Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner fbdownload eingefangen (https://www.trojaner-board.de/154126-trojaner-fbdownload-eingefangen.html)

DiabolusXXX 20.05.2014 15:30
Trojaner fbdownload eingefangen
 
Hallo zusammen,

habe wohl auch irgendwo ein Häckchen übersehen und mir den fbdownload eingefangen. Er hat sich in meinem IE eingenistet und als Standardsuchmaschine eingestellt. Kann mir (Laie) irgenwie bei meinem Problem helfen?

LG

cosinus 20.05.2014 15:32
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

DiabolusXXX 20.05.2014 15:42
Code:

alwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20.05.2014
Scan Time: 15:58:47
Logfile: log.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.20.04
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Tobias

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377363
Time Elapsed: 10 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-91668819-312498841-480008626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{59F39B89-94C3-44C5-B903-9A6B85C32921}, Quarantined, [1f85391accaf38fe318e86a134ce4db3],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

DiabolusXXX 20.05.2014 15:51
Hallo cosinus,

danke für die schnelle Hilfe.

Hier kommt noch das zweite log

DiabolusXXX 20.05.2014 15:53
zu guter letzt noch die Addition

cosinus 20.05.2014 15:55
:(

Wieso denn jetzt im Anhang...wurde doch deutlich erwähnt, die Logs nur in CODE-Tags zu posten

Und was ist mit Malwarebytes, ist das wirklich das einzige Log? :wtf:

DiabolusXXX 20.05.2014 15:59
Sorry Laie,

mom ich mach nochmal

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Tobias (administrator) on BÜRO on 20-05-2014 16:39:45
Running from C:\Users\Tobias\Downloads
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(DATEV eG) C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(KOBIL Systems GmbH) C:\DATEV\PROGRAMM\B0000404\msdisrv.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(DATEV eG) C:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(DATEV eG) C:\DATEV\PROGRAMM\DFUEISDN\SSLClt\sslclt.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(DATEVeG) C:\DATEV\PROGRAMM\B0000299\AS\as.exe
(DATEVeG) C:\DATEV\PROGRAMM\B0000299\AS\as.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [170496 2013-04-28] (Sun Microsystems, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-04-30] (Nero AG)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Datev.CC.ControllerUserMode] => C:\DATEV\PROGRAMM\RZKOMM\Datev.CC.Processes.Cmd.exe [32808 2013-12-23] (DATEV eG)
HKLM-x32\...\Run: [Datev.CC.Clear] => C:\DATEV\PROGRAMM\RZKOMM\Datev.CC.Processes.Cmd.exe [32808 2013-12-23] (DATEV eG)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-17] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SiPaHost] => C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe [556584 2013-03-21] (DATEV eG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
HKU\S-1-5-21-91668819-312498841-480008626-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-91668819-312498841-480008626-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-91668819-312498841-480008626-1001\...\Run: [SSync] => C:\Users\Tobias\AppData\Roaming\SSync\SSync.exe [37376 2013-12-09] ()
HKU\S-1-5-21-91668819-312498841-480008626-1001\...\Run: [DataMgr] => C:\Users\Tobias\AppData\Roaming\DataMgr\DataMgr.exe [168880 2014-02-26] (HTTO Group, Ltd.)
HKU\S-1-5-21-91668819-312498841-480008626-1001\...\Run: [Intermediate] => C:\Users\Tobias\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-91668819-312498841-480008626-1001\...\Run: [SCheck] => C:\Users\Tobias\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-91668819-312498841-480008626-1001\...\Run: [Snoozer] => C:\Users\Tobias\AppData\Roaming\Snz\Snz.exe [1210387 2014-05-07] ()
HKU\S-1-5-21-91668819-312498841-480008626-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\DATEV\PROGRAMM\BSoffice\service\OfficeDiag.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk
ShortcutTarget: CleanupPrintJobs.lnk -> C:\DATEV\PROGRAMM\B0001401\CleanupPrintJobs.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\DATEV\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
SearchScopes: HKLM - DefaultScope {69EBBA32-1672-9AE5-1418-12ED1C099AC4} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {70D14B1D-D78B-4273-8EF7-060DD9C46964} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {A8603C26-4698-4A3B-ABCC-B951E8B91737} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {69EBBA32-1672-9AE5-1418-12ED1C099AC4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {69EBBA32-1672-9AE5-1418-12ED1C099AC4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {A8603C26-4698-4A3B-ABCC-B951E8B91737} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://native-search.com/search.php?channel=deg&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E02B00FF054C7F0A&affID=128491&tsp=5178
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {70D14B1D-D78B-4273-8EF7-060DD9C46964} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://native-search.com/search.php?channel=deg&q={searchTerms}
SearchScopes: HKCU - {A8603C26-4698-4A3B-ABCC-B951E8B91737} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {D8A45D76-F54C-47F3-B516-9187A5DEFB16} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=2F1156B0-4EBB-4C68-BDCB-94A51EB49C4D&apn_sauid=75AA31DA-FB11-478F-861A-9CF1CB5A4A2C
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe64.dll (DATEV eG)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSASCardBHO64002.Dll (DATEV eG)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: DtvIePwdSafeBHO Class - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SCardBHOEvent Class - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSAScardBHO002.dll (DATEV eG)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default
FF user.js: detected! => C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Simple New Tab - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\Extensions\snt@dotlabs.co.xpi [2013-11-13]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-13]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-03-14]

Chrome:
=======
CHR HomePage: hxxp://native-search.com/?channel=deg
CHR RestoreOnStartup: "hxxp://native-search.com/?channel=deg"
CHR DefaultSearchKeyword: Search
CHR DefaultSearchProvider: Search
CHR DefaultSearchURL: hxxp://native-search.com/search.php?channel=deg&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Tobias\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx []
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-09] (CrashPlan)
R2 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [161320 2013-08-02] (DATEV eG)
R2 Datev.CC.Processes.Hosting.RdtServiceMode; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)
R3 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)
R2 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)
R3 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)
S3 Datev.Irw.ServiceProvider.HostXcut.Server; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)
R2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [185856 2013-09-02] (DATEV eG)
S4 DfueSammlerDienst; C:\DATEV\PROGRAMM\RZKOMM\Datev.CC.Processes.Session0Host.exe [9256 2013-12-23] ()
R2 DVckService; C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe [2706472 2013-07-26] (DATEV eG)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 KOBIL_MSDI; C:\DATEV\PROGRAMM\B0000404\msdisrv.exe [137736 2013-03-14] (KOBIL Systems GmbH)
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62218696 2012-06-29] (Microsoft Corporation)
R3 MSSQLFDLauncher$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe [41416 2012-06-29] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Sicherheitspaket-Dienst; C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe [196136 2013-03-21] (DATEV eG)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-29] (Microsoft Corporation)
S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [297984 2014-04-09] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [X]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn [X]

