Sicherheitswarnung beim Öffnen von Firefox bei neuem Acer Aspire PC (vorinstalierte MC Affee Software)

Maporo · 02.04.2015, 11:46

Hallo liebes Trojaner-Board-Team,
wir haben uns einen neuen Acer Aspire XC-605 Desktop PC gekauft. Windows 8.1 und McAffee Software (Testversion) sind vorinstalliert. Zusätzlich habeb wir noch I-Tunes und Firefox vorgestern installiert. Heute kam beim Öffnen von Firefox diese

Fehlermeldung:hxxp://www.siteadvisor.com/restricted.html?domain=http:%2F%2Fhomepage-web.com%2F%3Fs=acer%26m=tab&originalURL=-1711304786&pip=false&premium=false&client_uid=3333156820&client_ver=3.7.2.194&client_type=IEPlugin&suite=true&aff_id=662-175&locale=de_de&ui=1&os_ver=6.3.0.0

und ob wir wrklich diese Seite besuchen wollen: hxxp://homepage-web.com/?s=acer&m=tab

Ich habe die ersten Scans, die ihr vorgeschlagen habt durchgeführt und packe euch den Text des FRST scans bei.

Hoffentlich könnt ihr mir helfen.
Vielen Dank Maporo
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by MEINS (administrator) on WURSTEBROT on 02-04-2015 12:35:50
Running from C:\Users\MEINS\Downloads
Loaded Profiles: MEINS (Available profiles: MEINS)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Pokki) C:\Users\MEINS\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Pokki) C:\Users\MEINS\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\MEINS\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\MEINS\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Users\MEINS\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65280 2015-03-12] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2015-03-04] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] ( (Atheros Communications))
HKU\S-1-5-21-2403373867-418344544-55061293-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start
HKU\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2403373867-418344544-55061293-1001 -> DefaultScope {E7977B64-D843-11E4-825F-3010B35E4163} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2403373867-418344544-55061293-1001 -> {88BC956D-FB63-4107-8C65-46F6A9B4F5E4} URL = 
SearchScopes: HKU\S-1-5-21-2403373867-418344544-55061293-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2403373867-418344544-55061293-1001 -> {E7977B64-D843-11E4-825F-3010B35E4163} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

FireFox:
========
FF ProfilePath: C:\Users\MEINS\AppData\Roaming\Mozilla\Firefox\Profiles\3jyn58bg.default
FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://homepage-web.com/?s=acer&m=start
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-03-31] ()
FF SearchPlugin: C:\Users\MEINS\AppData\Roaming\Mozilla\Firefox\Profiles\3jyn58bg.default\searchplugins\Web Search.xml [2015-04-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-07-14]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-14]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-31]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2840832 2015-03-12] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-03-31] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-30] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 12:35 - 2015-04-02 12:35 - 00029271 _____ () C:\Users\MEINS\Downloads\Addition.txt
2015-04-02 12:34 - 2015-04-02 12:35 - 00017845 _____ () C:\Users\MEINS\Downloads\FRST.txt
2015-04-02 12:34 - 2015-04-02 12:35 - 00000000 ____D () C:\FRST
2015-04-02 12:31 - 2015-04-02 12:31 - 02095616 _____ (Farbar) C:\Users\MEINS\Downloads\FRST64.exe
2015-04-02 12:30 - 2015-04-02 12:31 - 00000472 _____ () C:\Users\MEINS\Downloads\defogger_disable.log
2015-04-02 12:30 - 2015-04-02 12:30 - 00000000 _____ () C:\Users\MEINS\defogger_reenable
2015-04-02 12:29 - 2015-04-02 12:30 - 00050477 _____ () C:\Users\MEINS\Downloads\Defogger.exe
2015-04-02 12:01 - 2015-04-02 12:01 - 00000060 _____ () C:\Users\MEINS\Desktop\fixlist.txt
2015-04-02 11:52 - 2015-04-02 11:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-04-02 11:52 - 2015-04-02 11:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-04-02 11:42 - 2015-04-02 11:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-02 11:41 - 2015-02-26 21:14 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-02 11:26 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-02 11:26 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-02 11:21 - 2015-04-02 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-02 11:17 - 2015-04-02 11:17 - 00000000 ____D () C:\Users\Public\OEM
2015-04-01 17:09 - 2015-04-01 17:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-04-01 14:20 - 2015-04-02 11:03 - 00000000 ____D () C:\Users\MEINS\AppData\Local\CrashDumps
2015-04-01 10:00 - 2015-04-01 10:00 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Acer Aspire R7 Tutorial
2015-03-31 17:56 - 2015-03-31 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-31 17:55 - 2015-03-31 17:55 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-31 17:54 - 2015-03-31 17:54 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-03-31 17:53 - 2015-03-31 17:53 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Microsoft Help
2015-03-31 17:53 - 2015-03-31 17:53 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-31 17:53 - 2015-03-31 17:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-31 17:53 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-03-31 17:52 - 2015-04-02 11:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-31 17:52 - 2015-03-31 17:52 - 00000000 __RHD () C:\MSOCache
2015-03-31 17:46 - 2015-03-31 17:47 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Apple Computer
2015-03-31 17:46 - 2015-03-31 17:46 - 00001769 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-31 17:46 - 2015-03-31 17:46 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Apple Computer
2015-03-31 17:46 - 2015-03-31 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-31 17:46 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-03-31 17:45 - 2015-03-31 17:46 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-31 17:45 - 2015-03-31 17:46 - 00000000 ____D () C:\Program Files\iTunes
2015-03-31 17:45 - 2015-03-31 17:45 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Apple
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\ProgramData\Apple
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files\iPod
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-31 17:37 - 2015-03-31 17:43 - 152428336 _____ (Apple Inc.) C:\Users\MEINS\Downloads\itunes6464setup.exe
2015-03-31 17:32 - 2015-03-31 17:33 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Mozilla
2015-03-31 17:32 - 2015-03-31 17:33 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Mozilla
2015-03-31 17:32 - 2015-03-31 17:32 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-31 17:32 - 2015-03-31 17:32 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-31 17:32 - 2015-03-31 17:32 - 00000000 ____D () C:\ProgramData\Mozilla
2015-03-31 17:32 - 2015-03-31 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-31 17:32 - 2015-03-31 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-31 17:29 - 2015-04-02 12:21 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8932EE2A-E9BC-4898-BDF2-60AAE71EB1D4}
2015-03-31 17:29 - 2015-03-31 17:29 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
2015-03-31 17:29 - 2015-03-31 17:29 - 00000000 __SHD () C:\Users\MEINS\AppData\Local\EmieUserList
2015-03-31 17:29 - 2015-03-31 17:29 - 00000000 __SHD () C:\Users\MEINS\AppData\Local\EmieSiteList
2015-03-31 17:28 - 2015-03-31 17:28 - 00002028 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
2015-03-31 17:26 - 2015-03-31 17:26 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
2015-03-31 17:25 - 2015-03-31 17:25 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-03-31 17:24 - 2015-03-31 17:25 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\WildTangent
2015-03-31 17:23 - 2015-03-31 17:23 - 00002005 _____ () C:\Users\Public\Desktop\abPhoto.lnk
2015-03-31 17:23 - 2015-03-31 17:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-03-31 17:19 - 2015-04-02 12:21 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2403373867-418344544-55061293-1001
2015-03-31 17:19 - 2015-03-31 17:19 - 00001969 _____ () C:\Users\Public\Desktop\abDocs.lnk
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 ____D () C:\Users\Public\Pokki
2015-03-31 17:17 - 2015-04-01 09:53 - 00002330 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-03-31 17:17 - 2015-03-31 17:17 - 00002159 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2015-03-31 17:15 - 2015-04-02 11:20 - 00000000 ____D () C:\Users\MEINS\AppData\Local\clear.fi
2015-03-31 17:15 - 2015-03-31 17:15 - 00002625 _____ () C:\Users\Public\Desktop\eBay.lnk
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\PicStream
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\Documents\Bluetooth Folder
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Macromedia
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Atheros
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\AppData\Local\BMExplorer
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Program Files (x86)\OEM
2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\Windows\oem
2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\Users\MEINS\AppData\Local\iGware
2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\Users\MEINS\AppData\Local\AOP SDK
2015-03-31 17:12 - 2015-04-02 12:30 - 00000000 ____D () C:\Users\MEINS
2015-03-31 17:12 - 2015-04-02 12:14 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Packages
2015-03-31 17:12 - 2015-04-02 11:00 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Pokki
2015-03-31 17:12 - 2015-03-31 17:12 - 00001780 _____ () C:\Users\Public\Desktop\Online kaufen.lnk
2015-03-31 17:12 - 2015-03-31 17:12 - 00001450 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-31 17:12 - 2015-03-31 17:12 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-31 17:12 - 2015-03-31 17:12 - 00000020 ___SH () C:\Users\MEINS\ntuser.ini
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Vorlagen
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Startmenü
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Netzwerkumgebung
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Lokale Einstellungen
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Eigene Dateien
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Druckumgebung
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Documents\Eigene Musik
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Documents\Eigene Bilder
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\AppData\Local\Verlauf
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\AppData\Local\Anwendungsdaten
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Anwendungsdaten
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Adobe
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\Users\MEINS\AppData\Local\VirtualStore
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\Users\MEINS\AppData\Local\OEM
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\Program Files\Accessory Store
2015-03-31 17:12 - 2014-07-14 17:35 - 00000000 ___RD () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-31 17:12 - 2014-03-18 12:33 - 00000000 ___RD () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-31 17:12 - 2014-03-18 12:13 - 00000369 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-31 17:12 - 2014-03-18 12:13 - 00000369 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-31 17:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-31 17:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Programme
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Dokumente und Einstellungen

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 12:33 - 2014-10-09 21:18 - 01745212 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 12:14 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-02 12:05 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-02 12:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-02 11:42 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-02 11:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-01 17:12 - 2014-10-05 01:15 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-04-01 17:12 - 2014-10-05 01:15 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-04-01 17:12 - 2014-03-18 12:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 17:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\Recovery
2015-04-01 17:09 - 2013-08-22 16:46 - 00019058 _____ () C:\Windows\setupact.log
2015-04-01 14:16 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-31 17:58 - 2014-07-14 17:40 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-31 17:58 - 2013-08-22 16:44 - 00418712 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-31 17:57 - 2014-03-18 11:54 - 00007280 _____ () C:\Windows\PFRO.log
2015-03-31 17:57 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-31 17:55 - 2014-10-09 20:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-31 17:54 - 2014-07-14 17:40 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-31 17:54 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-31 17:53 - 2014-07-14 17:40 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-03-31 17:53 - 2014-03-18 11:45 - 00000000 ____D () C:\Windows\ShellNew
2015-03-31 17:52 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-03-31 17:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\restore
2015-03-31 17:28 - 2014-10-09 20:29 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-03-31 17:28 - 2014-10-09 20:29 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-03-31 17:25 - 2014-07-14 17:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-31 17:25 - 2014-07-14 17:38 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-03-31 17:24 - 2014-07-14 17:38 - 00000000 ____D () C:\ProgramData\WildTangent
2015-03-31 17:22 - 2014-10-09 20:29 - 00000000 ____D () C:\ProgramData\OEM
2015-03-31 17:18 - 2014-10-09 20:29 - 00000884 _____ () C:\Users\Public\Desktop\Acer Care Center.lnk
2015-03-31 17:18 - 2014-10-09 20:29 - 00000000 ____D () C:\ProgramData\Acer
2015-03-31 17:18 - 2014-07-14 18:16 - 00000000 ___HD () C:\OEM
2015-03-31 17:15 - 2014-10-09 20:24 - 00000000 ____D () C:\ProgramData\Atheros
2015-03-31 17:12 - 2014-07-14 18:17 - 00000000 ____D () C:\Windows\Panther
2015-03-31 17:08 - 2014-07-14 17:19 - 00000000 ____D () C:\Users\Administrator
2015-03-31 17:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-03-31 17:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-31 17:05 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default

==================== Files in the root of some directories =======

2014-10-09 20:21 - 2014-10-09 20:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\MEINS\AppData\Local\Temp\oct54AF.tmp.exe
C:\Users\MEINS\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-14 17:18

==================== End Of Log ============================

--- --- ---

M-K-D-B · 02.04.2015, 11:50

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zukünftig bitte beachten:

Zitat:

Running from C:\Users\MEINS\Downloads

Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

Maporo · 02.04.2015, 12:54

Hallo Matthias,
ich versuche jetzt die Anleitung korrekt zu befolgen.

