporation) C:\Users\Alexander\Downloads\EasyColorManager_V3.02.04.exe
2014-03-31 21:35 - 2014-03-31 21:35 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-03-31 21:34 - 2014-03-29 15:26 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Nitro PDF
2014-03-31 21:34 - 2014-01-17 19:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-03-31 21:34 - 2014-01-17 19:16 - 00000000 ____D () C:\ProgramData\Lenovo
2014-03-31 19:47 - 2014-03-31 19:47 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-31 19:41 - 2014-01-17 19:34 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-31 19:40 - 2013-08-31 17:36 - 00009586 _____ () C:\WINDOWS\PFRO.log
2014-03-31 19:39 - 2014-03-31 19:37 - 00000000 ____D () C:\AdwCleaner
2014-03-31 19:39 - 2014-03-29 00:40 - 00001026 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-31 18:56 - 2014-03-31 18:56 - 01038974 _____ (Thisisu) C:\Users\Alexander\Downloads\JRT.exe
2014-03-31 18:55 - 2014-03-31 18:55 - 01950720 _____ () C:\Users\Alexander\Downloads\adwcleaner.exe
2014-03-31 18:47 - 2014-03-29 16:45 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Microsoft Help
2014-03-31 18:23 - 2014-03-31 18:23 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-31 18:22 - 2014-03-31 18:22 - 01110476 _____ () C:\Users\Alexander\Downloads\7z920.exe
2014-03-31 18:06 - 2014-03-31 18:06 - 02157056 _____ (Farbar) C:\Users\Alexander\Downloads\FRST64.exe
2014-03-31 16:10 - 2014-03-29 08:50 - 00002183 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startmenü.lnk
2014-03-31 12:33 - 2014-03-31 12:26 - 00000000 ____D () C:\Users\Alexander\Documents\ELOFA Änderung SDB
2014-03-30 19:14 - 2014-03-30 19:14 - 00000000 ____D () C:\Users\Alexander\Documents\OneNote-Notizbücher
2014-03-30 19:14 - 2014-03-29 00:40 - 00000000 ___RD () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 11:52 - 2014-03-30 11:50 - 00000000 ____D () C:\Users\Alexander\Documents\Office2013 Schulungsdateien
2014-03-30 11:52 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Alexander\AppData\Local\VirtualStore
2014-03-30 09:59 - 2014-03-30 09:55 - 00003382 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-30 09:59 - 2014-03-30 09:55 - 00003330 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-30 09:55 - 2014-03-30 09:55 - 00003402 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-29 21:15 - 2014-03-29 21:15 - 00099919 _____ () C:\Users\Alexander\Downloads\videocacheview265_Download.zip
2014-03-29 21:06 - 2014-03-29 21:06 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Macromedia
2014-03-29 21:05 - 2014-03-29 01:05 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Adobe
2014-03-29 21:04 - 2014-03-29 21:04 - 00002197 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-29 21:04 - 2014-03-29 21:04 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-29 21:04 - 2014-03-29 21:04 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-03-29 19:07 - 2014-03-29 19:05 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Mozilla
2014-03-29 19:05 - 2014-03-29 19:05 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-29 19:05 - 2014-03-29 19:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 19:05 - 2014-03-29 09:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 18:56 - 2014-01-17 19:16 - 00000000 ____D () C:\Program Files\lenovo
2014-03-29 18:49 - 2014-03-29 18:49 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-03-29 18:49 - 2014-03-29 18:49 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\LSC
2014-03-29 18:49 - 2014-03-29 01:05 - 00000000 ____D () C:\Users\Alexander\AppData\Local\LSC
2014-03-29 18:48 - 2014-01-17 19:40 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-03-29 18:47 - 2014-03-29 18:47 - 00000000 ____D () C:\ProgramData\tmp
2014-03-29 17:01 - 2014-03-29 17:01 - 00011264 ___SH () C:\Users\Alexander\Desktop\Thumbs.db
2014-03-29 16:06 - 2014-03-29 16:06 - 00086904 _____ () C:\Users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-29 16:06 - 2014-03-29 16:06 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\PDF Architect
2014-03-29 16:04 - 2014-03-29 16:01 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-03-29 16:01 - 2014-03-29 16:01 - 00001058 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-03-29 16:01 - 2014-03-29 16:01 - 00001020 _____ () C:\Users\Alexander\Desktop\PDF Architect.lnk