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 KOBCCID; C:\Windows\system32\drivers\KOBCCID.sys [116864 2013-05-14] (KOBIL Systems GmbH)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [321992 2012-06-29] (Microsoft Corporation)
R2 SC_SERV3D; C:\windows\system32\drivers\d3_kafm.sys [84728 2012-07-03] (Datev eG)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
U0 dmboot;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-20 16:39 - 2014-05-20 16:39 - 00030952 _____ () C:\Users\Tobias\Downloads\FRST.txt
2014-05-20 16:39 - 2014-05-20 16:39 - 00000000 ____D () C:\FRST
2014-05-20 16:37 - 2014-05-20 16:37 - 02067456 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64.exe
2014-05-20 15:28 - 2014-05-20 15:43 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 15:28 - 2014-05-20 15:28 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-20 15:28 - 2014-05-20 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-20 15:28 - 2014-05-20 15:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-20 15:28 - 2014-05-20 15:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-20 15:28 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-20 15:28 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-20 15:28 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-20 15:27 - 2014-05-20 15:27 - 00961360 _____ (Chip Digital GmbH) C:\Users\Tobias\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-05-20 11:04 - 2014-05-20 11:04 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Snz
2014-05-20 11:03 - 2014-05-20 11:03 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\SCheck
2014-05-19 14:51 - 2014-05-19 15:08 - 00049664 _____ () C:\Users\Tobias\Desktop\Zusatzbeiträge Nachwuchs 04_06_2014.xls
2014-05-19 14:50 - 2014-05-19 14:50 - 00018250 _____ () C:\Users\Tobias\Desktop\Zusatzbeiträge Nachwuchs 04_06_2014.xlsx
2014-05-19 14:24 - 2014-05-19 14:24 - 00064512 _____ () C:\Users\Tobias\Desktop\Kopie von Gehälter Mai 2014.xls
2014-05-16 13:44 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-16 13:44 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-16 13:44 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-16 13:44 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-16 13:44 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-16 13:44 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-16 13:44 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-16 13:44 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-16 13:44 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-16 13:44 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-16 13:44 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-16 13:44 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-16 13:44 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-16 13:44 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-16 13:44 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-16 13:44 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-16 13:44 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-16 13:44 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-16 13:44 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-16 13:44 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-16 13:44 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-16 13:44 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-16 13:44 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-16 13:44 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-16 13:44 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-16 13:44 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-16 13:44 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-16 13:44 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-16 13:44 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-16 13:44 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-16 13:44 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-16 13:44 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-16 13:44 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-16 13:44 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-16 13:44 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-16 13:44 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-16 13:43 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-16 13:43 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-16 13:43 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-16 13:43 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-16 13:43 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-16 13:43 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-10 09:32 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-05-10 09:32 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-05-10 09:32 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-05-10 09:32 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-05-10 09:31 - 2014-05-10 09:32 - 00005524 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-07 21:03 - 2014-05-07 21:03 - 00467120 _____ () C:\Users\Tobias\AppData\Local\omesuperv.exe
2014-05-03 04:33 - 2014-05-03 04:33 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-03 04:33 - 2014-05-03 04:33 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 08:40 - 2014-05-01 08:40 - 00000000 __SHD () C:\Users\Tobias\AppData\Local\EmieUserList
2014-05-01 08:40 - 2014-05-01 08:40 - 00000000 __SHD () C:\Users\Tobias\AppData\Local\EmieSiteList
2014-04-23 12:23 - 2014-03-20 06:19 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-04-23 12:23 - 2014-03-20 05:41 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-04-23 12:23 - 2014-03-20 05:41 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-04-23 12:23 - 2014-03-20 05:40 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-04-23 12:23 - 2014-03-20 03:29 - 04268544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-04-23 12:23 - 2014-03-20 01:55 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-04-23 12:23 - 2014-03-19 09:13 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-04-23 12:23 - 2014-03-11 14:42 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-04-23 12:23 - 2014-03-11 14:35 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-04-23 12:23 - 2014-03-08 08:46 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-04-23 12:23 - 2014-03-08 07:41 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-04-23 12:23 - 2014-03-06 16:34 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2014-04-23 12:23 - 2014-03-06 14:53 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-04-23 12:23 - 2014-03-06 14:51 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-04-23 12:23 - 2014-03-06 14:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-04-23 12:23 - 2014-03-06 11:19 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2014-04-23 12:23 - 2014-03-06 10:20 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2014-04-23 12:23 - 2014-03-06 09:22 - 16875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-04-23 12:23 - 2014-03-06 08:59 - 12732416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-04-23 12:23 - 2014-03-06 08:51 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-04-23 12:23 - 2014-03-06 08:39 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-04-23 12:23 - 2014-03-06 08:23 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-04-23 12:23 - 2014-03-06 07:28 - 08653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-04-23 12:23 - 2014-03-06 07:27 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-04-23 12:23 - 2014-03-06 07:21 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-04-23 12:23 - 2014-03-06 07:20 - 06641152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-04-23 12:23 - 2014-03-04 14:25 - 02373784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-04-23 12:23 - 2014-03-04 14:15 - 02519384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-04-23 12:23 - 2014-03-04 13:16 - 02088160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-04-23 12:22 - 2014-03-20 02:53 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-04-23 12:22 - 2014-03-20 02:48 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2014-04-23 12:22 - 2014-03-20 01:39 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-04-23 12:22 - 2014-03-20 01:36 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2014-04-23 12:22 - 2014-03-19 07:57 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-04-23 12:22 - 2014-03-19 07:50 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
2014-04-23 12:22 - 2014-03-19 07:31 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-04-23 12:22 - 2014-03-19 07:20 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
2014-04-23 12:22 - 2014-03-19 07:08 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-04-23 12:22 - 2014-03-19 06:41 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-04-23 12:22 - 2014-03-19 06:17 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-04-23 12:22 - 2014-03-13 14:35 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2014-04-23 12:22 - 2014-03-12 15:45 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-04-23 12:22 - 2014-03-11 17:45 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2014-04-23 12:22 - 2014-03-11 17:18 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-04-23 12:22 - 2014-03-11 17:02 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2014-04-23 12:22 - 2014-03-11 16:28 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-04-23 12:22 - 2014-03-11 16:25 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2014-04-23 12:22 - 2014-03-11 16:05 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2014-04-23 12:22 - 2014-03-11 16:03 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-04-23 12:22 - 2014-03-11 16:00 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-04-23 12:22 - 2014-03-11 15:21 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-04-23 12:22 - 2014-03-11 15:02 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-04-23 12:22 - 2014-03-08 22:47 - 00565536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-04-23 12:22 - 2014-03-08 22:47 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-04-23 12:22 - 2014-03-08 22:40 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-04-23 12:22 - 2014-03-08 22:38 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2014-04-23 12:22 - 2014-03-08 22:35 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-04-23 12:22 - 2014-03-08 22:35 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-04-23 12:22 - 2014-03-08 17:29 - 01339240 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-04-23 12:22 - 2014-03-08 17:29 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-04-23 12:22 - 2014-03-08 13:34 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2014-04-23 12:22 - 2014-03-08 11:34 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-04-23 12:22 - 2014-03-08 11:02 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll
2014-04-23 12:22 - 2014-03-08 10:44 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-04-23 12:22 - 2014-03-08 10:33 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2014-04-23 12:22 - 2014-03-08 10:25 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll
2014-04-23 12:22 - 2014-03-08 10:12 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll
2014-04-23 12:22 - 2014-03-08 09:53 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-04-23 12:22 - 2014-03-08 09:51 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-04-23 12:22 - 2014-03-08 09:47 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2014-04-23 12:22 - 2014-03-08 09:12 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-04-23 12:22 - 2014-03-08 09:09 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-04-23 12:22 - 2014-03-08 09:04 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2014-04-23 12:22 - 2014-03-08 09:03 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-04-23 12:22 - 2014-03-08 09:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-04-23 12:22 - 2014-03-08 08:50 - 01066496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-04-23 12:22 - 2014-03-08 08:48 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-04-23 12:22 - 2014-03-08 08:41 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-04-23 12:22 - 2014-03-08 08:40 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2014-04-23 12:22 - 2014-03-08 08:37 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-04-23 12:22 - 2014-03-08 08:31 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-04-23 12:22 - 2014-03-08 08:30 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-04-23 12:22 - 2014-03-08 08:25 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2014-04-23 12:22 - 2014-03-08 08:09 - 00958464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-04-23 12:22 - 2014-03-08 08:04 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-04-23 12:22 - 2014-03-08 08:02 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-04-23 12:22 - 2014-03-08 07:58 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2014-04-23 12:22 - 2014-03-08 07:11 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-04-23 12:22 - 2014-03-06 16:35 - 01466864 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-04-23 12:22 - 2014-03-06 16:34 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2014-04-23 12:22 - 2014-03-06 14:53 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-04-23 12:22 - 2014-03-06 14:51 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-04-23 12:22 - 2014-03-06 14:51 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-04-23 12:22 - 2014-03-06 14:40 - 00492256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-04-23 12:22 - 2014-03-06 14:40 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-04-23 12:22 - 2014-03-06 14:40 - 00463264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-04-23 12:22 - 2014-03-06 14:40 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-04-23 12:22 - 2014-03-06 14:40 - 00244888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-04-23 12:22 - 2014-03-06 14:39 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-04-23 12:22 - 2014-03-06 13:20 - 01200296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-04-23 12:22 - 2014-03-06 13:19 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-04-23 12:22 - 2014-03-06 13:19 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2014-04-23 12:22 - 2014-03-06 13:13 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-04-23 12:22 - 2014-03-06 13:13 - 00406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-04-23 12:22 - 2014-03-06 12:46 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2014-04-23 12:22 - 2014-03-06 12:35 - 00406512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-04-23 12:22 - 2014-03-06 12:35 - 00388408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-04-23 12:22 - 2014-03-06 12:35 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-04-23 12:22 - 2014-03-06 12:35 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-04-23 12:22 - 2014-03-06 11:29 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-04-23 12:22 - 2014-03-06 11:24 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-04-23 12:22 - 2014-03-06 11:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-04-23 12:22 - 2014-03-06 11:24 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2014-04-23 12:22 - 2014-03-06 11:22 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-04-23 12:22 - 2014-03-06 11:22 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2014-04-23 12:22 - 2014-03-06 11:22 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2014-04-23 12:22 - 2014-03-06 11:20 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-04-23 12:22 - 2014-03-06 11:20 - 00402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-04-23 12:22 - 2014-03-06 11:20 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-04-23 12:22 - 2014-03-06 11:19 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2014-04-23 12:22 - 2014-03-06 11:19 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll
2014-04-23 12:22 - 2014-03-06 11:19 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-04-23 12:22 - 2014-03-06 11:19 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2014-04-23 12:22 - 2014-03-06 11:08 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-04-23 12:22 - 2014-03-06 11:08 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2014-04-23 12:22 - 2014-03-06 10:41 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll
2014-04-23 12:22 - 2014-03-06 10:38 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2014-04-23 12:22 - 2014-03-06 10:37 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-04-23 12:22 - 2014-03-06 10:28 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-04-23 12:22 - 2014-03-06 10:10 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll
2014-04-23 12:22 - 2014-03-06 10:09 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-04-23 12:22 - 2014-03-06 10:00 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2014-04-23 12:22 - 2014-03-06 09:47 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-04-23 12:22 - 2014-03-06 09:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2014-04-23 12:22 - 2014-03-06 09:44 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-04-23 12:22 - 2014-03-06 09:16 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2014-04-23 12:22 - 2014-03-06 09:08 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-04-23 12:22 - 2014-03-06 09:02 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2014-04-23 12:22 - 2014-03-06 08:57 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-04-23 12:22 - 2014-03-06 08:34 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-04-23 12:22 - 2014-03-06 08:32 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-04-23 12:22 - 2014-03-06 08:31 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-04-23 12:22 - 2014-03-06 08:29 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2014-04-23 12:22 - 2014-03-06 08:27 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2014-04-23 12:22 - 2014-03-06 08:24 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll
2014-04-23 12:22 - 2014-03-06 08:23 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2014-04-23 12:22 - 2014-03-06 08:21 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-04-23 12:22 - 2014-03-06 08:21 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2014-04-23 12:22 - 2014-03-06 08:16 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-04-23 12:22 - 2014-03-06 08:16 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-04-23 12:22 - 2014-03-06 08:13 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-04-23 12:22 - 2014-03-06 08:13 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-04-23 12:22 - 2014-03-06 08:11 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-04-23 12:22 - 2014-03-06 08:09 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-04-23 12:22 - 2014-03-06 08:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll
2014-04-23 12:22 - 2014-03-06 08:05 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-04-23 12:22 - 2014-03-06 08:04 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-04-23 12:22 - 2014-03-06 08:04 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2014-04-23 12:22 - 2014-03-06 08:01 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2014-04-23 12:22 - 2014-03-06 07:54 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-04-23 12:22 - 2014-03-06 07:54 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-04-23 12:22 - 2014-03-06 07:51 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2014-04-23 12:22 - 2014-03-06 07:47 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2014-04-23 12:22 - 2014-03-06 07:42 - 01129472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-04-23 12:22 - 2014-03-06 07:42 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2014-04-23 12:22 - 2014-03-06 07:33 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-04-23 12:22 - 2014-03-04 14:15 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-04-23 12:22 - 2014-03-04 14:14 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-04-23 12:22 - 2014-03-04 13:10 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-04-23 12:22 - 2014-03-04 09:16 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-04-23 12:22 - 2014-03-04 09:13 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-04-23 12:22 - 2014-03-04 09:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2014-04-23 12:22 - 2014-03-04 09:00 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2014-04-23 12:22 - 2014-03-04 08:56 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2014-04-23 12:22 - 2014-03-04 08:50 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-04-23 12:22 - 2014-03-04 08:42 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-04-23 12:22 - 2014-03-04 08:39 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2014-04-23 12:22 - 2014-03-04 08:32 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2014-04-23 12:22 - 2014-03-04 08:15 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2014-04-23 12:22 - 2014-03-04 08:05 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2014-04-23 12:22 - 2014-03-04 08:03 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2014-04-23 12:22 - 2014-03-04 08:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-04-23 12:22 - 2014-03-04 07:54 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-04-23 12:22 - 2014-03-04 07:52 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2014-04-23 12:22 - 2014-02-26 08:29 - 02678784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-04-23 12:22 - 2014-02-07 00:59 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-04-23 12:22 - 2014-02-06 23:26 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-04-23 12:22 - 2013-12-24 01:28 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2014-04-23 12:22 - 2013-12-24 01:26 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2014-04-23 12:20 - 2014-02-22 17:55 - 01435304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2014-04-23 12:20 - 2014-02-22 17:53 - 03394384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-04-23 12:20 - 2014-02-22 17:48 - 02574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-04-23 12:20 - 2014-02-22 17:46 - 01927600 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-04-23 12:20 - 2014-02-22 17:46 - 01445616 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2014-04-23 12:20 - 2014-02-22 17:44 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-04-23 12:20 - 2014-02-22 17:41 - 02142976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-04-23 12:20 - 2014-02-22 16:38 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-04-23 12:20 - 2014-02-22 16:04 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-04-23 12:20 - 2014-02-22 14:15 - 04192768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-04-23 12:20 - 2014-02-22 14:08 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\OobeFldr.dll
2014-04-23 12:20 - 2014-02-22 13:44 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-04-23 12:20 - 2014-02-22 13:17 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-04-23 12:20 - 2014-02-22 13:17 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OobeFldr.dll
2014-04-23 12:20 - 2014-02-22 13:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-04-23 12:20 - 2014-02-22 13:00 - 05784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-04-23 12:20 - 2014-02-22 12:44 - 02178048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-04-23 12:20 - 2014-02-22 12:36 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-04-23 12:20 - 2014-02-22 12:34 - 11742720 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2014-04-23 12:20 - 2014-02-22 12:33 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-04-23 12:20 - 2014-02-22 12:18 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-04-23 12:20 - 2014-02-22 12:06 - 02943488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-04-23 12:20 - 2014-02-22 12:02 - 08946688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2014-04-23 12:20 - 2014-02-22 12:00 - 02043904 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-04-23 12:20 - 2014-02-22 11:52 - 01132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2014-04-23 12:20 - 2014-02-22 11:47 - 01192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2014-04-23 12:20 - 2014-02-22 11:39 - 13551104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-04-23 12:20 - 2014-02-22 11:33 - 11745792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-04-23 12:20 - 2014-02-22 11:33 - 01967104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-04-23 12:20 - 2014-02-22 11:28 - 02643456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2014-04-23 12:20 - 2014-02-22 11:23 - 03494912 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2014-04-23 12:20 - 2014-02-22 11:23 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-04-23 12:20 - 2014-02-22 11:23 - 01576960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2014-04-23 12:20 - 2014-02-22 11:16 - 11776000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2014-04-23 12:20 - 2014-02-22 11:13 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2014-04-23 12:20 - 2014-02-22 11:11 - 02262016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-04-23 12:20 - 2014-02-22 11:01 - 13933568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2014-04-23 12:20 - 2014-02-22 10:53 - 12027904 _____ (Microsoft Corporation)

DiabolusXXX 20.05.2014 16:00
Code:

C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-04-23 12:20 - 2014-02-22 10:49 - 08874496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-04-23 12:20 - 2014-02-22 10:49 - 01400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-04-23 12:20 - 2014-02-22 10:40 - 02368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2014-04-23 12:20 - 2014-02-22 10:38 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-04-23 12:20 - 2014-02-22 10:37 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2014-04-23 12:20 - 2014-02-22 10:35 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-04-23 12:20 - 2014-02-22 10:34 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-04-23 12:20 - 2014-02-22 10:32 - 01789440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-04-23 12:20 - 2014-02-22 10:27 - 01143808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-04-23 12:20 - 2014-02-08 03:08 - 00139600 _____ () C:\WINDOWS\system32\systemsf.ebd
2014-04-23 12:19 - 2014-02-22 18:59 - 01519520 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-04-23 12:19 - 2014-02-22 18:59 - 01290688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2014-04-23 12:19 - 2014-02-22 18:59 - 00526304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2014-04-23 12:19 - 2014-02-22 18:59 - 00461176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-04-23 12:19 - 2014-02-22 18:59 - 00407536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-04-23 12:19 - 2014-02-22 18:59 - 00289752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2014-04-23 12:19 - 2014-02-22 18:59 - 00209160 _____ (Microsoft Corporation) C:\WINDOWS\system32\imm32.dll
2014-04-23 12:19 - 2014-02-22 18:59 - 00139464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2014-04-23 12:19 - 2014-02-22 18:59 - 00123448 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-04-23 12:19 - 2014-02-22 18:15 - 01929608 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2014-04-23 12:19 - 2014-02-22 18:15 - 01206000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2014-04-23 12:19 - 2014-02-22 18:15 - 00531128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2014-04-23 12:19 - 2014-02-22 18:15 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\system32\powrprof.dll
2014-04-23 12:19 - 2014-02-22 18:15 - 00188464 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2014-04-23 12:19 - 2014-02-22 18:02 - 00170952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2014-04-23 12:19 - 2014-02-22 18:02 - 00083120 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhost.exe
2014-04-23 12:19 - 2014-02-22 18:02 - 00080048 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostex.exe
2014-04-23 12:19 - 2014-02-22 18:00 - 00590168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-04-23 12:19 - 2014-02-22 18:00 - 00249688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2014-04-23 12:19 - 2014-02-22 18:00 - 00236888 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-04-23 12:19 - 2014-02-22 18:00 - 00151384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-04-23 12:19 - 2014-02-22 18:00 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys
2014-04-23 12:19 - 2014-02-22 17:59 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-04-23 12:19 - 2014-02-22 17:55 - 00388408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-04-23 12:19 - 2014-02-22 17:55 - 00244848 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2014-04-23 12:19 - 2014-02-22 17:55 - 00152848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2014-04-23 12:19 - 2014-02-22 17:55 - 00105864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-04-23 12:19 - 2014-02-22 17:50 - 02588168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-04-23 12:19 - 2014-02-22 17:50 - 00761792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2014-04-23 12:19 - 2014-02-22 17:50 - 00645104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-04-23 12:19 - 2014-02-22 17:50 - 00258784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-04-23 12:19 - 2014-02-22 17:50 - 00043408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2014-04-23 12:19 - 2014-02-22 17:49 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-04-23 12:19 - 2014-02-22 17:49 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-04-23 12:19 - 2014-02-22 17:49 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-04-23 12:19 - 2014-02-22 17:49 - 00280920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-04-23 12:19 - 2014-02-22 17:49 - 00148824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-04-23 12:19 - 2014-02-22 17:49 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-04-23 12:19 - 2014-02-22 17:48 - 01791752 ____C (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2014-04-23 12:19 - 2014-02-22 17:48 - 00210736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-04-23 12:19 - 2014-02-22 17:46 - 01000424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2014-04-23 12:19 - 2014-02-22 17:46 - 00669896 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2014-04-23 12:19 - 2014-02-22 17:44 - 00924504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2014-04-23 12:19 - 2014-02-22 17:44 - 00539992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2014-04-23 12:19 - 2014-02-22 17:44 - 00424280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-04-23 12:19 - 2014-02-22 17:44 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-04-23 12:19 - 2014-02-22 17:43 - 01727760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-04-23 12:19 - 2014-02-22 17:43 - 01659056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-04-23 12:19 - 2014-02-22 17:43 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-04-23 12:19 - 2014-02-22 17:43 - 01487520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-04-23 12:19 - 2014-02-22 17:43 - 01356360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-04-23 12:19 - 2014-02-22 17:43 - 00142576 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2014-04-23 12:19 - 2014-02-22 17:41 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-04-23 12:19 - 2014-02-22 17:41 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-04-23 12:19 - 2014-02-22 17:41 - 01215832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2014-04-23 12:19 - 2014-02-22 17:41 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-04-23 12:19 - 2014-02-22 17:41 - 00800552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2014-04-23 12:19 - 2014-02-22 17:41 - 00609456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-04-23 12:19 - 2014-02-22 17:41 - 00391008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2014-04-23 12:19 - 2014-02-22 17:41 - 00372360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2014-04-23 12:19 - 2014-02-22 17:41 - 00324896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-04-23 12:19 - 2014-02-22 17:40 - 01118552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-04-23 12:19 - 2014-02-22 16:52 - 01767440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2014-04-23 12:19 - 2014-02-22 16:51 - 01063976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2014-04-23 12:19 - 2014-02-22 16:51 - 00140456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2014-04-23 12:19 - 2014-02-22 16:42 - 01017936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2014-04-23 12:19 - 2014-02-22 16:42 - 00422968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2014-04-23 12:19 - 2014-02-22 16:42 - 00410568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-04-23 12:19 - 2014-02-22 16:42 - 00369288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-04-23 12:19 - 2014-02-22 16:42 - 00232896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2014-04-23 12:19 - 2014-02-22 16:42 - 00098072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-04-23 12:19 - 2014-02-22 16:38 - 01077944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2014-04-23 12:19 - 2014-02-22 16:38 - 00506120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2014-04-23 12:19 - 2014-02-22 16:38 - 00336232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-04-23 12:19 - 2014-02-22 16:38 - 00089848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-04-23 12:19 - 2014-02-22 16:25 - 02410496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-04-23 12:19 - 2014-02-22 16:25 - 00180240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-04-23 12:19 - 2014-02-22 16:18 - 00477744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-04-23 12:19 - 2014-02-22 16:18 - 00041320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2014-04-23 12:19 - 2014-02-22 16:11 - 00490136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2014-04-23 12:19 - 2014-02-22 16:08 - 01474104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-04-23 12:19 - 2014-02-22 16:04 - 01206000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-04-23 12:19 - 2014-02-22 16:04 - 01011280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2014-04-23 12:19 - 2014-02-22 16:04 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-04-23 12:19 - 2014-02-22 16:04 - 00650736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2014-04-23 12:19 - 2014-02-22 16:04 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-04-23 12:19 - 2014-02-22 16:04 - 00317584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2014-04-23 12:19 - 2014-02-22 16:04 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2014-04-23 12:19 - 2014-02-22 16:04 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-04-23 12:19 - 2014-02-22 14:24 - 02825216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2014-04-23 12:19 - 2014-02-22 14:22 - 01163264 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-04-23 12:19 - 2014-02-22 14:20 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2014-04-23 12:19 - 2014-02-22 14:14 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-04-23 12:19 - 2014-02-22 14:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2014-04-23 12:19 - 2014-02-22 14:11 - 00272896 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2014-04-23 12:19 - 2014-02-22 14:09 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2014-04-23 12:19 - 2014-02-22 14:07 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2014-04-23 12:19 - 2014-02-22 14:07 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofUtil.dll
2014-04-23 12:19 - 2014-02-22 14:07 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\clrhost.dll
2014-04-23 12:19 - 2014-02-22 14:02 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aelupsvc.dll
2014-04-23 12:19 - 2014-02-22 13:57 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2014-04-23 12:19 - 2014-02-22 13:54 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2014-04-23 12:19 - 2014-02-22 13:50 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutil.exe
2014-04-23 12:19 - 2014-02-22 13:47 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2014-04-23 12:19 - 2014-02-22 13:46 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-04-23 12:19 - 2014-02-22 13:46 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-04-23 12:19 - 2014-02-22 13:41 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PkgMgr.exe
2014-04-23 12:19 - 2014-02-22 13:34 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmdskmgr.dll
2014-04-23 12:19 - 2014-02-22 13:30 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-04-23 12:19 - 2014-02-22 13:28 - 02428928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2014-04-23 12:19 - 2014-02-22 13:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\recimg.exe
2014-04-23 12:19 - 2014-02-22 13:25 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-04-23 12:19 - 2014-02-22 13:16 - 00617472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2014-04-23 12:19 - 2014-02-22 13:16 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clrhost.dll
2014-04-23 12:19 - 2014-02-22 13:15 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imm32.dll
2014-04-23 12:19 - 2014-02-22 13:06 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2014-04-23 12:19 - 2014-02-22 13:05 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RASMM.dll
2014-04-23 12:19 - 2014-02-22 13:05 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2014-04-23 12:19 - 2014-02-22 13:01 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsutil.exe
2014-04-23 12:19 - 2014-02-22 13:00 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-04-23 12:19 - 2014-02-22 12:58 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-04-23 12:19 - 2014-02-22 12:57 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-04-23 12:19 - 2014-02-22 12:56 - 02862592 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2014-04-23 12:19 - 2014-02-22 12:56 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\srchadmin.dll
2014-04-23 12:19 - 2014-02-22 12:54 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-04-23 12:19 - 2014-02-22 12:52 - 02288640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2014-04-23 12:19 - 2014-02-22 12:47 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfp.exe
2014-04-23 12:19 - 2014-02-22 12:41 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-04-23 12:19 - 2014-02-22 12:41 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2014-04-23 12:19 - 2014-02-22 12:41 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netid.dll
2014-04-23 12:19 - 2014-02-22 12:40 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-04-23 12:19 - 2014-02-22 12:39 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-04-23 12:19 - 2014-02-22 12:38 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DfpCommon.dll
2014-04-23 12:19 - 2014-02-22 12:37 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2014-04-23 12:19 - 2014-02-22 12:36 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2014-04-23 12:19 - 2014-02-22 12:31 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-04-23 12:19 - 2014-02-22 12:27 - 00397824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2014-04-23 12:19 - 2014-02-22 12:25 - 01428480 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2014-04-23 12:19 - 2014-02-22 12:22 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-04-23 12:19 - 2014-02-22 12:18 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2014-04-23 12:19 - 2014-02-22 12:18 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2014-04-23 12:19 - 2014-02-22 12:17 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2014-04-23 12:19 - 2014-02-22 12:15 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2014-04-23 12:19 - 2014-02-22 12:14 - 02811392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2014-04-23 12:19 - 2014-02-22 12:14 - 02165760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll
2014-04-23 12:19 - 2014-02-22 12:14 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2014-04-23 12:19 - 2014-02-22 12:13 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2014-04-23 12:19 - 2014-02-22 12:12 - 00797696 _____ (Microsoft Corporation) C:\WINDOWS\system32\PurchaseWindowsLicense.dll
2014-04-23 12:19 - 2014-02-22 12:09 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2014-04-23 12:19 - 2014-02-22 12:09 - 01224192 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2014-04-23 12:19 - 2014-02-22 12:09 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-04-23 12:19 - 2014-02-22 12:08 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-04-23 12:19 - 2014-02-22 12:05 - 01757184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-04-23 12:19 - 2014-02-22 12:04 - 00935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2014-04-23 12:19 - 2014-02-22 12:04 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WLanConn.dll
2014-04-23 12:19 - 2014-02-22 12:03 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-04-23 12:19 - 2014-02-22 12:02 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2014-04-23 12:19 - 2014-02-22 12:01 - 02648064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-04-23 12:19 - 2014-02-22 12:01 - 01227776 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2014-04-23 12:19 - 2014-02-22 12:01 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-04-23 12:19 - 2014-02-22 12:01 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2014-04-23 12:19 - 2014-02-22 12:00 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2014-04-23 12:19 - 2014-02-22 11:59 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-04-23 12:19 - 2014-02-22 11:57 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2014-04-23 12:19 - 2014-02-22 11:55 - 00244224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-04-23 12:19 - 2014-02-22 11:54 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2014-04-23 12:19 - 2014-02-22 11:53 - 00825344 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2014-04-23 12:19 - 2014-02-22 11:48 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-04-23 12:19 - 2014-02-22 11:48 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-04-23 12:19 - 2014-02-22 11:46 - 00528896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-04-23 12:19 - 2014-02-22 11:45 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2014-04-23 12:19 - 2014-02-22 11:45 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2014-04-23 12:19 - 2014-02-22 11:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2014-04-23 12:19 - 2014-02-22 11:45 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-04-23 12:19 - 2014-02-22 11:44 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2014-04-23 12:19 - 2014-02-22 11:44 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-04-23 12:19 - 2014-02-22 11:43 - 00107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2014-04-23 12:19 - 2014-02-22 11:40 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-04-23 12:19 - 2014-02-22 11:38 - 00753664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2014-04-23 12:19 - 2014-02-22 11:37 - 02220032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-04-23 12:19 - 2014-02-22 11:36 - 01392640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-04-23 12:19 - 2014-02-22 11:36 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dism.exe
2014-04-23 12:19 - 2014-02-22 11:35 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2014-04-23 12:19 - 2014-02-22 11:35 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofTasks.dll
2014-04-23 12:19 - 2014-02-22 11:34 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2014-04-23 12:19 - 2014-02-22 11:34 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2014-04-23 12:19 - 2014-02-22 11:33 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DismApi.dll