Hier also die verlangten Dateien:
1) ADW cleaner

Code:

ATTFilter

# AdwCleaner v4.200 - Bericht erstellt 02/04/2015 um 13:09:43
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : MEINS - WURSTEBROT
# Gestarted von : C:\Users\MEINS\Desktop\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\MEINS\AppData\Roaming\Mozilla\Firefox\Profiles\3jyn58bg.default\searchplugins\Web Search.xml

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v36.0.4 (x86 de)

[3jyn58bg.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
[3jyn58bg.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.hiddenOneOffs", "Yahoo,Amazon.de,Bing,DuckDuckGo,eBay,LEO Eng-Deu,Web Search,Wikipedia (de)");
[3jyn58bg.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");

*************************

AdwCleaner[R0].txt - [1953 Bytes] - [02/04/2015 13:08:49]
AdwCleaner[S0].txt - [1844 Bytes] - [02/04/2015 13:09:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1903  Bytes] ##########

2) MBAM

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.04.2015
Suchlauf-Zeit: 13:22:36
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.02.03
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: MEINS

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 364044
Verstrichene Zeit: 6 Min, 2 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
Trojan.Autoit, C:\Users\MEINS\Desktop\AdwCleaner_4.200.exe, In Quarantäne, [3c8f75f2f99182b42fe3bb849072d22e], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

3)JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 8.1 x64
Ran by MEINS on 02.04.2015 at 13:39:11,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E7977B64-D843-11E4-825F-3010B35E4163}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.04.2015 at 13:42:02,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4) FRST 1

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by MEINS (administrator) on WURSTEBROT on 02-04-2015 13:43:20
Running from C:\Users\MEINS\Desktop
Loaded Profiles: MEINS (Available profiles: MEINS)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65280 2015-03-12] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2015-03-04] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] ( (Atheros Communications))
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start
HKU\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2403373867-418344544-55061293-1001 -> {88BC956D-FB63-4107-8C65-46F6A9B4F5E4} URL = 
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