2014-03-29 16:01 - 2014-03-29 16:01 - 00000000 ____D () C:\Users\Alexander\Documents\PDF Architect Files
2014-03-29 16:01 - 2014-03-29 16:01 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-03-29 15:57 - 2014-03-29 15:54 - 69734576 _____ (pdfforge ) C:\Users\Alexander\Downloads\PDFCreator-1_7_2_setup_offline.exe
2014-03-29 15:39 - 2014-03-29 15:39 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Nitro
2014-03-29 15:39 - 2014-03-29 15:39 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\FileOpen
2014-03-29 15:39 - 2014-03-29 15:39 - 00000000 ____D () C:\ProgramData\FileOpen
2014-03-29 15:34 - 2014-03-29 09:14 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Real
2014-03-29 15:21 - 2014-03-29 15:21 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\ATI
2014-03-29 15:21 - 2014-03-29 15:21 - 00000000 ____D () C:\Users\Alexander\AppData\Local\ATI
2014-03-29 15:21 - 2014-03-29 15:21 - 00000000 ____D () C:\ProgramData\ATI
2014-03-29 15:18 - 2014-03-29 15:18 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\WebApp
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Users\Alexander\Documents\CyberLink
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\CyberLink
2014-03-29 15:17 - 2014-01-17 19:37 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-29 11:37 - 2014-03-29 11:37 - 00003116 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2712879693-1085652998-2071342517-1001
2014-03-29 11:09 - 2014-01-17 19:34 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-03-29 11:08 - 2014-01-17 19:34 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-29 11:08 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-03-29 10:57 - 2014-03-29 00:58 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-29 10:56 - 2014-03-29 00:58 - 00962240 _____ (Microsoft Corporation) C:\Users\Alexander\Downloads\Setup.X86.de-DE_HomeBusinessRetail_5cf0bcd6-92ef-4fef-b9b2-43d327b58416_TX_DB_.exe
2014-03-29 10:53 - 2014-03-29 10:53 - 00003570 _____ () C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2014-03-29 10:53 - 2014-03-29 00:40 - 00000000 ___RD () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-29 10:48 - 2013-08-22 16:44 - 00379704 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-29 10:45 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-29 10:45 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-29 10:45 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-03-29 10:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-29 10:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-29 10:45 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-03-29 10:45 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-03-29 10:30 - 2014-03-29 10:30 - 00061112 _____ (StdLib) C:\WINDOWS\system32\Drivers\wStLibG64.sys
2014-03-29 09:44 - 2014-03-29 09:41 - 00001130 _____ () C:\Users\Alexander\Desktop\Flash Player Pro.lnk
2014-03-29 09:44 - 2014-03-29 09:41 - 00000000 ____D () C:\Program Files (x86)\Flash Player Pro
2014-03-29 09:41 - 2014-03-29 09:41 - 00000000 ____D () C:\Users\Alexander\Documents\Flash Player Pro
2014-03-29 09:38 - 2014-03-29 09:38 - 00229664 _____ (Premium Installer ) C:\Users\Alexander\Downloads\Media_Player_Setup.exe
2014-03-29 09:37 - 2014-03-29 09:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-29 09:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-29 09:32 - 2014-03-29 09:32 - 00000000 ___RD () C:\WINDOWS\BrowserChoice
2014-03-29 09:21 - 2014-03-29 09:09 - 00000000 ____D () C:\ProgramData\Real
2014-03-29 09:16 - 2014-03-29 09:16 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\RealNetworks
2014-03-29 09:16 - 2014-03-29 09:15 - 00000324 _____ () C:\Users\Alexander\AppData\Roaming\aps.uninstall.scan.results
2014-03-29 09:15 - 2014-03-29 09:15 - 00272896 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00201872 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00006656 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5016.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00005632 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5032.dll