2014-04-23 12:19 - 2014-02-22 11:32 - 01162752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2014-04-23 12:19 - 2014-02-22 11:31 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-04-23 12:19 - 2014-02-22 11:28 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2014-04-23 12:19 - 2014-02-22 11:26 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2014-04-23 12:19 - 2014-02-22 11:26 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2014-04-23 12:19 - 2014-02-22 11:25 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-04-23 12:19 - 2014-02-22 11:25 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-04-23 12:19 - 2014-02-22 11:25 - 00399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2014-04-23 12:19 - 2014-02-22 11:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-04-23 12:19 - 2014-02-22 11:25 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2014-04-23 12:19 - 2014-02-22 11:25 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2014-04-23 12:19 - 2014-02-22 11:24 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2014-04-23 12:19 - 2014-02-22 11:23 - 00628224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll
2014-04-23 12:19 - 2014-02-22 11:23 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-04-23 12:19 - 2014-02-22 11:21 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-04-23 12:19 - 2014-02-22 11:18 - 00619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2014-04-23 12:19 - 2014-02-22 11:15 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Dism.exe
2014-04-23 12:19 - 2014-02-22 11:14 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2014-04-23 12:19 - 2014-02-22 11:14 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2014-04-23 12:19 - 2014-02-22 11:12 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DismApi.dll
2014-04-23 12:19 - 2014-02-22 11:11 - 02395136 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-04-23 12:19 - 2014-02-22 11:11 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2014-04-23 12:19 - 2014-02-22 11:10 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-04-23 12:19 - 2014-02-22 11:10 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-04-23 12:19 - 2014-02-22 11:09 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe
2014-04-23 12:19 - 2014-02-22 11:08 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2014-04-23 12:19 - 2014-02-22 11:07 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-04-23 12:19 - 2014-02-22 11:07 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2014-04-23 12:19 - 2014-02-22 11:06 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-04-23 12:19 - 2014-02-22 11:04 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\perftrack.dll
2014-04-23 12:19 - 2014-02-22 11:04 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-04-23 12:19 - 2014-02-22 11:02 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2014-04-23 12:19 - 2014-02-22 11:00 - 01341440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2014-04-23 12:19 - 2014-02-22 11:00 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2014-04-23 12:19 - 2014-02-22 10:59 - 01621504 _____ (Microsoft Corporation) C:\WINDOWS\system32\RacEngn.dll
2014-04-23 12:19 - 2014-02-22 10:59 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-04-23 12:19 - 2014-02-22 10:59 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-04-23 12:19 - 2014-02-22 10:59 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2014-04-23 12:19 - 2014-02-22 10:55 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2014-04-23 12:19 - 2014-02-22 10:54 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-04-23 12:19 - 2014-02-22 10:54 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2014-04-23 12:19 - 2014-02-22 10:54 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2014-04-23 12:19 - 2014-02-22 10:54 - 00194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2014-04-23 12:19 - 2014-02-22 10:53 - 00876544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-04-23 12:19 - 2014-02-22 10:52 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-04-23 12:19 - 2014-02-22 10:52 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-04-23 12:19 - 2014-02-22 10:51 - 01258496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RacEngn.dll
2014-04-23 12:19 - 2014-02-22 10:51 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2014-04-23 12:19 - 2014-02-22 10:51 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2014-04-23 12:19 - 2014-02-22 10:49 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2014-04-23 12:19 - 2014-02-22 10:48 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-04-23 12:19 - 2014-02-22 10:48 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2014-04-23 12:19 - 2014-02-22 10:47 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMM.dll
2014-04-23 12:19 - 2014-02-22 10:47 - 00517120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-04-23 12:19 - 2014-02-22 10:47 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-04-23 12:19 - 2014-02-22 10:47 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\AltTab.dll
2014-04-23 12:19 - 2014-02-22 10:45 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2014-04-23 12:19 - 2014-02-22 10:45 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-04-23 12:19 - 2014-02-22 10:44 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-04-23 12:19 - 2014-02-22 10:44 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2014-04-23 12:19 - 2014-02-22 10:44 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-04-23 12:19 - 2014-02-22 10:43 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2014-04-23 12:19 - 2014-02-22 10:43 - 00469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2014-04-23 12:19 - 2014-02-22 10:43 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-04-23 12:19 - 2014-02-22 10:43 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2014-04-23 12:19 - 2014-02-22 10:42 - 00943104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WlanMM.dll
2014-04-23 12:19 - 2014-02-22 10:42 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2014-04-23 12:19 - 2014-02-22 10:42 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-04-23 12:19 - 2014-02-22 10:40 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2014-04-23 12:19 - 2014-02-22 10:40 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-04-23 12:19 - 2014-02-22 10:39 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2014-04-23 12:19 - 2014-02-22 10:38 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-04-23 12:19 - 2014-02-22 10:37 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2014-04-23 12:19 - 2014-02-22 10:36 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2014-04-23 12:19 - 2014-02-22 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-04-23 12:19 - 2014-02-22 10:33 - 00609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2014-04-23 12:19 - 2014-02-22 10:31 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-04-23 12:19 - 2014-02-22 10:29 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2014-04-23 12:19 - 2014-02-22 10:24 - 02760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2014-04-23 12:19 - 2014-02-22 10:24 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmIndexer.dll
2014-04-23 12:19 - 2014-02-22 10:22 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-04-23 12:19 - 2014-02-22 10:22 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-04-23 12:19 - 2014-02-22 10:21 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-04-23 12:19 - 2014-02-22 10:21 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmIndexer.dll
2014-04-23 12:19 - 2014-02-22 10:18 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-04-23 12:19 - 2014-02-22 10:17 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-04-23 12:19 - 2014-02-22 10:06 - 01640960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2014-04-23 12:19 - 2014-02-22 10:04 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-04-23 12:19 - 2014-02-22 10:03 - 01496576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2014-04-23 12:19 - 2014-02-22 10:01 - 00978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-04-23 12:19 - 2014-02-22 10:01 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2014-04-23 12:19 - 2014-02-22 10:00 - 00514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2014-04-23 12:19 - 2014-02-22 06:33 - 00262335 _____ () C:\WINDOWS\system32\dfpinc.dat
2014-04-23 12:19 - 2014-02-02 16:48 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-04-23 12:19 - 2014-02-02 15:33 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-04-23 12:19 - 2014-01-31 11:55 - 03596800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2014-04-23 12:19 - 2014-01-31 11:35 - 03085824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2014-04-23 12:19 - 2014-01-31 11:15 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2014-04-23 12:19 - 2014-01-31 11:10 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2014-04-23 12:19 - 2014-01-31 10:18 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-04-23 12:19 - 2014-01-29 10:53 - 01653352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-04-23 12:19 - 2014-01-29 10:52 - 00551256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2014-04-23 12:19 - 2014-01-29 09:44 - 01369736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-04-23 12:19 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2014-04-23 12:19 - 2014-01-29 02:17 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2014-04-23 12:19 - 2014-01-27 19:04 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-04-23 12:19 - 2014-01-27 17:38 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-04-23 12:19 - 2014-01-17 19:24 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2014-04-23 12:19 - 2014-01-17 19:04 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2014-04-23 12:19 - 2014-01-08 03:30 - 00745328 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-04-23 12:19 - 2014-01-08 02:33 - 00552632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-04-23 12:19 - 2013-12-10 09:35 - 00530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2014-04-23 12:19 - 2013-12-04 17:54 - 00660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-04-23 12:19 - 2013-12-04 17:16 - 00546304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-04-23 12:19 - 2013-12-04 15:53 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-04-23 12:19 - 2013-11-11 01:41 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2014-04-23 12:18 - 2014-02-22 18:58 - 00036200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2014-04-23 12:18 - 2014-02-22 18:15 - 00071888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2014-04-23 12:18 - 2014-02-22 17:59 - 00027480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2014-04-23 12:18 - 2014-02-22 17:55 - 00162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2014-04-23 12:18 - 2014-02-22 17:55 - 00131168 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-04-23 12:18 - 2014-02-22 17:50 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\RestoreOptIn.exe
2014-04-23 12:18 - 2014-02-22 17:50 - 00054816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2014-04-23 12:18 - 2014-02-22 17:50 - 00032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserAccountBroker.exe
2014-04-23 12:18 - 2014-02-22 17:49 - 00189784 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2014-04-23 12:18 - 2014-02-22 17:49 - 00079192 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2014-04-23 12:18 - 2014-02-22 17:43 - 00094560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2014-04-23 12:18 - 2014-02-22 17:41 - 00028416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-04-23 12:18 - 2014-02-22 16:52 - 00251504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powrprof.dll
2014-04-23 12:18 - 2014-02-22 16:42 - 00137344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2014-04-23 12:18 - 2014-02-22 16:41 - 00033056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2014-04-23 12:18 - 2014-02-22 16:18 - 00089848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RestoreOptIn.exe
2014-04-23 12:18 - 2014-02-22 16:18 - 00029912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserAccountBroker.exe
2014-04-23 12:18 - 2014-02-22 16:08 - 00079496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2014-04-23 12:18 - 2014-02-22 14:20 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-power-events.dll
2014-04-23 12:18 - 2014-02-22 14:17 - 00902144 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2014-04-23 12:18 - 2014-02-22 14:17 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2014-04-23 12:18 - 2014-02-22 14:17 - 00874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2014-04-23 12:18 - 2014-02-22 14:17 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\f3ahvoas.dll
2014-04-23 12:18 - 2014-02-22 14:17 - 00008192 ____H (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-ntuser-private-l1-1-1.dll
2014-04-23 12:18 - 2014-02-22 14:17 - 00005632 ____H (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-session-winsta-l1-1-0.dll
2014-04-23 12:18 - 2014-02-22 14:17 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-ntuser-private-l1-1-0.dll
2014-04-23 12:18 - 2014-02-22 14:17 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-kernel32-package-l1-1-1.dll
2014-04-23 12:18 - 2014-02-22 14:14 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\watchdog.sys
2014-04-23 12:18 - 2014-02-22 14:14 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2014-04-23 12:18 - 2014-02-22 14:08 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncui.dll
2014-04-23 12:18 - 2014-02-22 14:08 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2014-04-23 12:18 - 2014-02-22 14:08 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimeng.dll
2014-04-23 12:18 - 2014-02-22 14:08 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2014-04-23 12:18 - 2014-02-22 14:08 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2014-04-23 12:18 - 2014-02-22 14:07 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2014-04-23 12:18 - 2014-02-22 14:06 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-04-23 12:18 - 2014-02-22 14:04 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2014-04-23 12:18 - 2014-02-22 14:03 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2014-04-23 12:18 - 2014-02-22 14:03 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2014-04-23 12:18 - 2014-02-22 14:01 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\spcompat.dll
2014-04-23 12:18 - 2014-02-22 14:00 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2014-04-23 12:18 - 2014-02-22 14:00 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetupproxyserv.dll
2014-04-23 12:18 - 2014-02-22 13:59 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgrade.exe
2014-04-23 12:18 - 2014-02-22 13:57 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-04-23 12:18 - 2014-02-22 13:50 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2014-04-23 12:18 - 2014-02-22 13:48 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ocsetapi.dll
2014-04-23 12:18 - 2014-02-22 13:47 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsdyn.dll
2014-04-23 12:18 - 2014-02-22 13:47 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2014-04-23 12:18 - 2014-02-22 13:45 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2014-04-23 12:18 - 2014-02-22 13:45 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhevents.dll
2014-04-23 12:18 - 2014-02-22 13:42 - 00038680 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2014-04-23 12:18 - 2014-02-22 13:39 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsvcctl.dll
2014-04-23 12:18 - 2014-02-22 13:37 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskpart.exe
2014-04-23 12:18 - 2014-02-22 13:32 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2014-04-23 12:18 - 2014-02-22 13:29 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2014-04-23 12:18 - 2014-02-22 13:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2014-04-23 12:18 - 2014-02-22 13:25 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2014-04-23 12:18 - 2014-02-22 13:25 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\f3ahvoas.dll
2014-04-23 12:18 - 2014-02-22 13:25 - 00008192 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-ntuser-private-l1-1-1.dll
2014-04-23 12:18 - 2014-02-22 13:25 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-ntuser-private-l1-1-0.dll
2014-04-23 12:18 - 2014-02-22 13:24 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2014-04-23 12:18 - 2014-02-22 13:24 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2014-04-23 12:18 - 2014-02-22 13:24 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2014-04-23 12:18 - 2014-02-22 13:24 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SSShim.dll
2014-04-23 12:18 - 2014-02-22 13:24 - 00005632 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-session-winsta-l1-1-0.dll
2014-04-23 12:18 - 2014-02-22 13:24 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-networking-wcmapi-l1-1-0.dll
2014-04-23 12:18 - 2014-02-22 13:24 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-kernel32-package-l1-1-1.dll
2014-04-23 12:18 - 2014-02-22 13:22 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-04-23 12:18 - 2014-02-22 13:22 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-04-23 12:18 - 2014-02-22 13:17 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2014-04-23 12:18 - 2014-02-22 13:17 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-04-23 12:18 - 2014-02-22 13:16 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-04-23 12:18 - 2014-02-22 13:16 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2014-04-23 12:18 - 2014-02-22 13:16 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2014-04-23 12:18 - 2014-02-22 13:16 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2014-04-23 12:18 - 2014-02-22 13:14 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cleanmgr.exe
2014-04-23 12:18 - 2014-02-22 13:13 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2014-04-23 12:18 - 2014-02-22 13:11 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2014-04-23 12:18 - 2014-02-22 13:09 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2014-04-23 12:18 - 2014-02-22 13:08 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2014-04-23 12:18 - 2014-02-22 13:08 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2014-04-23 12:18 - 2014-02-22 13:07 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\scavengeui.dll
2014-04-23 12:18 - 2014-02-22 13:07 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2014-04-23 12:18 - 2014-02-22 13:07 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-04-23 12:18 - 2014-02-22 13:05 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2014-04-23 12:18 - 2014-02-22 13:05 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentHost.dll