FireFox:
========
FF ProfilePath: C:\Users\MEINS\AppData\Roaming\Mozilla\Firefox\Profiles\3jyn58bg.default
FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
FF Homepage: hxxp://homepage-web.com/?s=acer&m=start
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-03-31] ()
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-07-14]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-14]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-31]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2840832 2015-03-12] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-03-31] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-30] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 13:43 - 2015-04-02 13:43 - 00017360 _____ () C:\Users\MEINS\Desktop\FRST.txt
2015-04-02 13:42 - 2015-04-02 13:42 - 00000761 _____ () C:\Users\MEINS\Desktop\JRT.txt
2015-04-02 13:39 - 2015-04-02 13:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WURSTEBROT-Windows-8.1-(64-bit).dat
2015-04-02 13:39 - 2015-04-02 13:39 - 00000000 ____D () C:\RegBackup
2015-04-02 13:38 - 2015-04-02 13:38 - 02690981 _____ (Thisisu) C:\Users\MEINS\Desktop\JRT.exe
2015-04-02 13:36 - 2015-04-02 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-02 13:35 - 2015-04-02 13:35 - 00001269 _____ () C:\Users\MEINS\Desktop\mbam.txt
2015-04-02 13:22 - 2015-04-02 13:31 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-02 13:21 - 2015-04-02 13:21 - 00000923 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-02 13:21 - 2015-04-02 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-02 13:21 - 2015-04-02 13:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-02 13:21 - 2015-04-02 13:21 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-04-02 13:21 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-02 13:21 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-02 13:21 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-02 13:19 - 2015-04-02 13:19 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\MEINS\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-02 13:16 - 2015-04-02 13:16 - 00001991 _____ () C:\Users\MEINS\Desktop\AdwCleaner[S0].txt
2015-04-02 13:13 - 2015-04-02 13:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-02 13:13 - 2015-04-02 13:13 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-02 13:08 - 2015-04-02 13:09 - 00000000 ____D () C:\AdwCleaner
2015-04-02 12:35 - 2015-04-02 12:38 - 00029269 _____ () C:\Users\MEINS\Downloads\Addition.txt
2015-04-02 12:34 - 2015-04-02 13:43 - 00000000 ____D () C:\FRST
2015-04-02 12:34 - 2015-04-02 12:38 - 00036483 _____ () C:\Users\MEINS\Downloads\FRST.txt
2015-04-02 12:31 - 2015-04-02 12:31 - 02095616 _____ (Farbar) C:\Users\MEINS\Desktop\FRST64.exe
2015-04-02 12:30 - 2015-04-02 12:31 - 00000472 _____ () C:\Users\MEINS\Downloads\defogger_disable.log
2015-04-02 12:30 - 2015-04-02 12:30 - 00000000 _____ () C:\Users\MEINS\defogger_reenable
2015-04-02 12:29 - 2015-04-02 12:30 - 00050477 _____ () C:\Users\MEINS\Desktop\Defogger.exe
2015-04-02 12:01 - 2015-04-02 12:01 - 00000060 _____ () C:\Users\MEINS\Desktop\fixlist.txt
2015-04-02 11:52 - 2015-04-02 11:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-04-02 11:52 - 2015-04-02 11:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-04-02 11:45 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-04-02 11:42 - 2015-04-02 11:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-02 11:41 - 2015-02-26 21:14 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-02 11:32 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2015-04-02 11:32 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-04-02 11:32 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2015-04-02 11:31 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-04-02 11:31 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-04-02 11:31 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-04-02 11:31 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-04-02 11:31 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-04-02 11:31 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-04-02 11:31 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-04-02 11:31 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-04-02 11:31 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-04-02 11:31 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-04-02 11:31 - 2014-11-10 04:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2015-04-02 11:31 - 2014-11-10 03:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-04-02 11:31 - 2014-10-31 01:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-02 11:31 - 2014-10-31 01:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-04-02 11:31 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-04-02 11:29 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-02 11:29 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-02 11:29 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-02 11:29 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-02 11:29 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-02 11:29 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-02 11:29 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-02 11:29 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-02 11:29 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-02 11:29 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-02 11:29 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-02 11:29 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-02 11:29 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-02 11:29 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-02 11:29 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-04-02 11:29 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-04-02 11:29 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-04-02 11:29 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-04-02 11:29 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-04-02 11:29 - 2015-01-16 00:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-02 11:29 - 2015-01-16 00:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-02 11:29 - 2015-01-14 06:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-04-02 11:29 - 2015-01-14 05:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-04-02 11:29 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-02 11:29 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-02 11:29 - 2014-12-13 23:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-04-02 11:29 - 2014-12-13 23:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-04-02 11:29 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-02 11:29 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-02 11:29 - 2014-12-09 03:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-02 11:29 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-02 11:29 - 2014-10-29 04:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-02 11:29 - 2014-10-29 04:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-02 11:29 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-02 11:29 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-02 11:29 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-02 11:29 - 2014-10-29 04:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-02 11:29 - 2014-10-29 04:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-02 11:29 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-04-02 11:29 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-04-02 11:29 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-04-02 11:29 - 2014-10-29 03:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-02 11:29 - 2014-10-29 03:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-04-02 11:29 - 2014-10-29 03:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-04-02 11:29 - 2014-10-29 03:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-04-02 11:29 - 2014-10-29 03:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-04-02 11:29 - 2014-10-13 04:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-04-02 11:29 - 2014-10-11 02:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-04-02 11:29 - 2014-10-11 02:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-04-02 11:29 - 2014-10-08 09:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-04-02 11:29 - 2014-10-08 09:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-04-02 11:29 - 2014-10-08 08:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-04-02 11:29 - 2014-09-27 09:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-04-02 11:29 - 2014-09-27 07:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-04-02 11:29 - 2014-09-27 05:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-04-02 11:29 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-02 11:29 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-02 11:29 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-04-02 11:29 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-04-02 11:29 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-04-02 11:29 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-04-02 11:29 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-04-02 11:29 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-04-02 11:29 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-04-02 11:28 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-02 11:28 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-04-02 11:28 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-04-02 11:28 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-04-02 11:28 - 2015-01-30 05:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-04-02 11:28 - 2015-01-30 05:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-04-02 11:28 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-04-02 11:28 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-04-02 11:28 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-04-02 11:28 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-04-02 11:28 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-04-02 11:28 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-04-02 11:28 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-04-02 11:28 - 2014-12-19 08:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-02 11:28 - 2014-12-12 04:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-02 11:28 - 2014-12-12 02:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-04-02 11:28 - 2014-10-29 04:46 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-04-02 11:28 - 2014-10-29 04:46 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-04-02 11:28 - 2014-10-29 04:45 - 01198080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-04-02 11:28 - 2014-10-29 04:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2015-04-02 11:28 - 2014-10-29 04:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-04-02 11:28 - 2014-10-29 04:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2015-04-02 11:28 - 2014-10-29 04:03 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2015-04-02 11:28 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2015-04-02 11:28 - 2014-10-29 03:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2015-04-02 11:28 - 2014-10-29 03:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-04-02 11:28 - 2014-10-29 03:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2015-04-02 11:28 - 2014-10-29 03:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2015-04-02 11:28 - 2014-10-29 03:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2015-04-02 11:28 - 2014-10-29 03:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-04-02 11:28 - 2014-10-29 03:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2015-04-02 11:28 - 2014-10-29 02:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2015-04-02 11:28 - 2014-10-29 02:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2015-04-02 11:28 - 2014-10-29 02:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2015-04-02 11:28 - 2014-10-29 02:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2015-04-02 11:28 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-04-02 11:28 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-04-02 11:28 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-04-02 11:28 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-04-02 11:28 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2015-04-02 11:28 - 2014-08-16 06:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2015-04-02 11:28 - 2014-08-16 05:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-02 11:28 - 2014-08-16 05:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2015-04-02 11:28 - 2014-08-16 03:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-02 11:28 - 2014-08-16 03:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2015-04-02 11:28 - 2014-08-16 02:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-04-02 11:28 - 2014-08-16 02:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2015-04-02 11:28 - 2014-08-16 02:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2015-04-02 11:28 - 2014-08-16 02:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2015-04-02 11:28 - 2014-08-16 02:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2015-04-02 11:28 - 2014-08-16 02:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2015-04-02 11:28 - 2014-08-16 02:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-04-02 11:28 - 2014-08-16 02:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2015-04-02 11:28 - 2014-08-16 02:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2015-04-02 11:28 - 2014-08-16 02:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-04-02 11:28 - 2014-08-16 02:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2015-04-02 11:28 - 2014-08-16 02:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-04-02 11:28 - 2014-08-16 02:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2015-04-02 11:28 - 2014-08-16 02:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2015-04-02 11:28 - 2014-08-16 02:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-02 11:28 - 2014-08-16 02:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2015-04-02 11:28 - 2014-08-16 02:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2015-04-02 11:28 - 2014-08-16 02:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-04-02 11:28 - 2014-08-16 02:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-02 11:28 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-04-02 11:28 - 2014-07-24 17:28 - 00468288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-04-02 11:28 - 2014-07-24 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2015-04-02 11:28 - 2014-07-24 12:09 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-04-02 11:28 - 2014-07-24 11:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-04-02 11:28 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2015-04-02 11:28 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-04-02 11:28 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2015-04-02 11:28 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-04-02 11:28 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-04-02 11:28 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-04-02 11:27 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-02 11:27 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-02 11:27 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-02 11:27 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-04-02 11:27 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-02 11:27 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-02 11:27 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-02 11:27 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-02 11:27 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-02 11:27 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-02 11:27 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-02 11:27 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-02 11:27 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-02 11:27 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-02 11:27 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-04-02 11:27 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-02 11:27 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-02 11:27 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-02 11:27 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-02 11:27 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-02 11:27 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-04-02 11:27 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-02 11:27 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-02 11:27 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-02 11:27 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-02 11:27 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-02 11:27 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-02 11:27 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-04-02 11:27 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-02 11:27 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-04-02 11:27 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-02 11:27 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-02 11:27 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-02 11:27 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-02 11:27 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-02 11:27 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-02 11:27 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-02 11:27 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-02 11:27 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-04-02 11:27 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-04-02 11:27 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-04-02 11:27 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-04-02 11:27 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-04-02 11:27 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-04-02 11:27 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-04-02 11:27 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-04-02 11:27 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-02 11:27 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-02 11:27 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-02 11:27 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-04-02 11:27 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-04-02 11:27 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-02 11:27 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-02 11:27 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-02 11:27 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-02 11:27 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-04-02 11:27 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-04-02 11:27 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-02 11:27 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-02 11:27 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-04-02 11:27 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-02 11:27 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-02 11:27 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-02 11:27 - 2015-01-12 03:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-02 11:27 - 2014-12-06 05:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-02 11:27 - 2014-12-06 03:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-02 11:27 - 2014-11-22 04:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-02 11:27 - 2014-11-22 04:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-02 11:27 - 2014-10-31 07:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-04-02 11:27 - 2014-10-31 07:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-02 11:27 - 2014-10-31 07:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-04-02 11:27 - 2014-10-31 07:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-04-02 11:27 - 2014-10-31 07:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-02 11:27 - 2014-10-31 07:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-02 11:27 - 2014-10-31 07:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-02 11:27 - 2014-10-31 07:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-02 11:27 - 2014-10-31 06:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-02 11:27 - 2014-10-31 06:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-02 11:27 - 2014-10-31 06:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-04-02 11:27 - 2014-10-31 06:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-02 11:27 - 2014-10-31 06:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2015-04-02 11:27 - 2014-10-31 06:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-02 11:27 - 2014-10-31 06:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-02 11:27 - 2014-10-31 06:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-04-02 11:27 - 2014-10-31 06:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-02 11:27 - 2014-10-31 06:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-04-02 11:27 - 2014-10-31 06:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-04-02 11:27 - 2014-10-31 06:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-04-02 11:27 - 2014-10-31 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-02 11:27 - 2014-10-31 06:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-02 11:27 - 2014-10-31 06:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-04-02 11:27 - 2014-10-31 05:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-04-02 11:27 - 2014-10-31 05:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-04-02 11:27 - 2014-10-31 05:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-02 11:27 - 2014-10-31 05:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-04-02 11:27 - 2014-10-31 05:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-04-02 11:27 - 2014-10-31 05:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-02 11:27 - 2014-10-31 05:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-02 11:27 - 2014-10-31 05:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-02 11:27 - 2014-10-31 05:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-02 11:27 - 2014-10-31 05:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-02 11:27 - 2014-10-31 05:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-02 11:27 - 2014-10-31 05:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-04-02 11:27 - 2014-10-31 05:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-02 11:27 - 2014-10-31 05:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2015-04-02 11:27 - 2014-10-31 05:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-02 11:27 - 2014-10-31 05:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-02 11:27 - 2014-10-31 05:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-04-02 11:27 - 2014-10-31 04:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-02 11:27 - 2014-10-31 04:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-04-02 11:27 - 2014-10-31 04:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-04-02 11:27 - 2014-10-31 04:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-04-02 11:27 - 2014-10-31 04:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-02 11:27 - 2014-10-31 04:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-02 11:27 - 2014-10-31 04:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-04-02 11:27 - 2014-10-31 04:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-04-02 11:27 - 2014-10-31 04:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-04-02 11:27 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-04-02 11:27 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-04-02 11:27 - 2014-10-29 04:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-04-02 11:27 - 2014-10-29 04:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2015-04-02 11:27 - 2014-10-29 04:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-02 11:27 - 2014-10-29 04:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-02 11:27 - 2014-10-29 03:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-02 11:27 - 2014-10-29 03:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-04-02 11:27 - 2014-10-29 03:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2015-04-02 11:27 - 2014-10-29 03:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-02 11:27 - 2014-10-29 03:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-02 11:27 - 2014-10-29 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-02 11:27 - 2014-10-29 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-04-02 11:27 - 2014-10-29 03:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-02 11:27 - 2014-10-29 03:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-02 11:27 - 2014-10-29 03:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-04-02 11:27 - 2014-10-29 02:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2015-04-02 11:27 - 2014-10-29 02:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-04-02 11:27 - 2014-10-23 07:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-04-02 11:27 - 2014-10-23 07:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-04-02 11:27 - 2014-10-13 04:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-04-02 11:27 - 2014-10-13 04:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-04-02 11:27 - 2014-10-13 04:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-04-02 11:27 - 2014-10-13 04:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-04-02 11:27 - 2014-08-23 07:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-02 11:27 - 2014-08-23 07:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-02 11:27 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-04-02 11:27 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-04-02 11:27 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2015-04-02 11:27 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2015-04-02 11:27 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2015-04-02 11:27 - 2014-05-31 12:07 - 00440664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-04-02 11:27 - 2014-05-31 12:07 - 00419672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-04-02 11:27 - 2014-05-31 12:07 - 00089944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-04-02 11:27 - 2014-05-31 12:07 - 00027480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-04-02 11:27 - 2014-05-31 08:30 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-04-02 11:27 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-04-02 11:27 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-04-02 11:27 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-04-02 11:27 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-04-02 11:27 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-04-02 11:27 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-04-02 11:27 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2015-04-02 11:27 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2015-04-02 11:27 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe
2015-04-02 11:27 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2015-04-02 11:27 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2015-04-02 11:27 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-04-02 11:27 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-04-02 11:27 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-02 11:26 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-02 11:26 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-02 11:26 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-04-02 11:26 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-04-02 11:26 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-02 11:26 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-02 11:26 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-02 11:26 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-02 11:26 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-04-02 11:26 - 2014-12-08 21:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-04-02 11:26 - 2014-12-08 21:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-04-02 11:26 - 2014-12-08 21:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-04-02 11:26 - 2014-12-08 21:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-04-02 11:26 - 2014-12-06 03:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-04-02 11:26 - 2014-11-10 01:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-02 11:26 - 2014-11-10 01:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-02 11:26 - 2014-11-10 01:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-02 11:26 - 2014-11-10 01:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-02 11:26 - 2014-10-31 00:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-04-02 11:26 - 2014-10-31 00:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-02 11:26 - 2014-10-29 06:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-04-02 11:26 - 2014-10-29 05:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-02 11:26 - 2014-10-29 05:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-02 11:26 - 2014-10-29 05:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-02 11:26 - 2014-10-29 05:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-02 11:26 - 2014-10-29 05:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-04-02 11:26 - 2014-10-29 05:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-04-02 11:26 - 2014-10-29 05:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-04-02 11:26 - 2014-10-29 05:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-04-02 11:26 - 2014-10-29 03:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-02 11:26 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-04-02 11:26 - 2014-05-01 15:31 - 00055328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys
2015-04-02 11:26 - 2014-05-01 07:24 - 02834944 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2015-04-02 11:25 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-04-02 11:25 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-04-02 11:25 - 2014-12-08 21:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-02 11:25 - 2014-12-08 21:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-02 11:25 - 2014-12-08 21:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-04-02 11:25 - 2014-12-08 21:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-04-02 11:25 - 2014-10-29 06:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-04-02 11:25 - 2014-10-29 05:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-04-02 11:25 - 2014-10-29 04:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-04-02 11:25 - 2014-10-29 03:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-04-02 11:25 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-04-02 11:25 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-04-02 11:25 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-04-02 11:25 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-04-02 11:25 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-04-02 11:25 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2015-04-02 11:25 - 2014-08-31 02:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-04-02 11:25 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2015-04-02 11:25 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2015-04-02 11:25 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-04-02 11:25 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2015-04-02 11:25 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-04-02 11:25 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-04-02 11:25 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-04-02 11:25 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-04-02 11:25 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-04-02 11:25 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-04-02 11:25 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-04-02 11:25 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-04-02 11:25 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-04-02 11:25 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-04-02 11:22 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-02 11:22 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-02 11:20 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-02 11:20 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2015-04-02 11:20 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-02 11:20 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-02 11:20 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-02 11:20 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-02 11:20 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-02 11:20 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2015-04-02 11:20 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2015-04-02 11:17 - 2015-04-02 11:17 - 00000000 ____D () C:\Users\Public\OEM
2015-04-01 17:09 - 2015-04-01 17:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-04-01 14:20 - 2015-04-02 11:03 - 00000000 ____D () C:\Users\MEINS\AppData\Local\CrashDumps
2015-04-01 10:00 - 2015-04-01 10:00 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Acer Aspire R7 Tutorial
2015-03-31 17:56 - 2015-03-31 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-31 17:55 - 2015-03-31 17:55 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-31 17:54 - 2015-03-31 17:54 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-03-31 17:53 - 2015-03-31 17:53 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Microsoft Help
2015-03-31 17:53 - 2015-03-31 17:53 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-31 17:53 - 2015-03-31 17:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-31 17:53 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-03-31 17:52 - 2015-04-02 11:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-31 17:52 - 2015-03-31 17:52 - 00000000 __RHD () C:\MSOCache
2015-03-31 17:48 - 2014-04-30 06:43 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-03-31 17:48 - 2014-04-30 06:26 - 01345536 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-03-31 17:48 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-03-31 17:46 - 2015-03-31 17:47 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Apple Computer
2015-03-31 17:46 - 2015-03-31 17:46 - 00001769 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-31 17:46 - 2015-03-31 17:46 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Apple Computer
2015-03-31 17:46 - 2015-03-31 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-31 17:46 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-03-31 17:45 - 2015-03-31 17:46 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-31 17:45 - 2015-03-31 17:46 - 00000000 ____D () C:\Program Files\iTunes
2015-03-31 17:45 - 2015-03-31 17:45 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Apple
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\ProgramData\Apple
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files\iPod
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-31 17:37 - 2015-03-31 17:43 - 152428336 _____ (Apple Inc.) C:\Users\MEINS\Downloads\itunes6464setup.exe
2015-03-31 17:32 - 2015-03-31 17:33 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Mozilla
2015-03-31 17:32 - 2015-03-31 17:33 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Mozilla
2015-03-31 17:32 - 2015-03-31 17:32 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-31 17:32 - 2015-03-31 17:32 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-31 17:32 - 2015-03-31 17:32 - 00000000 ____D () C:\ProgramData\Mozilla
2015-03-31 17:32 - 2015-03-31 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-31 17:32 - 2015-03-31 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-31 17:29 - 2015-04-02 13:36 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8932EE2A-E9BC-4898-BDF2-60AAE71EB1D4}
2015-03-31 17:29 - 2015-03-31 17:29 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
2015-03-31 17:29 - 2015-03-31 17:29 - 00000000 __SHD () C:\Users\MEINS\AppData\Local\EmieUserList
2015-03-31 17:29 - 2015-03-31 17:29 - 00000000 __SHD () C:\Users\MEINS\AppData\Local\EmieSiteList
2015-03-31 17:28 - 2015-03-31 17:28 - 00002028 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
2015-03-31 17:26 - 2015-03-31 17:26 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
2015-03-31 17:25 - 2015-03-31 17:25 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-03-31 17:24 - 2015-03-31 17:25 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\WildTangent
2015-03-31 17:23 - 2015-03-31 17:23 - 00002005 _____ () C:\Users\Public\Desktop\abPhoto.lnk
2015-03-31 17:23 - 2015-03-31 17:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-03-31 17:19 - 2015-04-02 13:37 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2403373867-418344544-55061293-1001
2015-03-31 17:19 - 2015-03-31 17:19 - 00001969 _____ () C:\Users\Public\Desktop\abDocs.lnk
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 ____D () C:\Users\Public\Pokki
2015-03-31 17:17 - 2015-04-01 09:53 - 00002330 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-03-31 17:17 - 2015-03-31 17:17 - 00002159 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2015-03-31 17:15 - 2015-04-02 11:20 - 00000000 ____D () C:\Users\MEINS\AppData\Local\clear.fi
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\PicStream
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\Documents\Bluetooth Folder
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Macromedia
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Atheros
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\AppData\Local\BMExplorer
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Program Files (x86)\OEM
2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\Windows\oem
2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\Users\MEINS\AppData\Local\iGware
2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\Users\MEINS\AppData\Local\AOP SDK
2015-03-31 17:12 - 2015-04-02 12:30 - 00000000 ____D () C:\Users\MEINS
2015-03-31 17:12 - 2015-04-02 12:14 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Packages
2015-03-31 17:12 - 2015-04-02 11:00 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Pokki
2015-03-31 17:12 - 2015-03-31 17:12 - 00001780 _____ () C:\Users\Public\Desktop\Online kaufen.lnk
2015-03-31 17:12 - 2015-03-31 17:12 - 00001450 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-31 17:12 - 2015-03-31 17:12 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-31 17:12 - 2015-03-31 17:12 - 00000020 ___SH () C:\Users\MEINS\ntuser.ini
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Vorlagen
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Startmenü
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Netzwerkumgebung
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Lokale Einstellungen
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Eigene Dateien
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Druckumgebung
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Documents\Eigene Musik
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Documents\Eigene Bilder
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\AppData\Local\Verlauf
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\AppData\Local\Anwendungsdaten
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Anwendungsdaten
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Adobe
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\Users\MEINS\AppData\Local\VirtualStore
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\Users\MEINS\AppData\Local\OEM
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\Program Files\Accessory Store
2015-03-31 17:12 - 2014-07-14 17:35 - 00000000 ___RD () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-31 17:12 - 2014-03-18 12:33 - 00000000 ___RD () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-31 17:12 - 2014-03-18 12:13 - 00000369 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-31 17:12 - 2014-03-18 12:13 - 00000369 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-31 17:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-31 17:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Programme
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Dokumente und Einstellungen