2014-03-29 09:15 - 2014-03-29 09:15 - 00001295 _____ () C:\Users\Public\Desktop\RealPlayer.lnk
2014-03-29 09:15 - 2014-03-29 09:15 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-29 09:15 - 2014-03-29 09:15 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-29 09:15 - 2014-03-29 09:14 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-29 09:14 - 2014-01-17 19:35 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2014-03-29 09:14 - 2014-01-17 19:35 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2014-03-29 09:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-03-29 09:03 - 2014-03-29 09:03 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Mozilla
2014-03-29 09:03 - 2014-03-29 09:03 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-29 09:00 - 2014-03-29 08:57 - 00000000 ____D () C:\Users\Alexander\AppData\Local\cache
2014-03-29 08:57 - 2014-03-29 08:57 - 00000000 ____D () C:\Users\Alexander\.android
2014-03-29 08:57 - 2014-03-29 08:57 - 00000000 _____ () C:\Users\Alexander\daemonprocess.txt
2014-03-29 08:57 - 2014-03-29 00:39 - 00000000 ____D () C:\Users\Alexander
2014-03-29 08:54 - 2014-03-29 08:53 - 00000000 ____D () C:\Users\Alexander\AppData\Local\LPT
2014-03-29 08:50 - 2014-03-29 00:41 - 00002337 _____ () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Programme
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-03-29 07:15 - 2014-03-29 07:15 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-03-29 07:15 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2014-03-29 07:15 - 2013-08-22 15:36 - 00000000 ___HD () C:\Users\Default
2014-03-29 01:33 - 2014-03-29 01:33 - 00000000 ____D () C:\Users\Alexander\Documents\Benutzerdefinierte Office-Vorlagen
2014-03-29 01:18 - 2014-03-29 01:18 - 00000000 __RHD () C:\MSOCache
2014-03-29 01:04 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Adobe
2014-03-29 01:02 - 2014-03-29 01:02 - 00002147 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-29 01:02 - 2014-03-29 01:02 - 00002147 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-29 01:02 - 2014-03-29 01:02 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-03-29 01:02 - 2014-03-29 01:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-03-29 00:42 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Lenovo
2014-03-29 00:41 - 2014-03-29 00:41 - 00000000 ____D () C:\Users\Public\Pokki
2014-03-29 00:41 - 2014-03-29 00:41 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Intel Corporation
2014-03-29 00:40 - 2014-03-29 00:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-03-29 00:40 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Alexander\AppData\Roaming\Lenovo
2014-03-29 00:40 - 2014-03-29 00:40 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Power2Go
2014-03-29 00:40 - 2014-01-18 04:46 - 00080744 ____H () C:\WINDOWS\modules.log
2014-03-29 00:39 - 2014-03-29 00:39 - 00000020 ___SH () C:\Users\Alexander\ntuser.ini
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Vorlagen
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Startmenü
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Netzwerkumgebung
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Lokale Einstellungen
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Eigene Dateien
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Druckumgebung
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Documents\Eigene Musik
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Documents\Eigene Bilder
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\AppData\Local\Verlauf
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\AppData\Local\Anwendungsdaten
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 _SHDL () C:\Users\Alexander\Anwendungsdaten
2014-03-29 00:39 - 2014-03-29 00:39 - 00000000 ____D () C:\ProgramData\eBay
2014-03-29 00:39 - 2013-08-31 18:36 - 00000000 ____D () C:\WINDOWS\Panther
2014-03-29 00:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-03-28 17:38 - 2014-03-29 09:09 - 01172776 _____ (AnyProtect.com) C:\Users\Alexander\AppData\Local\AnyProtectScannerSetup.exe