2014-04-23 12:18 - 2014-02-22 13:04 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfrgui.exe
2014-04-23 12:18 - 2014-02-22 13:03 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-04-23 12:18 - 2014-02-22 13:02 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContent.dll
2014-04-23 12:18 - 2014-02-22 13:02 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2014-04-23 12:18 - 2014-02-22 12:59 - 01283584 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2014-04-23 12:18 - 2014-02-22 12:59 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2014-04-23 12:18 - 2014-02-22 12:59 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ocsetapi.dll
2014-04-23 12:18 - 2014-02-22 12:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-04-23 12:18 - 2014-02-22 12:58 - 00610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2014-04-23 12:18 - 2014-02-22 12:58 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAConn.dll
2014-04-23 12:18 - 2014-02-22 12:57 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2014-04-23 12:18 - 2014-02-22 12:56 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-04-23 12:18 - 2014-02-22 12:56 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2014-04-23 12:18 - 2014-02-22 12:55 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\srrstr.dll
2014-04-23 12:18 - 2014-02-22 12:55 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrTasks.exe
2014-04-23 12:18 - 2014-02-22 12:53 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PkgMgr.exe
2014-04-23 12:18 - 2014-02-22 12:52 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2014-04-23 12:18 - 2014-02-22 12:51 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll
2014-04-23 12:18 - 2014-02-22 12:50 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\diskpart.exe
2014-04-23 12:18 - 2014-02-22 12:47 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmdskmgr.dll
2014-04-23 12:18 - 2014-02-22 12:47 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2014-04-23 12:18 - 2014-02-22 12:47 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2014-04-23 12:18 - 2014-02-22 12:47 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-04-23 12:18 - 2014-02-22 12:46 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2014-04-23 12:18 - 2014-02-22 12:41 - 02566656 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2014-04-23 12:18 - 2014-02-22 12:38 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-04-23 12:18 - 2014-02-22 12:36 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-04-23 12:18 - 2014-02-22 12:35 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2014-04-23 12:18 - 2014-02-22 12:35 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitagent.exe
2014-04-23 12:18 - 2014-02-22 12:34 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeResults.exe
2014-04-23 12:18 - 2014-02-22 12:33 - 00402944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2014-04-23 12:18 - 2014-02-22 12:32 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2014-04-23 12:18 - 2014-02-22 12:30 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cleanmgr.exe
2014-04-23 12:18 - 2014-02-22 12:29 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-04-23 12:18 - 2014-02-22 12:28 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-04-23 12:18 - 2014-02-22 12:27 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-04-23 12:18 - 2014-02-22 12:25 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2014-04-23 12:18 - 2014-02-22 12:21 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dfrgui.exe
2014-04-23 12:18 - 2014-02-22 12:21 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-04-23 12:18 - 2014-02-22 12:21 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2014-04-23 12:18 - 2014-02-22 12:20 - 01152512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2014-04-23 12:18 - 2014-02-22 12:17 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-04-23 12:18 - 2014-02-22 12:17 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2014-04-23 12:18 - 2014-02-22 12:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2014-04-23 12:18 - 2014-02-22 12:16 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srchadmin.dll
2014-04-23 12:18 - 2014-02-22 12:16 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2014-04-23 12:18 - 2014-02-22 12:13 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-04-23 12:18 - 2014-02-22 12:13 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2014-04-23 12:18 - 2014-02-22 12:12 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwizeng.dll
2014-04-23 12:18 - 2014-02-22 12:09 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2014-04-23 12:18 - 2014-02-22 12:09 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-23 12:18 - 2014-02-22 12:04 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netid.dll
2014-04-23 12:18 - 2014-02-22 12:03 - 02544128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2014-04-23 12:18 - 2014-02-22 11:59 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2014-04-23 12:18 - 2014-02-22 11:56 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2014-04-23 12:18 - 2014-02-22 11:54 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2014-04-23 12:18 - 2014-02-22 11:54 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-04-23 12:18 - 2014-02-22 11:54 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2014-04-23 12:18 - 2014-02-22 11:53 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-04-23 12:18 - 2014-02-22 11:53 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-04-23 12:18 - 2014-02-22 11:52 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2014-04-23 12:18 - 2014-02-22 11:51 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2014-04-23 12:18 - 2014-02-22 11:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll
2014-04-23 12:18 - 2014-02-22 11:49 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2014-04-23 12:18 - 2014-02-22 11:48 - 01136128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2014-04-23 12:18 - 2014-02-22 11:48 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2014-04-23 12:18 - 2014-02-22 11:46 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll
2014-04-23 12:18 - 2014-02-22 11:45 - 00453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2014-04-23 12:18 - 2014-02-22 11:44 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\korwbrkr.dll
2014-04-23 12:18 - 2014-02-22 11:43 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll
2014-04-23 12:18 - 2014-02-22 11:41 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-04-23 12:18 - 2014-02-22 11:40 - 02537472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2014-04-23 12:18 - 2014-02-22 11:39 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2014-04-23 12:18 - 2014-02-22 11:37 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-04-23 12:18 - 2014-02-22 11:36 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2014-04-23 12:18 - 2014-02-22 11:36 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WLanConn.dll
2014-04-23 12:18 - 2014-02-22 11:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2014-04-23 12:18 - 2014-02-22 11:29 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-04-23 12:18 - 2014-02-22 11:29 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2014-04-23 12:18 - 2014-02-22 11:28 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2014-04-23 12:18 - 2014-02-22 11:27 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-04-23 12:18 - 2014-02-22 11:27 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2014-04-23 12:18 - 2014-02-22 11:26 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2014-04-23 12:18 - 2014-02-22 11:26 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2014-04-23 12:18 - 2014-02-22 11:25 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbrand.dll
2014-04-23 12:18 - 2014-02-22 11:23 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2014-04-23 12:18 - 2014-02-22 11:23 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2014-04-23 12:18 - 2014-02-22 11:22 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2014-04-23 12:18 - 2014-02-22 11:22 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsku.dll
2014-04-23 12:18 - 2014-02-22 11:19 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\korwbrkr.dll
2014-04-23 12:18 - 2014-02-22 11:19 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-04-23 12:18 - 2014-02-22 11:19 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll
2014-04-23 12:18 - 2014-02-22 11:16 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxshared.dll
2014-04-23 12:18 - 2014-02-22 11:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-23 12:18 - 2014-02-22 11:07 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2014-04-23 12:18 - 2014-02-22 11:06 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2014-04-23 12:18 - 2014-02-22 11:04 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\slpts.dll
2014-04-23 12:18 - 2014-02-22 11:02 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2014-04-23 12:18 - 2014-02-22 11:02 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-04-23 12:18 - 2014-02-22 10:59 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-04-23 12:18 - 2014-02-22 10:58 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-04-23 12:18 - 2014-02-22 10:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-04-23 12:18 - 2014-02-22 10:55 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConfigureExpandedStorage.dll
2014-04-23 12:18 - 2014-02-22 10:55 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2014-04-23 12:18 - 2014-02-22 10:55 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\energytask.dll
2014-04-23 12:18 - 2014-02-22 10:55 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slpts.dll
2014-04-23 12:18 - 2014-02-22 10:55 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll
2014-04-23 12:18 - 2014-02-22 10:54 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2014-04-23 12:18 - 2014-02-22 10:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AepRoam.dll
2014-04-23 12:18 - 2014-02-22 10:51 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2014-04-23 12:18 - 2014-02-22 10:49 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2014-04-23 12:18 - 2014-02-22 10:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2014-04-23 12:18 - 2014-02-22 10:48 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2014-04-23 12:18 - 2014-02-22 10:48 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2014-04-23 12:18 - 2014-02-22 10:48 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll
2014-04-23 12:18 - 2014-02-22 10:47 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2014-04-23 12:18 - 2014-02-22 10:46 - 03312128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2014-04-23 12:18 - 2014-02-22 10:45 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2014-04-23 12:18 - 2014-02-22 10:45 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2014-04-23 12:18 - 2014-02-22 10:44 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\provsvc.dll
2014-04-23 12:18 - 2014-02-22 10:44 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2014-04-23 12:18 - 2014-02-22 10:43 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2014-04-23 12:18 - 2014-02-22 10:43 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Renewal.dll
2014-04-23 12:18 - 2014-02-22 10:40 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2014-04-23 12:18 - 2014-02-22 10:39 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2014-04-23 12:18 - 2014-02-22 10:39 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\provsvc.dll
2014-04-23 12:18 - 2014-02-22 10:39 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2014-04-23 12:18 - 2014-02-22 10:38 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2014-04-23 12:18 - 2014-02-22 10:35 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2014-04-23 12:18 - 2014-02-22 10:33 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2014-04-23 12:18 - 2014-02-22 10:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2014-04-23 12:18 - 2014-02-22 10:30 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2014-04-23 12:18 - 2014-02-22 10:24 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2014-04-23 12:18 - 2014-02-22 10:22 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2014-04-23 12:18 - 2014-02-22 10:20 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2014-04-23 12:18 - 2014-02-22 10:20 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2014-04-23 12:18 - 2014-02-22 10:19 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2014-04-23 12:18 - 2014-02-22 10:17 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2014-04-23 12:18 - 2014-02-22 10:17 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2014-04-23 12:18 - 2014-02-22 09:54 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2014-04-23 12:18 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-04-23 12:18 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-04-23 12:18 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-04-23 12:18 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-04-23 12:18 - 2014-02-08 03:08 - 00100197 _____ () C:\WINDOWS\SysWOW64\RacRules.xml
2014-04-23 12:18 - 2014-02-08 03:08 - 00100197 _____ () C:\WINDOWS\system32\RacRules.xml
2014-04-23 12:18 - 2014-02-01 08:00 - 00011109 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-04-23 12:18 - 2014-02-01 08:00 - 00011109 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-04-23 12:18 - 2014-02-01 08:00 - 00007762 _____ () C:\WINDOWS\SysWOW64\connectedsearch-suggestions.searchconnector-ms
2014-04-23 12:18 - 2014-02-01 08:00 - 00007762 _____ () C:\WINDOWS\system32\connectedsearch-suggestions.searchconnector-ms
2014-04-23 12:18 - 2014-02-01 08:00 - 00007130 _____ () C:\WINDOWS\SysWOW64\connectedsearch-zeroinput.searchconnector-ms
2014-04-23 12:18 - 2014-02-01 08:00 - 00007130 _____ () C:\WINDOWS\system32\connectedsearch-zeroinput.searchconnector-ms
2014-04-23 12:18 - 2014-02-01 08:00 - 00002255 _____ () C:\WINDOWS\SysWOW64\WimBootCompress.ini
2014-04-23 12:18 - 2014-02-01 08:00 - 00002255 _____ () C:\WINDOWS\system32\WimBootCompress.ini
2014-04-23 12:18 - 2014-01-31 13:59 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-04-23 12:18 - 2014-01-31 13:11 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-04-23 12:18 - 2014-01-31 11:19 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2014-04-23 12:18 - 2014-01-31 11:08 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2014-04-23 12:18 - 2014-01-31 11:04 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2014-04-23 12:18 - 2014-01-31 10:24 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-04-23 12:18 - 2014-01-29 10:40 - 00994136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2014-04-23 12:18 - 2014-01-29 02:18 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2014-04-23 12:18 - 2014-01-27 21:53 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2014-04-23 12:18 - 2014-01-27 19:54 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-04-23 12:18 - 2014-01-27 13:45 - 00050053 _____ () C:\WINDOWS\system32\srms.dat
2014-04-23 12:18 - 2014-01-22 08:21 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2014-04-23 12:18 - 2014-01-22 07:50 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2014-04-23 12:18 - 2013-12-04 16:19 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-04-23 12:18 - 2013-11-27 11:47 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\finger.exe
2014-04-23 12:18 - 2013-11-27 11:20 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\finger.exe
2014-04-23 12:18 - 2013-11-27 11:10 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiohlp.dll
2014-04-23 12:18 - 2013-11-27 10:56 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiohlp.dll
2014-04-23 12:18 - 2013-11-08 06:04 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-04-23 12:18 - 2013-11-08 05:47 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-04-23 12:17 - 2014-02-22 06:43 - 00002440 ___RS () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
2014-04-23 11:11 - 2014-04-23 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\svnet
2014-04-23 11:11 - 2014-04-23 11:11 - 00000000 ____D () C:\Program Files (x86)\svnet
2014-04-23 11:11 - 2005-10-05 12:43 - 00266307 _____ (Dart Communications) C:\WINDOWS\SysWOW64\DartWebASP.dll
2014-04-23 11:11 - 2005-09-29 14:59 - 00221184 _____ (Dart Communications) C:\WINDOWS\SysWOW64\DartSock.dll
2014-04-23 11:11 - 2005-09-29 14:59 - 00147456 _____ (Dart Communications) C:\WINDOWS\SysWOW64\DartWeb.dll
2014-04-23 11:11 - 2005-09-29 14:59 - 00122880 _____ (Dart Communications) C:\WINDOWS\SysWOW64\DartWebUtil.dll
2014-04-23 11:11 - 2005-08-03 16:35 - 00507904 _____ (ComponentOne LLC) C:\WINDOWS\SysWOW64\vsrpt8.ocx
2014-04-23 11:11 - 2005-07-22 13:03 - 00163840 _____ (Dart Communications) C:\WINDOWS\SysWOW64\DartSecure2.dll
2014-04-23 11:11 - 2005-07-22 13:02 - 00155648 _____ (Dart Communications) C:\WINDOWS\SysWOW64\DartCertificate.dll
2014-04-23 11:11 - 2004-09-17 12:28 - 01114112 _____ (ComponentOne LLC) C:\WINDOWS\SysWOW64\tdbl8.ocx
2014-04-23 11:11 - 2004-07-26 16:02 - 00192512 _____ (ComponentOne) C:\WINDOWS\SysWOW64\vsvport8.ocx
2014-04-23 11:11 - 2004-07-26 16:01 - 00417792 _____ (ComponentOne) C:\WINDOWS\SysWOW64\vsprint8.ocx
2014-04-23 11:11 - 2004-07-26 10:51 - 00311296 _____ (ComponenetOne) C:\WINDOWS\SysWOW64\c1sizer.ocx
2014-04-23 11:11 - 2003-11-10 16:32 - 00790528 _____ (Polar sales@polarsoftware.com www.polarsoftware.com) C:\WINDOWS\SysWOW64\polarcrypto.dll
2014-04-23 11:11 - 2002-02-27 15:24 - 00794304 _____ (Data Dynamics) C:\WINDOWS\SysWOW64\Actbar2.ocx
2014-04-23 11:11 - 2000-10-15 18:59 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJINT35.DLL
2014-04-23 11:11 - 1999-09-28 21:42 - 01050896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet35.dll
2014-04-23 11:11 - 1999-08-25 14:57 - 00415504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl35.dll
2014-04-23 11:11 - 1998-04-23 23:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbar332.dll
2014-04-23 11:11 - 1998-04-23 23:00 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Msrd2x35.dll
2014-04-23 11:11 - 1998-04-23 23:00 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJTER35.DLL
2014-04-23 11:09 - 2014-04-23 11:09 - 14155369 _____ () C:\Users\Tobias\Downloads\Setup.exe
2014-04-23 10:26 - 2014-04-23 10:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-04-23 10:26 - 2014-04-23 10:26 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-04-23 10:23 - 2014-04-23 10:23 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-04-23 10:23 - 2014-04-23 10:23 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-04-23 10:23 - 2014-04-23 10:23 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll

==================== One Month Modified Files and Folders =======

2014-05-20 16:39 - 2014-05-20 16:39 - 00030952 _____ () C:\Users\Tobias\Downloads\FRST.txt
2014-05-20 16:39 - 2014-05-20 16:39 - 00000000 ____D () C:\FRST
2014-05-20 16:37 - 2014-05-20 16:37 - 02067456 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64.exe
2014-05-20 16:37 - 2013-10-26 09:14 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B2C2A18A-3D72-423D-9A8B-1FB0AD81A039}
2014-05-20 16:33 - 2013-04-13 11:44 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-91668819-312498841-480008626-1001
2014-05-20 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-20 15:47 - 2013-12-22 14:23 - 00004208 _____ () C:\WINDOWS\System32\Tasks\Software Updater
2014-05-20 15:46 - 2013-09-30 06:14 - 02176356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-20 15:46 - 2013-09-30 05:56 - 00911022 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-20 15:46 - 2013-09-30 05:56 - 00218164 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-20 15:43 - 2014-05-20 15:28 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 15:43 - 2013-10-26 09:10 - 00000000 __RDO () C:\Users\Tobias\SkyDrive
2014-05-20 15:39 - 2013-09-29 21:04 - 00038932 _____ () C:\WINDOWS\PFRO.log
2014-05-20 15:39 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-20 15:38 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-20 15:28 - 2014-05-20 15:28 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-20 15:28 - 2014-05-20 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-20 15:28 - 2014-05-20 15:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-20 15:28 - 2014-05-20 15:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-20 15:27 - 2014-05-20 15:27 - 00961360 _____ (Chip Digital GmbH) C:\Users\Tobias\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-05-20 13:03 - 2013-04-21 10:02 - 00003162 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForTobias
2014-05-20 13:03 - 2013-04-21 10:02 - 00000346 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForTobias.job
2014-05-20 11:22 - 2013-10-26 08:08 - 01188624 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-20 11:21 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-20 11:04 - 2014-05-20 11:04 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Snz
2014-05-20 11:04 - 2014-03-06 16:53 - 00003102 _____ () C:\WINDOWS\System32\Tasks\Fifth
2014-05-20 11:04 - 2014-03-06 16:53 - 00003094 _____ () C:\WINDOWS\System32\Tasks\OMESupervisor
2014-05-20 11:04 - 2014-03-06 16:53 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Fifth
2014-05-20 11:04 - 2013-04-20 12:31 - 00000000 ____D () C:\Users\Tobias\Documents\Outlook-Dateien
2014-05-20 11:03 - 2014-05-20 11:03 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\SCheck
2014-05-20 11:03 - 2014-03-14 08:18 - 00002523 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Standard.lnk
2014-05-20 11:03 - 2014-03-14 08:18 - 00002071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-05-20 11:00 - 2013-04-10 20:18 - 00000000 ___RD () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-20 11:00 - 2013-04-10 20:18 - 00000000 ___RD () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-20 10:51 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-20 10:51 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-20 10:51 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-20 10:51 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-20 10:51 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-20 10:51 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-19 15:08 - 2014-05-19 14:51 - 00049664 _____ () C:\Users\Tobias\Desktop\Zusatzbeiträge Nachwuchs 04_06_2014.xls
2014-05-19 14:51 - 2014-03-31 15:20 - 00049664 _____ () C:\Users\Tobias\Desktop\Kopie von Zusatzbeiträge Nachwuchs 01_03_2014nmmmmmmmmmmmmmm.xls
2014-05-19 14:50 - 2014-05-19 14:50 - 00018250 _____ () C:\Users\Tobias\Desktop\Zusatzbeiträge Nachwuchs 04_06_2014.xlsx
2014-05-19 14:24 - 2014-05-19 14:24 - 00064512 _____ () C:\Users\Tobias\Desktop\Kopie von Gehälter Mai 2014.xls
2014-05-18 10:38 - 2013-04-16 20:35 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-05-18 10:37 - 2013-04-16 20:35 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-18 03:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-17 04:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-17 04:29 - 2013-04-13 13:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 04:27 - 2013-08-07 07:50 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-17 04:26 - 2013-04-16 21:11 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-16 14:20 - 2014-03-31 14:51 - 00029696 _____ () C:\Users\Tobias\Desktop\Vorlage ÜW Lohn und ÜLl.xls
2014-05-10 09:51 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-10 09:32 - 2014-05-10 09:31 - 00005524 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-10 09:32 - 2013-11-10 10:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-10 09:32 - 2013-05-20 20:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-08 16:43 - 2014-03-06 15:38 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Aquamarin Haushaltsbuch
2014-05-07 21:03 - 2014-05-07 21:03 - 00467120 _____ () C:\Users\Tobias\AppData\Local\omesuperv.exe
2014-05-06 06:40 - 2014-05-16 13:44 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-16 13:44 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-16 13:44 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-16 13:44 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-03 04:33 - 2014-05-03 04:33 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-03 04:33 - 2014-05-03 04:33 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 22:30 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 08:40 - 2014-05-01 08:40 - 00000000 __SHD () C:\Users\Tobias\AppData\Local\EmieUserList
2014-05-01 08:40 - 2014-05-01 08:40 - 00000000 __SHD () C:\Users\Tobias\AppData\Local\EmieSiteList
2014-05-01 08:36 - 2013-08-22 16:44 - 00436440 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\zh-HK
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\uk-UA
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\th-TH
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sl-SI
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sk-SK
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\ro-RO
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\lv-LV
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\lt-LT
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\hr-HR
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\he-IL
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\et-EE
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\bg-BG
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\ar-SA
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-04-27 12:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2014-04-27 12:09 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2014-04-27 12:09 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-04-27 12:09 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-04-27 12:09 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-04-27 12:09 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-04-27 12:09 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-04-27 12:08 - 2013-10-26 08:12 - 00000000 ___HD () C:\Users\Tobias
2014-04-23 11:11 - 2014-04-23 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\svnet
2014-04-23 11:11 - 2014-04-23 11:11 - 00000000 ____D () C:\Program Files (x86)\svnet
2014-04-23 11:09 - 2014-04-23 11:09 - 14155369 _____ () C:\Users\Tobias\Downloads\Setup.exe
2014-04-23 10:26 - 2014-04-23 10:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-04-23 10:26 - 2014-04-23 10:26 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-04-23 10:23 - 2014-04-23 10:23 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-04-23 10:23 - 2014-04-23 10:23 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-04-23 10:23 - 2014-04-23 10:23 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-04-23 10:23 - 2014-04-23 10:23 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-04-22 07:21 - 2013-08-22 16:46 - 00378284 _____ () C:\WINDOWS\setupact.log
2014-04-22 07:18 - 2013-04-21 10:10 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.6988.dll


Some content of TEMP:
====================
C:\Users\Tobias\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Tobias\AppData\Local\Temp\sp64126.exe
C:\Users\Tobias\AppData\Local\Temp\tmp28B4.exe
C:\Users\Tobias\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Tobias\AppData\Local\Temp\unrar.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-20 16:33