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 13:36 - 2014-10-05 01:15 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-04-02 13:36 - 2014-10-05 01:15 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-04-02 13:36 - 2014-03-18 12:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-02 13:32 - 2014-10-09 21:18 - 01949147 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 13:31 - 2014-03-18 11:54 - 00022974 _____ () C:\Windows\PFRO.log
2015-04-02 13:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Speech
2015-04-02 13:31 - 2013-08-22 16:46 - 00019290 _____ () C:\Windows\setupact.log
2015-04-02 13:31 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-02 13:31 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-02 13:15 - 2013-08-22 16:44 - 00420208 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-02 13:13 - 2014-03-18 11:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-02 13:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-02 12:14 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-02 12:05 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-02 11:42 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-02 11:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-01 17:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\Recovery
2015-03-31 17:58 - 2014-07-14 17:40 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-31 17:55 - 2014-10-09 20:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-31 17:54 - 2014-07-14 17:40 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-31 17:53 - 2014-07-14 17:40 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-03-31 17:53 - 2014-03-18 11:45 - 00000000 ____D () C:\Windows\ShellNew
2015-03-31 17:52 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-03-31 17:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\restore
2015-03-31 17:28 - 2014-10-09 20:29 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-03-31 17:28 - 2014-10-09 20:29 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-03-31 17:25 - 2014-07-14 17:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-31 17:25 - 2014-07-14 17:38 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-03-31 17:24 - 2014-07-14 17:38 - 00000000 ____D () C:\ProgramData\WildTangent
2015-03-31 17:22 - 2014-10-09 20:29 - 00000000 ____D () C:\ProgramData\OEM
2015-03-31 17:18 - 2014-10-09 20:29 - 00000884 _____ () C:\Users\Public\Desktop\Acer Care Center.lnk
2015-03-31 17:18 - 2014-10-09 20:29 - 00000000 ____D () C:\ProgramData\Acer
2015-03-31 17:18 - 2014-07-14 18:16 - 00000000 ___HD () C:\OEM
2015-03-31 17:15 - 2014-10-09 20:24 - 00000000 ____D () C:\ProgramData\Atheros
2015-03-31 17:12 - 2014-07-14 18:17 - 00000000 ____D () C:\Windows\Panther
2015-03-31 17:08 - 2014-07-14 17:19 - 00000000 ____D () C:\Users\Administrator
2015-03-31 17:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-03-31 17:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-31 17:05 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2015-03-04 23:24 - 2014-07-14 17:36 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 23:24 - 2014-07-14 17:36 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-10-09 20:21 - 2014-10-09 20:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\MEINS\AppData\Local\Temp\oct54AF.tmp.exe
C:\Users\MEINS\AppData\Local\Temp\ose00000.exe
C:\Users\MEINS\AppData\Local\Temp\Quarantine.exe
C:\Users\MEINS\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-14 17:18

==================== End Of Log ============================

--- --- ---

--- --- ---

und die letzte

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by MEINS at 2015-04-02 13:43:42
Running from C:\Users\MEINS\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.06.2002.1 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.07.2004.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.02.2003.0 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3013 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.05.2003 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8107 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.05.2004.0 - Acer Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5320 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Farm to Fork Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{F74C595C-BEF2-4AF9-9C4E-68F3CD509C4D}) (Version: 6.0.120.609 - Foxit Corporation)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 11.0.0.7 - WildTangent, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8104 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-2403373867-418344544-55061293-1001\...\Pokki_Start_Menu) (Version: 0.269.7.573 - Pokki)
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.25 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.51 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2403373867-418344544-55061293-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

31-03-2015 17:45:39 Installed iTunes

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {270BCC18-85E8-4D33-9A18-E0E96B9E64CA} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {284BEF01-9553-4ABC-A548-81AB06FE4B90} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {4A589C09-8DF0-49DA-ADA0-8DCF74A3F31B} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {528470DD-1A76-4760-9A76-40B79DFAB677} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {54580F8C-8817-44DA-8822-043F148B66B5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5DBD8ABC-678D-4075-9093-9D0095F244CC} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {70102DE2-72DC-4ADA-A624-DAA27D5E8597} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2014-03-03] (Acer Incorporated)
Task: {B6B08135-C427-4A82-B3D6-8D94A22B4513} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-03-12] (Acer)
Task: {D5097D67-04A3-40EB-BB76-CADC5FB69BCB} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {DA48DF27-9CC7-4924-BE56-DBA366D86E90} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E588BCAF-49E7-470C-B42E-42FA50D4B722} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-05-09] (Acer Incorporated)
Task: {EA335C60-1A77-4389-8F97-2D6B7C2315A8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-26] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-09 20:38 - 2012-04-24 12:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-12-24 02:22 - 2013-12-24 02:22 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-12-24 02:20 - 2013-12-24 02:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-12-24 02:26 - 2013-12-24 02:26 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-03-04 16:59 - 2015-03-04 16:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2015-03-04 16:59 - 2015-03-04 16:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-03-31 17:28 - 2015-03-31 17:28 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-03-12 14:10 - 2015-03-12 14:10 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-07-01 01:57 - 2014-07-01 01:57 - 00279296 _____ () C:\Program Files (x86)\Acer\AcerCloud Docs\libcurl.dll
2015-03-09 10:59 - 2015-03-09 10:59 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-03-09 11:00 - 2015-03-09 11:00 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-03-09 11:00 - 2015-03-09 11:00 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-03-09 11:00 - 2015-03-09 11:00 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-03-04 16:59 - 2015-03-04 16:59 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2014-10-09 20:19 - 2013-09-16 06:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2403373867-418344544-55061293-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1 - 193.189.244.202

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2403373867-418344544-55061293-500 - Administrator - Disabled)
Gast (S-1-5-21-2403373867-418344544-55061293-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2403373867-418344544-55061293-1003 - Limited - Enabled)
MEINS (S-1-5-21-2403373867-418344544-55061293-1001 - Administrator - Enabled) => C:\Users\MEINS

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 23%
Total physical RAM: 8001.51 MB
Available physical RAM: 6141.91 MB
Total Pagefile: 9921.51 MB
Available Pagefile: 7974.44 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:456 GB) (Free:414.47 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.51 GB) (Free:456.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 72E96B23)

Partition: GPT Partition Type.

==================== End Of Log ============================

Ich hoffe, dass es so jetzt richtig ist. Vielen Dank nochmal.

M-K-D-B · 02.04.2015, 13:07

Servus,

Zitat:

Trojan.Autoit, C:\Users\MEINS\Desktop\AdwCleaner_4.200.exe, In Quarantäne, [3c8f75f2f99182b42fe3bb849072d22e],

Das ist ein Fehlalarm von MBAM...

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
FF Homepage: hxxp://homepage-web.com/?s=acer&m=start
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:filefind
*pokki*

:folderfind
*pokki*

:regfind
pokki
homepage-web.com
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von SystemLook,
die beiden neuen Logdateien von FRST.

Maporo · 02.04.2015, 13:44

Hallo Matthias,
an dieser Stelle schon mal vielen, vielen Dank. Beim Öffnen des Browsers erscheint die Nachricht schon mal nicht mehr. Super, dass es solche Hilfen wie Eure gibt!!!!

Anbei noch die gewünschten Dateien:
1) Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by MEINS at 2015-04-02 14:30:40 Run:1
Running from C:\Users\MEINS\Desktop
Loaded Profiles: MEINS (Available profiles: MEINS)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
FF Homepage: hxxp://homepage-web.com/?s=acer&m=start
EmptyTemp:
end
*****************

Processes closed successfully.
Firefox newtab deleted successfully.
Firefox homepage deleted successfully.
EmptyTemp: => Removed 341.3 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 14:30:42 ====

2) SystemLook

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 14:34 on 02/04/2015 by MEINS
Administrator - Elevation successful

========== filefind ==========

Searching for "*pokki*"
C:\ProgramData\Pokki\Pokki Start Menu.lnk	--a---- 2166 bytes	[16:06 17/01/2014]	[16:06 17/01/2014] 429B98F9B8CD93423C2C639E3BF12560
C:\Users\All Users\Pokki\Pokki Start Menu.lnk	--a---- 2166 bytes	[16:06 17/01/2014]	[16:06 17/01/2014] 429B98F9B8CD93423C2C639E3BF12560
C:\Users\Default\AppData\Local\Pokki\Engine\libPokki.dll	--a---- 49324544 bytes	[18:46 09/10/2014]	[19:10 29/04/2014] 99EBD057BADEAF5F4A2A3573B7190DEA
C:\Users\Default\AppData\Local\Pokki\Engine\sysapps\notifications\assets\scripts\platform\templates\pokkiApp.handlebars	--a---- 511 bytes	[18:46 09/10/2014]	[16:06 17/01/2014] 9FBCA64AA76DF50BE494A33C3EBC8E18
C:\Users\Default\AppData\Local\Pokki\Engine\sysapps\notifications\assets\scripts\platform\views\pokkiApp.js	--a---- 4908 bytes	[18:46 09/10/2014]	[18:21 24/02/2014] D382AE873AB82AE575910EF79F8EF018
C:\Users\Default\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\js\pokkistore.js	--a---- 594 bytes	[18:46 09/10/2014]	[16:07 17/01/2014] 16FCB9D66D5E7D25F0A59D7AF809A306
C:\Users\Default\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\js\lib\pokkiHelper.js	--a---- 6470 bytes	[18:46 09/10/2014]	[16:07 17/01/2014] 82C56D3875D29FAF35867873F0761526
C:\Users\Default\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\js\lib\pokkiHostedFramework-2.1.1.js	--a---- 19835 bytes	[18:46 09/10/2014]	[16:07 17/01/2014] 7D60EFD1316202268585B90D28845883
C:\Users\Default\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\js\lib\pokkiHostedFramework-2.1.1.min.js	--a---- 9448 bytes	[18:46 09/10/2014]	[16:06 17/01/2014] 80A4C29A34DA7768DDFC978E0777E53C
C:\Users\MEINS\AppData\Local\Pokki\Engine\libPokki.dll	--a---- 49324032 bytes	[17:19 19/03/2015]	[17:19 19/03/2015] 6BD438DB60DE50F5C21B28B2AA2266D3
C:\Users\MEINS\AppData\Local\Pokki\Engine\sysapps\notifications\assets\scripts\platform\templates\pokkiApp.handlebars	--a---- 511 bytes	[04:07 04/01/2015]	[04:07 04/01/2015] 9FBCA64AA76DF50BE494A33C3EBC8E18
C:\Users\MEINS\AppData\Local\Pokki\Engine\sysapps\notifications\assets\scripts\platform\views\pokkiApp.js	--a---- 4908 bytes	[04:07 04/01/2015]	[04:07 04/01/2015] D382AE873AB82AE575910EF79F8EF018
C:\Users\MEINS\AppData\Local\Pokki\Pokkies\installed_pokkies.db	--a---- 7168 bytes	[15:17 31/03/2015]	[09:05 02/04/2015] 9A1E5928FE74008A9CA746D00F409998
C:\Users\MEINS\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\0b58b62e0b6796431f68bebf7ecc5506382a4481\js\pokkistore.js	--a---- 594 bytes	[07:53 01/04/2015]	[07:53 01/04/2015] 16FCB9D66D5E7D25F0A59D7AF809A306
C:\Users\MEINS\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\0b58b62e0b6796431f68bebf7ecc5506382a4481\js\lib\pokkiHelper.js	--a---- 6470 bytes	[07:53 01/04/2015]	[07:53 01/04/2015] 82C56D3875D29FAF35867873F0761526
C:\Users\MEINS\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\0b58b62e0b6796431f68bebf7ecc5506382a4481\js\lib\pokkiHostedFramework-2.1.1.js	--a---- 19835 bytes	[07:53 01/04/2015]	[07:53 01/04/2015] 7D60EFD1316202268585B90D28845883
C:\Users\MEINS\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\0b58b62e0b6796431f68bebf7ecc5506382a4481\js\lib\pokkiHostedFramework-2.1.1.min.js	--a---- 9448 bytes	[07:53 01/04/2015]	[07:53 01/04/2015] 80A4C29A34DA7768DDFC978E0777E53C
C:\Users\MEINS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk	--a---- 2166 bytes	[15:12 31/03/2015]	[16:06 17/01/2014] 429B98F9B8CD93423C2C639E3BF12560
C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk	--a---- 2159 bytes	[15:17 31/03/2015]	[15:17 31/03/2015] ABB77E4CC5374F746C7B22D99C041F59