2014-03-05 00:53 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:53 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-29 09:29] - [2014-01-31 18:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2013-08-31 17:36
==================== End Of Log ============================
--- --- --- |
|
02.04.2014, 10:17
| #21 |
| | Browser leitet mich ständig um - wie kann ich das ändern mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 02.04.2014 Suchlauf-Zeit: 10:57:40 Logdatei: Malware.txt Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.04.02.03 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Alexander Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 240368 Verstrichene Zeit: 6 Min, 18 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 7 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[4fb103fd669a22dee9c3dd339f65d927] PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUeW4YgMJteX2qhG-UU0UlKkhA58Myi_TmVOYeh5ConiBNqWGuag42VFoDTBOdJu3fhc_0MQ5bEyL2c9YY0e_wibV6RDMft58C_XMyvx4m0oKRCdr6Gs0G7K-chYAUJaw,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUeW4YgMJteX2qhG-UU0UlKkhA58Myi_TmVOYeh5ConiBNqWGuag42VFoDTBOdJu3fhc_0MQ5bEyL2c9YY0e_wibV6RDMft58C_XMyvx4m0oKRCdr6Gs0G7K-chYAUJaw,),,[c23ed030e41c1de3100d9a760cf8ba46] PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUeW4YgMJteX2qhG-UU0UlKkhA58Myi_TmVOYeh5ConiBNqWGuag42VFoDTBOdJu3fiT80keJYjVKP6FSWjWPtMMJzoxn3AyYm-xHliORhpw3mY_LIsY6HmLUGkJu2OWQ,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUeW4YgMJteX2qhG-UU0UlKkhA58Myi_TmVOYeh5ConiBNqWGuag42VFoDTBOdJu3fiT80keJYjVKP6FSWjWPtMMJzoxn3AyYm-xHliORhpw3mY_LIsY6HmLUGkJu2OWQ,&q={searchTerms}),,[cb35cf312cd4837dda41090749bb0ef2] PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUeW4YgMJteX2qhG-UU0UlKkhA58Myi_TmVOYeh5ConiBNqWGuag42VFoDTBOdJu3fiT80keJYjVKP6FSWjWPtMMJzoxn3AyYm-xHliORhpw3mY_LIsY6HmLUGkJu2OWQ,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUeW4YgMJteX2qhG-UU0UlKkhA58Myi_TmVOYeh5ConiBNqWGuag42VFoDTBOdJu3fiT80keJYjVKP6FSWjWPtMMJzoxn3AyYm-xHliORhpw3mY_LIsY6HmLUGkJu2OWQ,&q={searchTerms}),,[c93715eb2cd49f61dd3f6ea216ee47b9] PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUeW4YgMJteX2qhG-UU0UlKkhA58Myi_TmVOYeh5ConiBNqWGuag42VFoDTBOdJu3fiT80keJYjVKP6FSWjWPtMMJzoxn3AyYm-xHliORhpw3mY_LIsY6HmLUGkJu2OWQ,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUeW4YgMJteX2qhG-UU0UlKkhA58Myi_TmVOYeh5ConiBNqWGuag42VFoDTBOdJu3fiT80keJYjVKP6FSWjWPtMMJzoxn3AyYm-xHliORhpw3mY_LIsY6HmLUGkJu2OWQ,&q={searchTerms}),,[ad538d738e729868a9753bd526de56aa] PUP.Optional.Snapdo, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUeW4YgMJteX2qhG-UU0UlKkhA58Myi_TmVOYeh5ConiBNqWGuag42VFoDTBOdJu3fiT80keJYjVKP6FSWjWPtMMJzoxn3AyYm-xHliORhpw3mY_LIsY6HmLUGkJu2OWQ,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUeW4YgMJteX2qhG-UU0UlKkhA58Myi_TmVOYeh5ConiBNqWGuag42VFoDTBOdJu3fiT80keJYjVKP6FSWjWPtMMJzoxn3AyYm-xHliORhpw3mY_LIsY6HmLUGkJu2OWQ,&q={searchTerms}),,[ef117f812ad6f0108c93d23ea75def11] PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUeW4YgMJteX2qhG-UU0UlKkhA58Myi_TmVOYeh5ConiBNqWGuag42VFoDTBOdJu3fiT80keJYjVKP6FSWjWPtMMJzoxn3AyYm-xHliORhpw3mY_LIsY6HmLUGkJu2OWQ,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUeW4YgMJteX2qhG-UU0UlKkhA58Myi_TmVOYeh5ConiBNqWGuag42VFoDTBOdJu3fiT80keJYjVKP6FSWjWPtMMJzoxn3AyYm-xHliORhpw3mY_LIsY6HmLUGkJu2OWQ,&q={searchTerms}),,[07f921dfaa56dc249024af57dc28f20e] Ordner: 3 PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Configs, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Resources, , [e41cf30d18e8f10ff0a63c28847e40c0], Dateien: 39 PUP.Optional.Conduit.A, C:\Users\Alexander\AppData\Local\Temp\nsdAB58\SpSetup.exe, , [5aa65da30ff155ab123f779f3ac7966a], PUP.Optional.SkyTech.A, C:\Users\Alexander\AppData\Local\Temp\fullpackage_temp1396078955\alilog.dll, , [47b9966a9a66b947759eeb47bc440ef2], PUP.Optional.SkyTech.A, C:\Users\Alexander\AppData\Local\Temp\fullpackage_temp1396078955\package1.zip, , [2ad6cb35b848b9475db680b236ca29d7], PUP.Optional.SupTab.A, C:\Users\Alexander\AppData\Local\Temp\fullpackage_temp1396078955\tmp\SupTab.exe, , [41bf758b619ff9072f1cd95ced13b14f], PUP.Optional.WpManager, C:\Users\Alexander\AppData\Local\Temp\fullpackage_temp1396078955\tmp\wpm.exe, , [32ce10f05ea26799316b4414a859966a], PUP.Optional.OptimumInstaller.A, C:\Users\Alexander\Downloads\Media_Player_Setup.exe, , [4fb142be59a7d22eeed35ee73dc47c84], PUP.Optional.SmartBar.A, C:\Windows\Installer\7be8f.msi, , [35cbb64a8080d52b01d48b9c7c8405fb], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\PublisherSettings.xml, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Smartbar.Common.