==================== End Of Log ============================

DiabolusXXX 20.05.2014 16:02
Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Tobias at 2014-05-20 16:40:03
Running from C:\Users\Tobias\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.30 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0930-000001000000}) (Version: 9.30.00.0 - Igor Pavlov)
Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Amazon Kindle For PC v1.0 (HKLM-x32\...\Amazon Kindle For PC) (Version:  - )
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aquamarin Haushaltsbuch 2.9.2 b (HKLM-x32\...\{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1) (Version:  - makasy.com)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{55FB8585-9F5F-482E-BDE3-57F338C1DE97}) (Version: 3.0.15.182 - ArcSoft)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
B1315AppGuid (x32 Version: 1.0.0 - DATEV eG) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Buchhaltung  (HKLM-x32\...\{13CE6A18-2936-49E5-B10C-148A12C035DD}) (Version: 13.0.4500.0 - Buhl Data Service GmbH)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CrashPlan (HKLM\...\{CEDCEA9A-5F1E-48D7-898A-39D3D6B9AD70}) (Version: 3.5.3 - CrashPlan)
Crystal Reports Runtime XI (x32 Version: 1.0.9 - DATEV eG) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.1.4319 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DATEV Infragistics Runtime V.3.2 (x32 Version: 3.2.0 - Infragistics, Inc.) Hidden
DATEV Installation V.3.2 (HKLM-x32\...\DATEVB00000482.0) (Version:  - )
DATEV-SWM-Treiber-Installation (HKLM\...\{44121473-7f07-4b11-8531-bc2c3cf85fc8}.sdb) (Version:  - )
DATEV-SWM-Treiber-Installation _x64 (HKLM\...\{96d08687-10a0-4561-a630-c18dcf7d4b29}.sdb) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
DFL2010 ConfigDB (HKLM-x32\...\{46B1F595-EFB2-4463-B302-312A2C7B70A6}) (Version: 4.35.4339.0 - DATEV eG)
DFL2010 Microkernel (HKLM-x32\...\{063DF19F-5FE9-43D3-A961-944ABD050A4C}) (Version: 4.35.4339.0 - DATEV eG)
Die Kluge Eule (HKCU\...\Die Kluge Eule) (Version:  - )
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.3.20130522 - Landesfinanzdirektion Thüringen)
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FUSSBALL MANAGER 12 (HKLM-x32\...\FUSSBALL MANAGER 12) (Version: 1.0.0.3 - Electronic Arts)
Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM-x32\...\{1D081AB0-B1CC-11E0-80C0-005056B12123}) (Version: 11.07.19.8023 - Haufe)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
kobdfu x64x86 driver installation (x32 Version: 1.00.0000 - KOBIL Systems) Hidden
KOBIL CCID driver x64x86 (x32 Version: 1.013.02121 - KOBIL Systems) Hidden
Lexware buchhalter 2014 (x32 Version: 19.00.00.0091 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware buchhalter plus 2014 (HKLM-x32\...\{035827af-0859-42a8-b34d-35a06c2773d2}) (Version: 19.0.0.91 - Haufe-Lexware GmbH & Co.KG)
Lexware Datenbank plus 2012 (HKLM-x32\...\{448DA1AD-D1CA-4967-8EFA-9482F31E7BFD}) (Version: 12.00.00.0116 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (HKLM-x32\...\{CEF3D480-E4A5-4962-BCF5-D72F355B4E98}) (Version: 14.02.00.0015 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 4.01.00.0077 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 3.01.00.0011 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (x32 Version: 20.00.00.0059 - Haufe-Lexware GmbH Co.KG) Hidden
Lexware reisekosten plus 2012 (HKLM-x32\...\{BE672587-331F-42F7-BC38-D59759311C75}) (Version: 12.01.00.0137 - Haufe-Lexware GmbH & Co.KG)
Lexware reisekosten plus 2012 (x32 Version: 12.01.00.0137 - ) Hidden
LG NASDetector (HKLM-x32\...\{81388290-5DFA-493E-83D6-244B652DE5AA}) (Version: 1.00.0000 - LG Electronics Inc.)
LG NASMonitor (HKLM-x32\...\{ED1A63BB-5646-4BF9-BD2F-7CDDFE24FE78}) (Version: 1.00.0000 - LG Electronics Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (German) (HKLM-x32\...\{90120000-00D1-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{C3525BF7-3698-4CD3-A8C3-69BD6F57BA3B}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser (x32 Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Mozilla Firefox 23.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 de)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero BackItUp (HKLM-x32\...\{0420F95C-11FF-4E02-B967-6CC22B188F9F}) (Version: 5.2.24001 - Nero AG)
Nero BackItUp and Burn (HKLM-x32\...\{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}) (Version: 1.2.0031.1 - Nero AG)
Nero BurnRights (HKLM-x32\...\{397516AE-7DFE-4F90-84E0-BD616D559434}) (Version: 3.6.26001 - Nero AG)
Nero Express (HKLM-x32\...\{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}) (Version: 9.6.16000 - Nero AG)
Nero RescueAgent (HKLM-x32\...\{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}) (Version: 2.6.26000 - Nero AG)
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2702 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
PIKO Master Control V2.0 v1.2.1.37334 (HKLM-x32\...\PIKO Master Control V2.0_is1) (Version: 1.2.1.37334 - KOSTAL Solar Electric GmbH)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Ritter Rost 1.0 (HKLM-x32\...\Ritter Rost) (Version: 1.0 - USM)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung CLX-3170 Series (HKLM-x32\...\Samsung CLX-3170 Series) (Version:  - Samsung Electronics CO.,LTD)
SCR3xxx Smart Card Reader (HKLM-x32\...\{17B0906A-26ED-45D0-B51B-83EF1AADCCFE}) (Version: 8.51 - Identive)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Service Pack 2 für SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Full text search (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQLXML4 (HKLM\...\{DEA9F247-F832-4E36-90BF-D8EDA206521A}) (Version: 9.00.5000.00 - Microsoft Corporation)
sv.net (HKLM-x32\...\sv.net) (Version: 14.0 - ITSG GmbH)
TAXMAN 2010 (HKLM-x32\...\{5C5B0836-9648-4057-8044-2DF181E073E2}) (Version: 16.14.00.0002 - Haufe-Lexware GmbH & Co. KG)
TAXMAN 2011 (HKLM-x32\...\{3526C5B8-60EE-4199-BEFD-6BCC86F051B9}) (Version: 17.08.00.0011 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2012 (HKLM-x32\...\{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}) (Version: 18.10.00.0007 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2013 (HKLM-x32\...\{F289D934-2224-473B-B57E-0040D2693F83}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2014 (HKLM-x32\...\{4A1C559D-38F6-49CF-BDA5-CF354FFE04E4}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
TAXMAN Bibliothek 2011 (HKLM-x32\...\{3563500D-85F7-48AE-A91D-811E92BA49BB}) (Version: 17.10.0.0 - Haufe-Lexware GmbH & Co. KG)
TAXMAN Bibliothek 2012 (HKLM-x32\...\{DF344785-0900-471E-B9F5-6F28C89AF638}) (Version: 18.1.0.0 - Haufe-Lexware GmbH & Co. KG)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

17-05-2014 02:25:39 Windows Update
20-05-2014 13:23:51 Removed iWebcamera

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {319EAC76-C252-4C10-8336-D05BB182B9EC} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3E903762-FECF-43C3-A24D-3CDFCB6AC516} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {64F787D6-42C6-43D2-925A-F021BB30D94E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73823E06-F89F-4E3E-91CA-80C909892562} - System32\Tasks\HPCeeScheduleForTobias => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7CE45500-1F11-4A88-AD6E-128B5464250B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {82607AF6-BD02-4E96-92E9-D84F01AD50EC} - System32\Tasks\OMESupervisor => C:\Users\Tobias\AppData\Local\omesuperv.exe [2014-05-07] () <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8F82E24C-9255-47C0-8406-C13388567472} - System32\Tasks\DATEV eG\DATEV Update-Monitor => C:\DATEV\PROGRAMM\Install\DvInesASDMon.exe [2013-08-02] (DATEV eG)
Task: {8FDCCAE4-CFF9-4092-B6C3-15C6562D45C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {9C232387-0A1D-44D9-9A87-CECA0C723B78} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A3C8C131-F4AE-4D97-8A31-64722D21D147} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {A8B30FDB-A83A-4E39-892D-A08AAAEA2D77} - System32\Tasks\Freemium1ClickMaint => C:\WINDOWS\system32\1Click.exe
Task: {B85BF1B1-0959-47D9-88E2-D8EEEB66F4AF} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {C4622A2C-6B7F-4417-A4D4-11ED9F5E2E92} - System32\Tasks\Fifth => C:\Users\Tobias\AppData\Roaming\Fifth\Fifth.exe [2014-05-07] () <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D357C8E8-33B9-4624-A541-060BF4B74129} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D781EDC7-8DAC-46FC-88CB-9751C09159B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E7ED702D-DEB9-4F43-834C-738F06B72D0F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-17] (Microsoft Corporation)
Task: {F7371B97-BA2F-4A46-818B-5A767DF422D2} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {FC0502B8-E466-4B34-9C73-99FDB89DC003} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2014-01-03] ()
Task: C:\WINDOWS\Tasks\HPCeeScheduleForTobias.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-02-23 14:33 - 2006-02-23 12:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2014-02-23 14:33 - 2006-02-22 11:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2008-09-09 11:22 - 2008-09-09 11:22 - 00022016 _____ () C:\WINDOWS\System32\sst1cl6.dll
2013-04-09 01:35 - 2013-04-09 01:35 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2014-02-26 17:11 - 2014-02-26 17:11 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-10-26 09:09 - 2013-10-26 09:09 - 00120224 _____ () C:\Users\Tobias\AppData\Local\assembly\dl3\YE1AVPRL.6LB\TOYV8PND.W6L\82775dca\0017145d_cd85cd01\HPItunesModule.DLL
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-23 15:37 - 2013-12-23 15:37 - 00251904 _____ () C:\DATEV\PROGRAMM\RZKOMM\DATEV.CC.BASECPP.DLL
2012-12-11 20:33 - 2012-07-18 10:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-12-11 20:39 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-26 13:20 - 2013-09-26 13:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 13:20 - 2013-09-26 13:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2013-03-27 17:00 - 2013-03-27 17:00 - 00100904 ____N () C:\DATEV\SYSTEM\DVCCSASCMTF001.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Tobias\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2014 04:33:25 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "Windows RE tools" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (05/20/2014 03:49:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: BÜRO)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/20/2014 00:42:21 PM) (Source: Datev.CC.Processes.Hosting.RdtServiceMode) (EventID: 0) (User: )
Description: 20.05.2014 12:42:21 11 Error Datev.Framework.RemoteServiceModel 
**************************************************************************
Datev.Framework.RemoteServiceModel.GenericService2010.exe Exception - Message
20.05.2014 12:42:21    Platform Target: x86 de-DE
DFL 4.0.0.0(4.35.4339.0)    .Net 4.0.30319.34014

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

**************************************************************************
ExceptionType: Datev.Framework.RemoteServiceModel.RemoteServiceCommunicationException

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
Datev.CC.Processes.Hosting.RdtServiceMode

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
SecureMessageText: True
ReasonId: 0
Priority: High
--------------------------------------------------------------------------
ExceptionCollection RemoteServiceCommunicationException
**************************************************************************
Exception 1 in Collection:
--------------------------------------------------------------------------
ExceptionType: System.ArgumentException

#EXC485748116
Async End hat einen Aufruf auf dem falschen Kanal platziert.
Parametername: result

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
System.ServiceModel

--------------------------------------------------------------------------
TargetSite
--------------------------------------------------------------------------
System.Object EndCall(System.String, System.Object[], System.IAsyncResult)

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
ParamName: result
--------------------------------------------------------------------------
StackTrace
--------------------------------------------------------------------------
  bei System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
  bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)


----------------------------
Application Information
----------------------------
TimeStamp=Dienstag, 20. Mai 2014, 12:42:21

EntryModule=C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe, 05.12.2013 16:47:50
KernelModule=Datev.Framework.MicroKernel, 18.01.2014 16:12:57
--------------------------------------------------------------------------