========== folderfind ==========

Searching for "*pokki*"
C:\ProgramData\Pokki	d------	[18:46 09/10/2014]
C:\Users\All Users\Pokki	d------	[18:46 09/10/2014]
C:\Users\Default\AppData\Local\Pokki	d------	[18:46 09/10/2014]
C:\Users\Default\AppData\Local\Pokki\Pokkies	d------	[18:46 09/10/2014]
C:\Users\MEINS\AppData\Local\Pokki	d------	[15:12 31/03/2015]
C:\Users\MEINS\AppData\Local\Pokki\Pokkies	d------	[15:12 31/03/2015]
C:\Users\Public\Pokki	d------	[15:18 31/03/2015]

========== regfind ==========

Searching for "pokki"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"DisplayName"="Pokki Start Menu"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"DisplayIcon"=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe",6"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"Publisher"="Pokki"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"UninstallString"=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /UNINSTALLMENU"
[HKEY_CURRENT_USER\Software\Classes\AllFileSystemObjects\shell\pokki]
[HKEY_CURRENT_USER\Software\Classes\AllFileSystemObjects\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_CURRENT_USER\Software\Classes\Directory\shell\pokki]
[HKEY_CURRENT_USER\Software\Classes\Directory\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_CURRENT_USER\Software\Classes\Drive\shell\pokki]
[HKEY_CURRENT_USER\Software\Classes\Drive\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_CURRENT_USER\Software\Classes\lnkfile\shell\pokki]
[HKEY_CURRENT_USER\Software\Classes\lnkfile\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn]
"SBOEM2"="%ALLUSERSPROFILE%\Pokki\Pokki Start Menu.lnk"
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"DisplayName"="Pokki Start Menu"
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"DisplayIcon"=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe",6"
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"Publisher"="Pokki"
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"UninstallString"=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /UNINSTALLMENU"
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\AllFileSystemObjects\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\AllFileSystemObjects\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\Directory\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\Directory\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\Drive\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\Drive\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\lnkfile\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\lnkfile\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\AllFileSystemObjects\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\AllFileSystemObjects\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\Directory\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\Directory\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\Drive\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\Drive\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\lnkfile\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\lnkfile\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""

Searching for "homepage-web.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://homepage-web.com/?s=acer&m=start"
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://homepage-web.com/?s=acer&m=start"

-= EOF =-

3) FRST

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 14:34 on 02/04/2015 by MEINS
Administrator - Elevation successful

========== filefind ==========

Searching for "*pokki*"
C:\ProgramData\Pokki\Pokki Start Menu.lnk	--a---- 2166 bytes	[16:06 17/01/2014]	[16:06 17/01/2014] 429B98F9B8CD93423C2C639E3BF12560
C:\Users\All Users\Pokki\Pokki Start Menu.lnk	--a---- 2166 bytes	[16:06 17/01/2014]	[16:06 17/01/2014] 429B98F9B8CD93423C2C639E3BF12560
C:\Users\Default\AppData\Local\Pokki\Engine\libPokki.dll	--a---- 49324544 bytes	[18:46 09/10/2014]	[19:10 29/04/2014] 99EBD057BADEAF5F4A2A3573B7190DEA
C:\Users\Default\AppData\Local\Pokki\Engine\sysapps\notifications\assets\scripts\platform\templates\pokkiApp.handlebars	--a---- 511 bytes	[18:46 09/10/2014]	[16:06 17/01/2014] 9FBCA64AA76DF50BE494A33C3EBC8E18
C:\Users\Default\AppData\Local\Pokki\Engine\sysapps\notifications\assets\scripts\platform\views\pokkiApp.js	--a---- 4908 bytes	[18:46 09/10/2014]	[18:21 24/02/2014] D382AE873AB82AE575910EF79F8EF018
C:\Users\Default\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\js\pokkistore.js	--a---- 594 bytes	[18:46 09/10/2014]	[16:07 17/01/2014] 16FCB9D66D5E7D25F0A59D7AF809A306
C:\Users\Default\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\js\lib\pokkiHelper.js	--a---- 6470 bytes	[18:46 09/10/2014]	[16:07 17/01/2014] 82C56D3875D29FAF35867873F0761526
C:\Users\Default\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\js\lib\pokkiHostedFramework-2.1.1.js	--a---- 19835 bytes	[18:46 09/10/2014]	[16:07 17/01/2014] 7D60EFD1316202268585B90D28845883
C:\Users\Default\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\js\lib\pokkiHostedFramework-2.1.1.min.js	--a---- 9448 bytes	[18:46 09/10/2014]	[16:06 17/01/2014] 80A4C29A34DA7768DDFC978E0777E53C
C:\Users\MEINS\AppData\Local\Pokki\Engine\libPokki.dll	--a---- 49324032 bytes	[17:19 19/03/2015]	[17:19 19/03/2015] 6BD438DB60DE50F5C21B28B2AA2266D3
C:\Users\MEINS\AppData\Local\Pokki\Engine\sysapps\notifications\assets\scripts\platform\templates\pokkiApp.handlebars	--a---- 511 bytes	[04:07 04/01/2015]	[04:07 04/01/2015] 9FBCA64AA76DF50BE494A33C3EBC8E18
C:\Users\MEINS\AppData\Local\Pokki\Engine\sysapps\notifications\assets\scripts\platform\views\pokkiApp.js	--a---- 4908 bytes	[04:07 04/01/2015]	[04:07 04/01/2015] D382AE873AB82AE575910EF79F8EF018
C:\Users\MEINS\AppData\Local\Pokki\Pokkies\installed_pokkies.db	--a---- 7168 bytes	[15:17 31/03/2015]	[09:05 02/04/2015] 9A1E5928FE74008A9CA746D00F409998
C:\Users\MEINS\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\0b58b62e0b6796431f68bebf7ecc5506382a4481\js\pokkistore.js	--a---- 594 bytes	[07:53 01/04/2015]	[07:53 01/04/2015] 16FCB9D66D5E7D25F0A59D7AF809A306
C:\Users\MEINS\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\0b58b62e0b6796431f68bebf7ecc5506382a4481\js\lib\pokkiHelper.js	--a---- 6470 bytes	[07:53 01/04/2015]	[07:53 01/04/2015] 82C56D3875D29FAF35867873F0761526
C:\Users\MEINS\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\0b58b62e0b6796431f68bebf7ecc5506382a4481\js\lib\pokkiHostedFramework-2.1.1.js	--a---- 19835 bytes	[07:53 01/04/2015]	[07:53 01/04/2015] 7D60EFD1316202268585B90D28845883
C:\Users\MEINS\AppData\Local\Pokki\Pokkies\f22abfeae27a67446927d078890381efc546d3e1\0b58b62e0b6796431f68bebf7ecc5506382a4481\js\lib\pokkiHostedFramework-2.1.1.min.js	--a---- 9448 bytes	[07:53 01/04/2015]	[07:53 01/04/2015] 80A4C29A34DA7768DDFC978E0777E53C
C:\Users\MEINS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk	--a---- 2166 bytes	[15:12 31/03/2015]	[16:06 17/01/2014] 429B98F9B8CD93423C2C639E3BF12560
C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk	--a---- 2159 bytes	[15:17 31/03/2015]	[15:17 31/03/2015] ABB77E4CC5374F746C7B22D99C041F59

========== folderfind ==========

Searching for "*pokki*"
C:\ProgramData\Pokki	d------	[18:46 09/10/2014]
C:\Users\All Users\Pokki	d------	[18:46 09/10/2014]
C:\Users\Default\AppData\Local\Pokki	d------	[18:46 09/10/2014]
C:\Users\Default\AppData\Local\Pokki\Pokkies	d------	[18:46 09/10/2014]
C:\Users\MEINS\AppData\Local\Pokki	d------	[15:12 31/03/2015]
C:\Users\MEINS\AppData\Local\Pokki\Pokkies	d------	[15:12 31/03/2015]
C:\Users\Public\Pokki	d------	[15:18 31/03/2015]

========== regfind ==========

Searching for "pokki"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"DisplayName"="Pokki Start Menu"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"DisplayIcon"=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe",6"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"Publisher"="Pokki"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"UninstallString"=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /UNINSTALLMENU"
[HKEY_CURRENT_USER\Software\Classes\AllFileSystemObjects\shell\pokki]
[HKEY_CURRENT_USER\Software\Classes\AllFileSystemObjects\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_CURRENT_USER\Software\Classes\Directory\shell\pokki]
[HKEY_CURRENT_USER\Software\Classes\Directory\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_CURRENT_USER\Software\Classes\Drive\shell\pokki]
[HKEY_CURRENT_USER\Software\Classes\Drive\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_CURRENT_USER\Software\Classes\lnkfile\shell\pokki]
[HKEY_CURRENT_USER\Software\Classes\lnkfile\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn]
"SBOEM2"="%ALLUSERSPROFILE%\Pokki\Pokki Start Menu.lnk"
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"DisplayName"="Pokki Start Menu"
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"DisplayIcon"=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe",6"
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"Publisher"="Pokki"
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu]
"UninstallString"=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /UNINSTALLMENU"
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\AllFileSystemObjects\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\AllFileSystemObjects\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\Directory\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\Directory\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\Drive\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\Drive\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\lnkfile\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Classes\lnkfile\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\AllFileSystemObjects\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\AllFileSystemObjects\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\Directory\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\Directory\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\Drive\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\Drive\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\lnkfile\shell\pokki]
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001_Classes\lnkfile\shell\pokki\command]
@=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /ADDFAVORITE"%1""

Searching for "homepage-web.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://homepage-web.com/?s=acer&m=start"
[HKEY_USERS\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://homepage-web.com/?s=acer&m=start"

-= EOF =-

und noch

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by MEINS at 2015-04-02 14:37:13
Running from C:\Users\MEINS\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.06.2002.1 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.07.2004.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.02.2003.0 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3013 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.05.2003 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8107 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.05.2004.0 - Acer Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5320 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Farm to Fork Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{F74C595C-BEF2-4AF9-9C4E-68F3CD509C4D}) (Version: 6.0.120.609 - Foxit Corporation)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 11.0.0.7 - WildTangent, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8104 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-2403373867-418344544-55061293-1001\...\Pokki_Start_Menu) (Version: 0.269.7.573 - Pokki)
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.25 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.51 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2403373867-418344544-55061293-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