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\FiddlerCore.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\HtmlAgilityPack.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\linmsl.exe, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\LPTInstaller.msi, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Newtonsoft.Json.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Proxy.pac, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Smartbar.Communication.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Smartbar.Communication.NamedPipe.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyRemover.exe, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Smartbar.Personalization.Common.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\sppsm.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\spusm.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\srbs.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\srbu.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\sreu.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\srpdm.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\srprl.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\srpt.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\srptc.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\srptm.exe, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\srptm.exe.config, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\srut.dll, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\UserSettings.xml, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Configs\BrowserSettings.xml, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Configs\LPTMapping.xml, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Configs\Timers.xml, , [e41cf30d18e8f10ff0a63c28847e40c0], PUP.Optional.Linkury.A, C:\Users\Alexander\AppData\Local\LPT\Resources\LPT.xml, , [e41cf30d18e8f10ff0a63c28847e40c0], Physische Sektoren: 0 (No malicious items detected) (end) Noch eine Frage von Einem, der sich nicht auskennt: Wie kann ich McAffee Virenscanner und Firewall anhalten? Hallo Cosinus, ich muss leider weg. Bin erst in 4 Stunden wieder an meinem Rechner. Sorry. Alexander |
|
02.04.2014, 11:32
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Browser leitet mich ständig um - wie kann ich das ändern Nur Reste, alles in die Quarantäne schicken Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.04.2014, 20:20
| #23 |
| | Browser leitet mich ständig um - wie kann ich das ändern Hallo Cosinus, die Rest sind in Quarantäne. Es hat ein bisserl gedauert, bis ich rausgefunden habe, wie McAfee abzuschalten ist. Aber nun das Ergebnis von Eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f225feb0152d474f82faded953e0b9de
# engine=17727
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-02 07:11:27
# local_time=2014-04-02 09:11:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5122 16777214 66 62 357210 23710173 0 0
# compatibility_mode=5893 16776574 100 94 386743 21347180 0 0
# scanned=272832
# found=9
# cleaned=0
# scan_time=5201
sh=5BF508699AE9881E6515F06860DDD43F35869F6E ft=1 fh=c71c001190653a49 vn="a variant of Win32/AdWare.AD150.B application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\BlockAndSurf-soft\BlockAndSurf157.exe"
sh=2581ECEE4628B2C0A5B5903A3E9A8F6B0F6A4423 ft=1 fh=c71c001144ccc2e3 vn="a variant of Win32/AdWare.AddLyrics.AI application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\BlockAndSurf-soft\BnSup.exe"
sh=3F5CFC889A728879E7220A8BA68870A2ECDED856 ft=1 fh=35f91de7364fdc2e vn="a variant of Win32/AdWare.AddLyrics.AH application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\BlockAndSurf-soft\Uninstall.exe"
sh=2AB89BE28D9D83477160A5A7EF1025684DDC8986 ft=1 fh=8347d116f189f35a vn="a variant of Win32/AdWare.iBryte.U application" ac=I fn="C:\FRST\Quarantine\C\Users\Alexander\AppData\Local\Temp\Media_Player_Setup.exe.xBAD"