31-03-2015 17:45:39 Installed iTunes

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {270BCC18-85E8-4D33-9A18-E0E96B9E64CA} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {284BEF01-9553-4ABC-A548-81AB06FE4B90} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {4A589C09-8DF0-49DA-ADA0-8DCF74A3F31B} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {528470DD-1A76-4760-9A76-40B79DFAB677} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {54580F8C-8817-44DA-8822-043F148B66B5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5DBD8ABC-678D-4075-9093-9D0095F244CC} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {70102DE2-72DC-4ADA-A624-DAA27D5E8597} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2014-03-03] (Acer Incorporated)
Task: {B6B08135-C427-4A82-B3D6-8D94A22B4513} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-03-12] (Acer)
Task: {D5097D67-04A3-40EB-BB76-CADC5FB69BCB} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {DA48DF27-9CC7-4924-BE56-DBA366D86E90} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E588BCAF-49E7-470C-B42E-42FA50D4B722} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-05-09] (Acer Incorporated)
Task: {EA335C60-1A77-4389-8F97-2D6B7C2315A8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-26] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-09 20:38 - 2012-04-24 12:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-12-24 02:22 - 2013-12-24 02:22 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-12-24 02:20 - 2013-12-24 02:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-12-24 02:26 - 2013-12-24 02:26 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-03-04 16:59 - 2015-03-04 16:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2015-03-04 16:59 - 2015-03-04 16:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-03-31 17:28 - 2015-03-31 17:28 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-03-12 14:10 - 2015-03-12 14:10 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-07-01 01:57 - 2014-07-01 01:57 - 00279296 _____ () C:\Program Files (x86)\Acer\AcerCloud Docs\libcurl.dll
2015-03-09 10:59 - 2015-03-09 10:59 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-03-09 11:00 - 2015-03-09 11:00 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-03-09 11:00 - 2015-03-09 11:00 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-03-09 11:00 - 2015-03-09 11:00 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-03-04 16:59 - 2015-03-04 16:59 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2014-10-09 20:19 - 2013-09-16 06:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2403373867-418344544-55061293-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1 - 193.189.244.202

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2403373867-418344544-55061293-500 - Administrator - Disabled)
Gast (S-1-5-21-2403373867-418344544-55061293-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2403373867-418344544-55061293-1003 - Limited - Enabled)
MEINS (S-1-5-21-2403373867-418344544-55061293-1001 - Administrator - Enabled) => C:\Users\MEINS

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (04/02/2015 02:33:41 PM) (Source: DCOM) (EventID: 10016) (User: Wurstebrot)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}WurstebrotMEINSS-1-5-21-2403373867-418344544-55061293-1001LocalHost (unter Verwendung von LRPC)Microsoft.BingWeather_3.0.4.298_x64__8wekyb3d8bbweS-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330

Error: (04/02/2015 02:30:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "McAfee SiteAdvisor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/02/2015 02:30:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/02/2015 02:30:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/02/2015 02:30:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "User Experience Improvement Program" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/02/2015 02:30:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/02/2015 02:30:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/02/2015 02:30:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Quick Access Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/02/2015 02:30:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/02/2015 02:30:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GamesAppIntegrationService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 24%
Total physical RAM: 8001.51 MB
Available physical RAM: 6036.81 MB
Total Pagefile: 9921.51 MB
Available Pagefile: 7897.54 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:456 GB) (Free:414.64 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.51 GB) (Free:456.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 72E96B23)

Partition: GPT Partition Type.

==================== End Of Log ============================

Grüße
Maporo

M-K-D-B · 02.04.2015, 20:28

Servus,

du hast zweimal die Logdatei von SystemLook gepostet.

poste bitte noch die aktuelle FRST.txt, dann kann es weitergehen.

Maporo · 02.04.2015, 23:16

Upps. Sorry. das müsste jetzt die richtige sein. VG

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by MEINS (administrator) on WURSTEBROT on 02-04-2015 14:36:41
Running from C:\Users\MEINS\Desktop
Loaded Profiles: MEINS (Available profiles: MEINS)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65280 2015-03-12] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2015-03-04] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] ( (Atheros Communications))
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start
HKU\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2403373867-418344544-55061293-1001 -> {88BC956D-FB63-4107-8C65-46F6A9B4F5E4} URL = 
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194

FireFox:
========
FF ProfilePath: C:\Users\MEINS\AppData\Roaming\Mozilla\Firefox\Profiles\3jyn58bg.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-03-31] ()
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-07-14]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-14]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-31]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2840832 2015-03-12] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-03-31] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-30] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
U3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 14:36 - 2015-04-02 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-02 14:34 - 2015-04-02 14:36 - 00018710 _____ () C:\Users\MEINS\Desktop\SystemLook.txt
2015-04-02 14:33 - 2015-04-02 14:33 - 00165376 _____ () C:\Users\MEINS\Desktop\SystemLook_x64.exe
2015-04-02 13:43 - 2015-04-02 14:36 - 00017223 _____ () C:\Users\MEINS\Desktop\FRST.txt
2015-04-02 13:43 - 2015-04-02 13:43 - 00017842 _____ () C:\Users\MEINS\Desktop\Addition.txt
2015-04-02 13:42 - 2015-04-02 13:42 - 00000761 _____ () C:\Users\MEINS\Desktop\JRT.txt
2015-04-02 13:39 - 2015-04-02 13:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WURSTEBROT-Windows-8.1-(64-bit).dat
2015-04-02 13:39 - 2015-04-02 13:39 - 00000000 ____D () C:\RegBackup
2015-04-02 13:38 - 2015-04-02 13:38 - 02690981 _____ (Thisisu) C:\Users\MEINS\Desktop\JRT.exe
2015-04-02 13:35 - 2015-04-02 13:35 - 00001269 _____ () C:\Users\MEINS\Desktop\mbam.txt
2015-04-02 13:22 - 2015-04-02 14:31 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-02 13:21 - 2015-04-02 13:21 - 00000923 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-02 13:21 - 2015-04-02 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-02 13:21 - 2015-04-02 13:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-02 13:21 - 2015-04-02 13:21 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-04-02 13:21 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-02 13:21 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-02 13:21 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-02 13:19 - 2015-04-02 13:19 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\MEINS\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-02 13:16 - 2015-04-02 13:16 - 00001991 _____ () C:\Users\MEINS\Desktop\AdwCleaner[S0].txt
2015-04-02 13:13 - 2015-04-02 13:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-02 13:13 - 2015-04-02 13:13 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-02 13:08 - 2015-04-02 13:09 - 00000000 ____D () C:\AdwCleaner
2015-04-02 12:35 - 2015-04-02 12:38 - 00029269 _____ () C:\Users\MEINS\Downloads\Addition.txt
2015-04-02 12:34 - 2015-04-02 14:36 - 00000000 ____D () C:\FRST
2015-04-02 12:34 - 2015-04-02 12:38 - 00036483 _____ () C:\Users\MEINS\Downloads\FRST.txt
2015-04-02 12:31 - 2015-04-02 12:31 - 02095616 _____ (Farbar) C:\Users\MEINS\Desktop\FRST64.exe
2015-04-02 12:30 - 2015-04-02 12:31 - 00000472 _____ () C:\Users\MEINS\Downloads\defogger_disable.log
2015-04-02 12:30 - 2015-04-02 12:30 - 00000000 _____ () C:\Users\MEINS\defogger_reenable
2015-04-02 12:29 - 2015-04-02 12:30 - 00050477 _____ () C:\Users\MEINS\Desktop\Defogger.exe
2015-04-02 11:52 - 2015-04-02 11:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-04-02 11:52 - 2015-04-02 11:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-04-02 11:45 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-04-02 11:42 - 2015-04-02 11:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-02 11:41 - 2015-02-26 21:14 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-02 11:32 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2015-04-02 11:32 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-04-02 11:32 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2015-04-02 11:31 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-04-02 11:31 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-04-02 11:31 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-04-02 11:31 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-04-02 11:31 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-04-02 11:31 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-04-02 11:31 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-04-02 11:31 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-04-02 11:31 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-04-02 11:31 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-04-02 11:31 - 2014-11-10 04:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2015-04-02 11:31 - 2014-11-10 03:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-04-02 11:31 - 2014-10-31 01:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-02 11:31 - 2014-10-31 01:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-04-02 11:31 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-04-02 11:29 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-02 11:29 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-02 11:29 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-02 11:29 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-02 11:29 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-02 11:29 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-02 11:29 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-02 11:29 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-02 11:29 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-02 11:29 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-02 11:29 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-02 11:29 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-02 11:29 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-02 11:29 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-02 11:29 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-04-02 11:29 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-04-02 11:29 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-04-02 11:29 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-04-02 11:29 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-04-02 11:29 - 2015-01-16 00:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-02 11:29 - 2015-01-16 00:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-02 11:29 - 2015-01-14 06:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-04-02 11:29 - 2015-01-14 05:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-04-02 11:29 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-02 11:29 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-02 11:29 - 2014-12-13 23:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-04-02 11:29 - 2014-12-13 23:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-04-02 11:29 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-02 11:29 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-02 11:29 - 2014-12-09 03:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-02 11:29 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-02 11:29 - 2014-10-29 04:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-02 11:29 - 2014-10-29 04:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-02 11:29 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-02 11:29 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-02 11:29 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-02 11:29 - 2014-10-29 04:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-02 11:29 - 2014-10-29 04:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-02 11:29 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-04-02 11:29 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-04-02 11:29 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-04-02 11:29 - 2014-10-29 03:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-02 11:29 - 2014-10-29 03:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-04-02 11:29 - 2014-10-29 03:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-04-02 11:29 - 2014-10-29 03:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-04-02 11:29 - 2014-10-29 03:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-04-02 11:29 - 2014-10-13 04:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-04-02 11:29 - 2014-10-11 02:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-04-02 11:29 - 2014-10-11 02:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-04-02 11:29 - 2014-10-08 09:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-04-02 11:29 - 2014-10-08 09:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-04-02 11:29 - 2014-10-08 08:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-04-02 11:29 - 2014-09-27 09:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-04-02 11:29 - 2014-09-27 07:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-04-02 11:29 - 2014-09-27 05:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-04-02 11:29 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-02 11:29 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-02 11:29 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-04-02 11:29 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-04-02 11:29 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-04-02 11:29 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-04-02 11:29 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-04-02 11:29 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-04-02 11:29 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-04-02 11:28 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-02 11:28 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-04-02 11:28 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-04-02 11:28 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-04-02 11:28 - 2015-01-30 05:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-04-02 11:28 - 2015-01-30 05:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-04-02 11:28 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-04-02 11:28 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-04-02 11:28 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-04-02 11:28 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-04-02 11:28 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-04-02 11:28 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-04-02 11:28 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-04-02 11:28 - 2014-12-19 08:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-02 11:28 - 2014-12-12 04:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-02 11:28 - 2014-12-12 02:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-04-02 11:28 - 2014-10-29 04:46 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-04-02 11:28 - 2014-10-29 04:46 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-04-02 11:28 - 2014-10-29 04:45 - 01198080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-04-02 11:28 - 2014-10-29 04:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2015-04-02 11:28 - 2014-10-29 04:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-04-02 11:28 - 2014-10-29 04:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2015-04-02 11:28 - 2014-10-29 04:03 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2015-04-02 11:28 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2015-04-02 11:28 - 2014-10-29 03:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2015-04-02 11:28 - 2014-10-29 03:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-04-02 11:28 - 2014-10-29 03:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2015-04-02 11:28 - 2014-10-29 03:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2015-04-02 11:28 - 2014-10-29 03:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2015-04-02 11:28 - 2014-10-29 03:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-04-02 11:28 - 2014-10-29 03:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2015-04-02 11:28 - 2014-10-29 02:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2015-04-02 11:28 - 2014-10-29 02:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2015-04-02 11:28 - 2014-10-29 02:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2015-04-02 11:28 - 2014-10-29 02:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2015-04-02 11:28 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-04-02 11:28 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-04-02 11:28 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-04-02 11:28 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-04-02 11:28 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2015-04-02 11:28 - 2014-08-16 06:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2015-04-02 11:28 - 2014-08-16 05:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-02 11:28 - 2014-08-16 05:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2015-04-02 11:28 - 2014-08-16 03:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-02 11:28 - 2014-08-16 03:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2015-04-02 11:28 - 2014-08-16 02:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-04-02 11:28 - 2014-08-16 02:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2015-04-02 11:28 - 2014-08-16 02:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2015-04-02 11:28 - 2014-08-16 02:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2015-04-02 11:28 - 2014-08-16 02:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2015-04-02 11:28 - 2014-08-16 02:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2015-04-02 11:28 - 2014-08-16 02:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-04-02 11:28 - 2014-08-16 02:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2015-04-02 11:28 - 2014-08-16 02:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2015-04-02 11:28 - 2014-08-16 02:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-04-02 11:28 - 2014-08-16 02:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2015-04-02 11:28 - 2014-08-16 02:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-04-02 11:28 - 2014-08-16 02:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2015-04-02 11:28 - 2014-08-16 02:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2015-04-02 11:28 - 2014-08-16 02:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-02 11:28 - 2014-08-16 02:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2015-04-02 11:28 - 2014-08-16 02:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2015-04-02 11:28 - 2014-08-16 02:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-04-02 11:28 - 2014-08-16 02:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-02 11:28 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-04-02 11:28 - 2014-07-24 17:28 - 00468288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-04-02 11:28 - 2014-07-24 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2015-04-02 11:28 - 2014-07-24 12:09 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-04-02 11:28 - 2014-07-24 11:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-04-02 11:28 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2015-04-02 11:28 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-04-02 11:28 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2015-04-02 11:28 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-04-02 11:28 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-04-02 11:28 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-04-02 11:27 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-02 11:27 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-02 11:27 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-02 11:27 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-04-02 11:27 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-02 11:27 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-02 11:27 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-02 11:27 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-02 11:27 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-02 11:27 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-02 11:27 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-02 11:27 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-02 11:27 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-02 11:27 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-02 11:27 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-04-02 11:27 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-02 11:27 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-02 11:27 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-02 11:27 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-02 11:27 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-02 11:27 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-04-02 11:27 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-02 11:27 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-02 11:27 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-02 11:27 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-02 11:27 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-02 11:27 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-02 11:27 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-04-02 11:27 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-02 11:27 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-04-02 11:27 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-02 11:27 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-02 11:27 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-02 11:27 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-02 11:27 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-02 11:27 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-02 11:27 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-02 11:27 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-02 11:27 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-04-02 11:27 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-04-02 11:27 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-04-02 11:27 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-04-02 11:27 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-04-02 11:27 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-04-02 11:27 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-04-02 11:27 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-04-02 11:27 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-02 11:27 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-02 11:27 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-02 11:27 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-04-02 11:27 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-04-02 11:27 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-02 11:27 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-02 11:27 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-02 11:27 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-02 11:27 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-04-02 11:27 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-04-02 11:27 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-02 11:27 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-02 11:27 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-04-02 11:27 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-02 11:27 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-02 11:27 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-02 11:27 - 2015-01-12 03:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-02 11:27 - 2014-12-06 05:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-02 11:27 - 2014-12-06 03:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-02 11:27 - 2014-11-22 04:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-02 11:27 - 2014-11-22 04:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-02 11:27 - 2014-10-31 07:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-04-02 11:27 - 2014-10-31 07:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-02 11:27 - 2014-10-31 07:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-04-02 11:27 - 2014-10-31 07:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-04-02 11:27 - 2014-10-31 07:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-02 11:27 - 2014-10-31 07:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-02 11:27 - 2014-10-31 07:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-02 11:27 - 2014-10-31 07:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-02 11:27 - 2014-10-31 06:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-02 11:27 - 2014-10-31 06:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-02 11:27 - 2014-10-31 06:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-04-02 11:27 - 2014-10-31 06:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-02 11:27 - 2014-10-31 06:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2015-04-02 11:27 - 2014-10-31 06:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-02 11:27 - 2014-10-31 06:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-02 11:27 - 2014-10-31 06:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-04-02 11:27 - 2014-10-31 06:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-02 11:27 - 2014-10-31 06:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-04-02 11:27 - 2014-10-31 06:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-04-02 11:27 - 2014-10-31 06:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-04-02 11:27 - 2014-10-31 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-02 11:27 - 2014-10-31 06:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-02 11:27 - 2014-10-31 06:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-04-02 11:27 - 2014-10-31 05:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-04-02 11:27 - 2014-10-31 05:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-04-02 11:27 - 2014-10-31 05:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-02 11:27 - 2014-10-31 05:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-04-02 11:27 - 2014-10-31 05:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-04-02 11:27 - 2014-10-31 05:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-02 11:27 - 2014-10-31 05:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-02 11:27 - 2014-10-31 05:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-02 11:27 - 2014-10-31 05:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-02 11:27 - 2014-10-31 05:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-02 11:27 - 2014-10-31 05:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-02 11:27 - 2014-10-31 05:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-04-02 11:27 - 2014-10-31 05:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-02 11:27 - 2014-10-31 05:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2015-04-02 11:27 - 2014-10-31 05:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-02 11:27 - 2014-10-31 05:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-02 11:27 - 2014-10-31 05:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-04-02 11:27 - 2014-10-31 04:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-02 11:27 - 2014-10-31 04:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-04-02 11:27 - 2014-10-31 04:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-04-02 11:27 - 2014-10-31 04:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-04-02 11:27 - 2014-10-31 04:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-02 11:27 - 2014-10-31 04:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-02 11:27 - 2014-10-31 04:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-04-02 11:27 - 2014-10-31 04:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-04-02 11:27 - 2014-10-31 04:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-04-02 11:27 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-04-02 11:27 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-04-02 11:27 - 2014-10-29 04:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-04-02 11:27 - 2014-10-29 04:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2015-04-02 11:27 - 2014-10-29 04:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-02 11:27 - 2014-10-29 04:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-02 11:27 - 2014-10-29 03:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-02 11:27 - 2014-10-29 03:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-04-02 11:27 - 2014-10-29 03:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2015-04-02 11:27 - 2014-10-29 03:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-02 11:27 - 2014-10-29 03:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-02 11:27 - 2014-10-29 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-02 11:27 - 2014-10-29 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-04-02 11:27 - 2014-10-29 03:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-02 11:27 - 2014-10-29 03:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-02 11:27 - 2014-10-29 03:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-04-02 11:27 - 2014-10-29 02:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2015-04-02 11:27 - 2014-10-29 02:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-04-02 11:27 - 2014-10-23 07:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-04-02 11:27 - 2014-10-23 07:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-04-02 11:27 - 2014-10-13 04:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-04-02 11:27 - 2014-10-13 04:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-04-02 11:27 - 2014-10-13 04:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-04-02 11:27 - 2014-10-13 04:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-04-02 11:27 - 2014-08-23 07:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-02 11:27 - 2014-08-23 07:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-02 11:27 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-04-02 11:27 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-04-02 11:27 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2015-04-02 11:27 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2015-04-02 11:27 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2015-04-02 11:27 - 2014-05-31 12:07 - 00440664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-04-02 11:27 - 2014-05-31 12:07 - 00419672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-04-02 11:27 - 2014-05-31 12:07 - 00089944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-04-02 11:27 - 2014-05-31 12:07 - 00027480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-04-02 11:27 - 2014-05-31 08:30 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-04-02 11:27 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-04-02 11:27 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-04-02 11:27 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-04-02 11:27 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-04-02 11:27 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-04-02 11:27 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-04-02 11:27 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2015-04-02 11:27 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2015-04-02 11:27 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe
2015-04-02 11:27 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2015-04-02 11:27 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2015-04-02 11:27 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-04-02 11:27 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-04-02 11:27 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-02 11:26 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-02 11:26 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-02 11:26 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-04-02 11:26 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-04-02 11:26 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-02 11:26 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-02 11:26 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-02 11:26 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-02 11:26 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-04-02 11:26 - 2014-12-08 21:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-04-02 11:26 - 2014-12-08 21:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-04-02 11:26 - 2014-12-08 21:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-04-02 11:26 - 2014-12-08 21:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-04-02 11:26 - 2014-12-06 03:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-04-02 11:26 - 2014-11-10 01:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-02 11:26 - 2014-11-10 01:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-02 11:26 - 2014-11-10 01:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-02 11:26 - 2014-11-10 01:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-02 11:26 - 2014-10-31 00:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-04-02 11:26 - 2014-10-31 00:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-02 11:26 - 2014-10-29 06:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-04-02 11:26 - 2014-10-29 05:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-02 11:26 - 2014-10-29 05:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-02 11:26 - 2014-10-29 05:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-02 11:26 - 2014-10-29 05:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-02 11:26 - 2014-10-29 05:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-04-02 11:26 - 2014-10-29 05:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-04-02 11:26 - 2014-10-29 05:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-04-02 11:26 - 2014-10-29 05:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-04-02 11:26 - 2014-10-29 03:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-02 11:26 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-04-02 11:26 - 2014-05-01 15:31 - 00055328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys
2015-04-02 11:26 - 2014-05-01 07:24 - 02834944 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2015-04-02 11:25 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-04-02 11:25 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-04-02 11:25 - 2014-12-08 21:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-02 11:25 - 2014-12-08 21:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-02 11:25 - 2014-12-08 21:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-04-02 11:25 - 2014-12-08 21:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-04-02 11:25 - 2014-10-29 06:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-04-02 11:25 - 2014-10-29 05:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-04-02 11:25 - 2014-10-29 04:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-04-02 11:25 - 2014-10-29 03:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-04-02 11:25 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-04-02 11:25 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-04-02 11:25 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-04-02 11:25 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-04-02 11:25 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-04-02 11:25 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2015-04-02 11:25 - 2014-08-31 02:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-04-02 11:25 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2015-04-02 11:25 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2015-04-02 11:25 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-04-02 11:25 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2015-04-02 11:25 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-04-02 11:25 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-04-02 11:25 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-04-02 11:25 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-04-02 11:25 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-04-02 11:25 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-04-02 11:25 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-04-02 11:25 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-04-02 11:25 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-04-02 11:25 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-04-02 11:22 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-02 11:22 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-02 11:20 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-02 11:20 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2015-04-02 11:20 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-02 11:20 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-02 11:20 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-02 11:20 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-02 11:20 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-02 11:20 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2015-04-02 11:20 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2015-04-02 11:17 - 2015-04-02 11:17 - 00000000 ____D () C:\Users\Public\OEM
2015-04-01 17:09 - 2015-04-01 17:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-04-01 14:20 - 2015-04-02 11:03 - 00000000 ____D () C:\Users\MEINS\AppData\Local\CrashDumps
2015-04-01 10:00 - 2015-04-01 10:00 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Acer Aspire R7 Tutorial
2015-03-31 17:56 - 2015-03-31 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-31 17:55 - 2015-03-31 17:55 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-31 17:54 - 2015-03-31 17:54 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-03-31 17:53 - 2015-03-31 17:53 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Microsoft Help
2015-03-31 17:53 - 2015-03-31 17:53 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-31 17:53 - 2015-03-31 17:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-31 17:53 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-03-31 17:52 - 2015-04-02 11:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-31 17:52 - 2015-03-31 17:52 - 00000000 __RHD () C:\MSOCache
2015-03-31 17:48 - 2014-04-30 06:43 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-03-31 17:48 - 2014-04-30 06:26 - 01345536 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-03-31 17:48 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-03-31 17:46 - 2015-03-31 17:47 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Apple Computer
2015-03-31 17:46 - 2015-03-31 17:46 - 00001769 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-31 17:46 - 2015-03-31 17:46 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Apple Computer
2015-03-31 17:46 - 2015-03-31 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-31 17:46 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-03-31 17:45 - 2015-03-31 17:46 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-31 17:45 - 2015-03-31 17:46 - 00000000 ____D () C:\Program Files\iTunes
2015-03-31 17:45 - 2015-03-31 17:45 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Apple
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\ProgramData\Apple
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files\iPod
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-03-31 17:45 - 2015-03-31 17:45 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-31 17:37 - 2015-03-31 17:43 - 152428336 _____ (Apple Inc.) C:\Users\MEINS\Downloads\itunes6464setup.exe
2015-03-31 17:32 - 2015-03-31 17:33 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Mozilla
2015-03-31 17:32 - 2015-03-31 17:33 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Mozilla
2015-03-31 17:32 - 2015-03-31 17:32 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-31 17:32 - 2015-03-31 17:32 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-31 17:32 - 2015-03-31 17:32 - 00000000 ____D () C:\ProgramData\Mozilla
2015-03-31 17:32 - 2015-03-31 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-31 17:32 - 2015-03-31 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-31 17:29 - 2015-04-02 13:36 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8932EE2A-E9BC-4898-BDF2-60AAE71EB1D4}
2015-03-31 17:29 - 2015-03-31 17:29 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
2015-03-31 17:29 - 2015-03-31 17:29 - 00000000 __SHD () C:\Users\MEINS\AppData\Local\EmieUserList
2015-03-31 17:29 - 2015-03-31 17:29 - 00000000 __SHD () C:\Users\MEINS\AppData\Local\EmieSiteList
2015-03-31 17:28 - 2015-03-31 17:28 - 00002028 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
2015-03-31 17:26 - 2015-03-31 17:26 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk
2015-03-31 17:25 - 2015-03-31 17:25 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-03-31 17:24 - 2015-03-31 17:25 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\WildTangent
2015-03-31 17:23 - 2015-03-31 17:23 - 00002005 _____ () C:\Users\Public\Desktop\abPhoto.lnk
2015-03-31 17:23 - 2015-03-31 17:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-03-31 17:19 - 2015-04-02 13:58 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2403373867-418344544-55061293-1001
2015-03-31 17:19 - 2015-03-31 17:19 - 00001969 _____ () C:\Users\Public\Desktop\abDocs.lnk
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 ____D () C:\Users\Public\Pokki
2015-03-31 17:17 - 2015-04-01 09:53 - 00002330 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-03-31 17:17 - 2015-03-31 17:17 - 00002159 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2015-03-31 17:15 - 2015-04-02 11:20 - 00000000 ____D () C:\Users\MEINS\AppData\Local\clear.fi
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\PicStream
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\Documents\Bluetooth Folder
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Macromedia
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Atheros
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Users\MEINS\AppData\Local\BMExplorer
2015-03-31 17:15 - 2015-03-31 17:15 - 00000000 ____D () C:\Program Files (x86)\OEM
2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\Windows\oem
2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\Users\MEINS\AppData\Local\iGware
2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\Users\MEINS\AppData\Local\AOP SDK
2015-03-31 17:12 - 2015-04-02 12:30 - 00000000 ____D () C:\Users\MEINS
2015-03-31 17:12 - 2015-04-02 12:14 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Packages
2015-03-31 17:12 - 2015-04-02 11:00 - 00000000 ____D () C:\Users\MEINS\AppData\Local\Pokki
2015-03-31 17:12 - 2015-03-31 17:12 - 00001780 _____ () C:\Users\Public\Desktop\Online kaufen.lnk
2015-03-31 17:12 - 2015-03-31 17:12 - 00001450 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-31 17:12 - 2015-03-31 17:12 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-31 17:12 - 2015-03-31 17:12 - 00000020 ___SH () C:\Users\MEINS\ntuser.ini
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Vorlagen
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Startmenü
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Netzwerkumgebung
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Lokale Einstellungen
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Eigene Dateien
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Druckumgebung
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Documents\Eigene Musik
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Documents\Eigene Bilder
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\AppData\Local\Verlauf
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\AppData\Local\Anwendungsdaten
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 _SHDL () C:\Users\MEINS\Anwendungsdaten
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Adobe
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\Users\MEINS\AppData\Local\VirtualStore
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\Users\MEINS\AppData\Local\OEM
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2015-03-31 17:12 - 2015-03-31 17:12 - 00000000 ____D () C:\Program Files\Accessory Store
2015-03-31 17:12 - 2014-07-14 17:35 - 00000000 ___RD () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-31 17:12 - 2014-03-18 12:33 - 00000000 ___RD () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-31 17:12 - 2014-03-18 12:13 - 00000369 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-31 17:12 - 2014-03-18 12:13 - 00000369 _____ () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-31 17:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-31 17:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Programme
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 _SHDL () C:\Dokumente und Einstellungen