sh=E62ABF6016FA37DD64A4F28ED2C0B412BD35B0CE ft=1 fh=4aa44c237c9927a9 vn="a variant of Win32/AdWare.SpeedingUpMyPC.G application" ac=I fn="C:\Users\Alexander\AppData\Local\Temp\is45637729\1361652_stp.EXE"
sh=452F274DD191E00E6DDD43C844A663103F067B14 ft=1 fh=c71c001110b3f691 vn="a variant of Win32/Injected.F trojan" ac=I fn="F:\TectRoyal Datensicherungen\TectRoyal 03 März 10.2014\Eigene Dateien\Downloads\Internet\COMPUTER_BILD-Download-Manager_fuer_applianflv.exe"
sh=452F274DD191E00E6DDD43C844A663103F067B14 ft=1 fh=c71c001110b3f691 vn="a variant of Win32/Injected.F trojan" ac=I fn="F:\TectRoyal Datensicherungen\TectRoyal 03 März 18.2014\Eigene Dateien\Downloads\Internet\COMPUTER_BILD-Download-Manager_fuer_applianflv.exe"
sh=452F274DD191E00E6DDD43C844A663103F067B14 ft=1 fh=c71c001110b3f691 vn="a variant of Win32/Injected.F trojan" ac=I fn="F:\TectRoyal Datensicherungen\TectRoyal 03 März.28.2014\C_Platte_TectRoyal\admin\apps\COMPUTER_BILD-Download-Manager_fuer_applianflv.exe"
sh=452F274DD191E00E6DDD43C844A663103F067B14 ft=1 fh=c71c001110b3f691 vn="a variant of Win32/Injected.F trojan" ac=I fn="F:\TectRoyal Datensicherungen\TectRoyal 03 März.28.2014\Eigene Dateien\Downloads\Internet\COMPUTER_BILD-Download-Manager_fuer_applianflv.exe"
Alexander |
|
02.04.2014, 22:00
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Browser leitet mich ständig um - wie kann ich das ändern Den COMPUTER-BILD-Blödsinn mal löschen. Ansonsten wurden nur schon längst isolierte Objekte gefunden und Reste in TMP. TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.04.2014, 22:45
| #25 |
| | Browser leitet mich ständig um - wie kann ich das ändern Hallo Cosinus, TFC hab ich installiert und laufen lassen :-) den CookieCuller ebenfalls installiert. Mein System sieht wieder gut aus, aber ich hätte noch 3 Fragen: 1) Wie und vor allem wo kann ich den Computerbildquatsch finden und löschen??? 2) MVPS Hosts File - kann das auch ein "DummUser" wie ich nutzen? 3) Wie / Wo finde ich jemanden, der so alle 6 Monate zu uns kommt und die PC säubert und administriert - kann man so jemanden hier finden (Raum Donauwörth) - kann auch was kosten (klar eigentlich); ich weiß nur nicht worauf ich achten soll. Ansonsten war die Betreuung von Dir einfach SUPER!!! Und ich werde sicher auch eine Spende an das Trojaner-Board anweisen (im Rahmen meiner Möglichkeiten, weil wir ziemlich winzig sind als "Unternehmen"). Danke schön für die Top-Betreuung. Alexander (TectRoyal) Also nun muss ich noch ne Frage stellen: wie kann ich Euch denn ein paar Kröten überweisen (ist der beste Dank, weil er Kosten decken hilft). Ich finde einfach die Kontodaten nicht :-). |
|
03.04.2014, 09:34
| #26 | ||||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Browser leitet mich ständig um - wie kann ich das ändernZitat:
Zitat:
Zitat:
 Schau ins Branchenbuch/Gelbe Seiten und such nach Computer-Dienstleister. Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.04.2014, 16:53
| #27 |
| | Browser leitet mich ständig um - wie kann ich das ändern Hi Cosinus, verärgern wollte ich Dich nicht :-). Habe nur einen anderen Job und bin kein Computerspezialist (jedenfalls nicht PC). Hab vielen Dank für Deine Hilfe. Werde dem Board in den nächsten Tagen eine Spende machen und habe Euch heute an zwei Freunde weiterempfohlen. Herzliche Grüße und weiterhin so ein tolles Board. Viele Grüße Alexander (TectRoyal) |
|
04.04.2014, 09:37
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Browser leitet mich ständig um - wie kann ich das ändern Ich war doch nicht verärgert nur etwas verwundert denn ob man nun Computerspezalist ist oder beruflich etwas ganz anderes macht, ist man nicht allwissend, ich als Helfer bin auch kein lebediges Telefonbuch  Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Browser leitet mich ständig um - wie kann ich das ändern |
| betrieb, browser, firefox, forum, gekauft, geändert, home, kaspersky, leitet, neue, neuen, office, platte, rechner, redirect, samstag, scan, scanner, seite, seiten, trojyaner oder virus?, umgeleitet, unternehmen, version, virenscan, virenscanner, windows, ändern |
Linear-Darstellung