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 14:36 - 2014-10-05 01:15 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-04-02 14:36 - 2014-10-05 01:15 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-04-02 14:36 - 2014-03-18 12:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-02 14:32 - 2014-10-09 21:18 - 02012206 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 14:31 - 2014-03-18 11:54 - 00023324 _____ () C:\Windows\PFRO.log
2015-04-02 14:31 - 2013-08-22 16:46 - 00019406 _____ () C:\Windows\setupact.log
2015-04-02 14:31 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-02 14:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-02 13:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Speech
2015-04-02 13:31 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-02 13:15 - 2013-08-22 16:44 - 00420208 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-02 13:13 - 2014-03-18 11:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-02 13:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-02 12:14 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-02 12:05 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-02 11:42 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-02 11:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-01 17:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\Recovery
2015-03-31 17:58 - 2014-07-14 17:40 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-31 17:55 - 2014-10-09 20:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-31 17:54 - 2014-07-14 17:40 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-31 17:53 - 2014-07-14 17:40 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-03-31 17:53 - 2014-03-18 11:45 - 00000000 ____D () C:\Windows\ShellNew
2015-03-31 17:52 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-03-31 17:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\restore
2015-03-31 17:28 - 2014-10-09 20:29 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-03-31 17:28 - 2014-10-09 20:29 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-03-31 17:25 - 2014-07-14 17:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-31 17:25 - 2014-07-14 17:38 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-03-31 17:24 - 2014-07-14 17:38 - 00000000 ____D () C:\ProgramData\WildTangent
2015-03-31 17:22 - 2014-10-09 20:29 - 00000000 ____D () C:\ProgramData\OEM
2015-03-31 17:18 - 2014-10-09 20:29 - 00000884 _____ () C:\Users\Public\Desktop\Acer Care Center.lnk
2015-03-31 17:18 - 2014-10-09 20:29 - 00000000 ____D () C:\ProgramData\Acer
2015-03-31 17:18 - 2014-07-14 18:16 - 00000000 ___HD () C:\OEM
2015-03-31 17:15 - 2014-10-09 20:24 - 00000000 ____D () C:\ProgramData\Atheros
2015-03-31 17:12 - 2014-07-14 18:17 - 00000000 ____D () C:\Windows\Panther
2015-03-31 17:08 - 2014-07-14 17:19 - 00000000 ____D () C:\Users\Administrator
2015-03-31 17:06 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-03-31 17:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-31 17:05 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2015-03-04 23:24 - 2014-07-14 17:36 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 23:24 - 2014-07-14 17:36 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-10-09 20:21 - 2014-10-09 20:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-14 17:18

==================== End Of Log ============================

--- --- ---

--- --- ---

M-K-D-B · 03.04.2015, 14:17

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
HKU\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start
HKU\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2403373867-418344544-55061293-1001 -> {88BC956D-FB63-4107-8C65-46F6A9B4F5E4} URL = 
C:\ProgramData\Pokki
C:\Users\Default\AppData\Local\Pokki
C:\Users\MEINS\AppData\Local\Pokki
C:\Users\MEINS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
DeleteKey: HKEY_CURRENT_USER\Software\Classes\AllFileSystemObjects\shell\pokki
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Directory\shell\pokki
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Drive\shell\pokki
DeleteKey: HKEY_CURRENT_USER\Software\Classes\lnkfile\shell\pokki
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von HitmanPro,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Maporo · 03.04.2015, 16:54

Hallo Matthias,

alle Aktionen durchgeführt.

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.99  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender                     
McAfee Anti-Virus und Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 McAfee SiteAdvisor    
 Mozilla Firefox (36.0.4) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : WURSTEBROT
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : Wurstebrot\MEINS
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-04-03 16:53:21
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 7s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 2

   Objects scanned . . . : 1.323.903
   Files scanned . . . . : 14.376
   Remnants scanned  . . : 273.115 files / 1.036.412 keys

Suspicious files ____________________________________________________________

   C:\Users\MEINS\Desktop\FRST64.exe -> Deleted
      Size . . . . . . . : 2.095.616 bytes
      Age  . . . . . . . : 1.2 days (2015-04-02 12:31:41)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72AAB1C62CF0BC00F5B102954B603D1509B2AF5F0BD1911E9CAE98C4DDE2D152
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Cookies _____________________________________________________________________

   C:\Users\MEINS\AppData\Roaming\Mozilla\Firefox\Profiles\3jyn58bg.default\cookies.sqlite:doubleclick.net

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by MEINS at 2015-04-03 16:49:18 Run:2
Running from C:\Users\MEINS\Desktop
Loaded Profiles: MEINS (Available profiles: MEINS)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start
HKU\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2403373867-418344544-55061293-1001 -> {88BC956D-FB63-4107-8C65-46F6A9B4F5E4} URL = 
C:\ProgramData\Pokki
C:\Users\Default\AppData\Local\Pokki
C:\Users\MEINS\AppData\Local\Pokki
C:\Users\MEINS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
DeleteKey: HKEY_CURRENT_USER\Software\Classes\AllFileSystemObjects\shell\pokki
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Directory\shell\pokki
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Drive\shell\pokki
DeleteKey: HKEY_CURRENT_USER\Software\Classes\lnkfile\shell\pokki
EmptyTemp:
end
*****************

Processes closed successfully.
HKU\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2403373867-418344544-55061293-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2403373867-418344544-55061293-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88BC956D-FB63-4107-8C65-46F6A9B4F5E4}" => Key deleted successfully.
HKCR\CLSID\{88BC956D-FB63-4107-8C65-46F6A9B4F5E4} => Key not found. 
C:\ProgramData\Pokki => Moved successfully.
C:\Users\Default\AppData\Local\Pokki => Moved successfully.
C:\Users\MEINS\AppData\Local\Pokki => Moved successfully.
C:\Users\MEINS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk => Moved successfully.
C:\Users\MEINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk => Moved successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Classes\AllFileSystemObjects\shell\pokki => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_CURRENT_USER\Software\Classes\AllFileSystemObjects\shell\pokki => Key Deleted Successfully.
HKEY_CURRENT_USER\Software\Classes\Directory\shell\pokki => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_CURRENT_USER\Software\Classes\Directory\shell\pokki => Key Deleted Successfully.
HKEY_CURRENT_USER\Software\Classes\Drive\shell\pokki => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_CURRENT_USER\Software\Classes\Drive\shell\pokki => Key Deleted Successfully.
HKEY_CURRENT_USER\Software\Classes\lnkfile\shell\pokki => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_CURRENT_USER\Software\Classes\lnkfile\shell\pokki => Key Deleted Successfully.
EmptyTemp: => Removed 99.8 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 16:49:25 ====

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=717962b78adf4d4c9f90b7a18a80862e
# engine=23223
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-03 03:42:50
# local_time=2015-04-03 05:42:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='McAfee Anti-Virus * Anti-Spyware'
# compatibility_mode=5130 16777214 100 97 258300 51561210 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 102573 32892538 0 0
# scanned=83562
# found=0
# cleaned=0
# scan_time=1466

Hoffe, ich habe keinen vergessen..

Viele Grüße Maporo

M-K-D-B · 04.04.2015, 09:42

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	Avast	MSE

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

M-K-D-B · 08.04.2015, 14:31

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

02.04.2015, 20:28	#6
M-K-D-B /// TB-Ausbilder	Sicherheitswarnung beim Öffnen von Firefox bei neuem Acer Aspire PC (vorinstalierte MC Affee Software) Servus, du hast zweimal die Logdatei von SystemLook gepostet. poste bitte noch die aktuelle FRST.txt, dann kann es weitergehen.

Sicherheitswarnung beim Öffnen von Firefox bei neuem Acer Aspire PC (vorinstalierte MC Affee Software)

Log-Analyse und Auswertung: Sicherheitswarnung beim Öffnen von Firefox bei neuem Acer Aspire PC (vorinstalierte MC Affee Software)