Error: (05/20/2014 00:42:21 PM) (Source: Datev.Database.Conserve) (EventID: 0) (User: )
Description: 20.05.2014 12:42:21 13 Error Datev.Framework.RemoteServiceModel 
**************************************************************************
Datev.Framework.RemoteServiceModel.GenericService2010.exe Exception - Message
20.05.2014 12:42:21    Platform Target: x86 de-DE
DFL 4.0.0.0(4.35.4339.0)    .Net 4.0.30319.34014

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

**************************************************************************
ExceptionType: Datev.Framework.RemoteServiceModel.RemoteServiceCommunicationException

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
Datev.Database.Conserve

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
SecureMessageText: True
ReasonId: 0
Priority: High
--------------------------------------------------------------------------
ExceptionCollection RemoteServiceCommunicationException
**************************************************************************
Exception 1 in Collection:
--------------------------------------------------------------------------
ExceptionType: System.ArgumentException

#EXC485748116
Async End hat einen Aufruf auf dem falschen Kanal platziert.
Parametername: result

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
System.ServiceModel

--------------------------------------------------------------------------
TargetSite
--------------------------------------------------------------------------
System.Object EndCall(System.String, System.Object[], System.IAsyncResult)

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
ParamName: result
--------------------------------------------------------------------------
StackTrace
--------------------------------------------------------------------------
  bei System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
  bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)


----------------------------
Application Information
----------------------------
TimeStamp=Dienstag, 20. Mai 2014, 12:42:21

EntryModule=C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe, 05.12.2013 16:47:50
KernelModule=Datev.Framework.MicroKernel, 18.01.2014 16:12:57
--------------------------------------------------------------------------

Error: (05/20/2014 00:42:21 PM) (Source: Datev.Framework.RemoteServiceModel.EnablerService) (EventID: 0) (User: )
Description: 20.05.2014 12:42:21 12 Error Datev.Framework.RemoteServiceModel 
**************************************************************************
Datev.Framework.RemoteServiceModel.GenericService2010.exe Exception - Message
20.05.2014 12:42:21    Platform Target: x86 de-DE
DFL 4.0.0.0(4.35.4339.0)    .Net 4.0.30319.34014

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

**************************************************************************
ExceptionType: Datev.Framework.RemoteServiceModel.RemoteServiceCommunicationException

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
Datev.Framework.RemoteServiceModel.EnablerService

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
SecureMessageText: True
ReasonId: 0
Priority: High
--------------------------------------------------------------------------
ExceptionCollection RemoteServiceCommunicationException
**************************************************************************
Exception 1 in Collection:
--------------------------------------------------------------------------
ExceptionType: System.ArgumentException

#EXC485748116
Async End hat einen Aufruf auf dem falschen Kanal platziert.
Parametername: result

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
System.ServiceModel

--------------------------------------------------------------------------
TargetSite
--------------------------------------------------------------------------
System.Object EndCall(System.String, System.Object[], System.IAsyncResult)

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
ParamName: result
--------------------------------------------------------------------------
StackTrace
--------------------------------------------------------------------------
  bei System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
  bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)


----------------------------
Application Information
----------------------------
TimeStamp=Dienstag, 20. Mai 2014, 12:42:21

EntryModule=C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe, 05.12.2013 16:47:50
KernelModule=Datev.Framework.MicroKernel, 18.01.2014 16:12:57
--------------------------------------------------------------------------

Error: (05/20/2014 11:14:05 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "Windows RE tools" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (05/20/2014 10:49:15 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (05/20/2014 10:25:37 AM) (Source: Datev.CC.Processes.Hosting.RdtServiceMode) (EventID: 0) (User: )
Description: 20.05.2014 10:25:37 10 Error Datev.Framework.RemoteServiceModel 
**************************************************************************
Datev.Framework.RemoteServiceModel.GenericService2010.exe Exception - Message
20.05.2014 10:25:37    Platform Target: x86 de-DE
DFL 4.0.0.0(4.35.4339.0)    .Net 4.0.30319.34014

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

**************************************************************************
ExceptionType: Datev.Framework.RemoteServiceModel.RemoteServiceCommunicationException

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
Datev.CC.Processes.Hosting.RdtServiceMode

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
SecureMessageText: True
ReasonId: 0
Priority: High
--------------------------------------------------------------------------
ExceptionCollection RemoteServiceCommunicationException
**************************************************************************
Exception 1 in Collection:
--------------------------------------------------------------------------
ExceptionType: System.TimeoutException

#EXC1859616490
Dieser an net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService gesendete Anforderungsvorgang hat innerhalb des konfigurierten Zeitlimits (00:10:00) keine Antwort empfangen. Der für diesen Vorgang zugewiesene Zeitraum war möglicherweise ein Teil eines längeren Timeouts. Mögliche Ursachen: Der Dienst verarbeitet den Vorgang noch, oder der Dienst konnte keine Antwortnachricht senden. Erwägen Sie, das Zeitlimit für den Vorgang zu erhöhen (indem Sie den Kanal/Proxy in IContextChannel umwandeln und die OperationTimeout-Eigenschaft festlegen), und stellen Sie sicher, dass der Dienst eine Verbindung mit dem Client herstellen kann.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
System.ServiceModel.Internals

--------------------------------------------------------------------------
TargetSite
--------------------------------------------------------------------------
TAsyncResult End[TAsyncResult](System.IAsyncResult)

--------------------------------------------------------------------------
StackTrace
--------------------------------------------------------------------------
  bei System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
  bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)


----------------------------
Application Information
----------------------------
TimeStamp=Dienstag, 20. Mai 2014, 10:25:37

EntryModule=C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe, 05.12.2013 16:47:50
KernelModule=Datev.Framework.MicroKernel, 18.01.2014 16:12:57
--------------------------------------------------------------------------

Error: (05/20/2014 10:25:37 AM) (Source: Datev.Framework.RemoteServiceModel.EnablerService) (EventID: 0) (User: )
Description: 20.05.2014 10:25:37 17 Error Datev.Framework.RemoteServiceModel 
**************************************************************************
Datev.Framework.RemoteServiceModel.GenericService2010.exe Exception - Message
20.05.2014 10:25:37    Platform Target: x86 de-DE
DFL 4.0.0.0(4.35.4339.0)    .Net 4.0.30319.34014

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

**************************************************************************
ExceptionType: Datev.Framework.RemoteServiceModel.RemoteServiceCommunicationException

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
Datev.Framework.RemoteServiceModel.EnablerService

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
SecureMessageText: True
ReasonId: 0
Priority: High
--------------------------------------------------------------------------
ExceptionCollection RemoteServiceCommunicationException
**************************************************************************
Exception 1 in Collection:
--------------------------------------------------------------------------
ExceptionType: System.TimeoutException

#EXC1859616490
Dieser an net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService gesendete Anforderungsvorgang hat innerhalb des konfigurierten Zeitlimits (00:10:00) keine Antwort empfangen. Der für diesen Vorgang zugewiesene Zeitraum war möglicherweise ein Teil eines längeren Timeouts. Mögliche Ursachen: Der Dienst verarbeitet den Vorgang noch, oder der Dienst konnte keine Antwortnachricht senden. Erwägen Sie, das Zeitlimit für den Vorgang zu erhöhen (indem Sie den Kanal/Proxy in IContextChannel umwandeln und die OperationTimeout-Eigenschaft festlegen), und stellen Sie sicher, dass der Dienst eine Verbindung mit dem Client herstellen kann.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
System.ServiceModel.Internals

--------------------------------------------------------------------------
TargetSite
--------------------------------------------------------------------------
TAsyncResult End[TAsyncResult](System.IAsyncResult)

--------------------------------------------------------------------------
StackTrace
--------------------------------------------------------------------------
  bei System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
  bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)


----------------------------
Application Information
----------------------------
TimeStamp=Dienstag, 20. Mai 2014, 10:25:37

EntryModule=C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe, 05.12.2013 16:47:50
KernelModule=Datev.Framework.MicroKernel, 18.01.2014 16:12:57
--------------------------------------------------------------------------

Error: (05/20/2014 10:25:37 AM) (Source: Datev.Database.Conserve) (EventID: 0) (User: )
Description: 20.05.2014 10:25:37 13 Error Datev.Framework.RemoteServiceModel 
**************************************************************************
Datev.Framework.RemoteServiceModel.GenericService2010.exe Exception - Message
20.05.2014 10:25:37    Platform Target: x86 de-DE
DFL 4.0.0.0(4.35.4339.0)    .Net 4.0.30319.34014

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

**************************************************************************
ExceptionType: Datev.Framework.RemoteServiceModel.RemoteServiceCommunicationException

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
Datev.Database.Conserve

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
SecureMessageText: True
ReasonId: 0
Priority: High
--------------------------------------------------------------------------
ExceptionCollection RemoteServiceCommunicationException
**************************************************************************
Exception 1 in Collection:
--------------------------------------------------------------------------
ExceptionType: System.ArgumentException

#EXC485748116
Async End hat einen Aufruf auf dem falschen Kanal platziert.
Parametername: result

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
System.ServiceModel

--------------------------------------------------------------------------
TargetSite
--------------------------------------------------------------------------
System.Object EndCall(System.String, System.Object[], System.IAsyncResult)

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
ParamName: result
--------------------------------------------------------------------------
StackTrace
--------------------------------------------------------------------------
  bei System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
  bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)


----------------------------
Application Information
----------------------------
TimeStamp=Dienstag, 20. Mai 2014, 10:25:37

EntryModule=C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe, 05.12.2013 16:47:50
KernelModule=Datev.Framework.MicroKernel, 18.01.2014 16:12:57
--------------------------------------------------------------------------


System errors:
=============
Error: (05/20/2014 03:42:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (05/20/2014 03:42:25 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/20/2014 03:40:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DATEV DFÜ-Dienst" wurde nicht richtig gestartet.

Error: (05/20/2014 03:38:30 PM) (Source: DCOM) (EventID: 10010) (User: BÜRO)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (05/20/2014 03:38:30 PM) (Source: DCOM) (EventID: 10010) (User: BÜRO)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (05/20/2014 03:38:29 PM) (Source: DCOM) (EventID: 10010) (User: BÜRO)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (05/20/2014 03:38:29 PM) (Source: DCOM) (EventID: 10010) (User: BÜRO)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (05/20/2014 10:55:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (05/20/2014 10:55:51 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/20/2014 10:53:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DATEV DFÜ-Dienst" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (05/20/2014 04:33:25 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsFalscher Parameter. (0x80070057)

Error: (05/20/2014 03:49:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: BÜRO)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

Error: (05/20/2014 00:42:21 PM) (Source: Datev.CC.Processes.Hosting.RdtServiceMode) (EventID: 0) (User: )
Description: 20.05.2014 12:42:21 11 Error Datev.Framework.RemoteServiceModel 
**************************************************************************
Datev.Framework.RemoteServiceModel.GenericService2010.exe Exception - Message
20.05.2014 12:42:21    Platform Target: x86 de-DE
DFL 4.0.0.0(4.35.4339.0)    .Net 4.0.30319.34014

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

**************************************************************************
ExceptionType: Datev.Framework.RemoteServiceModel.RemoteServiceCommunicationException

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
Datev.CC.Processes.Hosting.RdtServiceMode

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
SecureMessageText: True
ReasonId: 0
Priority: High
--------------------------------------------------------------------------
ExceptionCollection RemoteServiceCommunicationException
**************************************************************************
Exception 1 in Collection:
--------------------------------------------------------------------------
ExceptionType: System.ArgumentException

#EXC485748116
Async End hat einen Aufruf auf dem falschen Kanal platziert.
Parametername: result

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
System.ServiceModel

--------------------------------------------------------------------------
TargetSite
--------------------------------------------------------------------------
System.Object EndCall(System.String, System.Object[], System.IAsyncResult)

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
ParamName: result
--------------------------------------------------------------------------
StackTrace
--------------------------------------------------------------------------
  bei System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
  bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)


----------------------------
Application Information
----------------------------
TimeStamp=Dienstag, 20. Mai 2014, 12:42:21

EntryModule=C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe, 05.12.2013 16:47:50
KernelModule=Datev.Framework.MicroKernel, 18.01.2014 16:12:57
--------------------------------------------------------------------------

Error: (05/20/2014 00:42:21 PM) (Source: Datev.Database.Conserve) (EventID: 0) (User: )
Description: 20.05.2014 12:42:21 13 Error Datev.Framework.RemoteServiceModel 
**************************************************************************
Datev.Framework.RemoteServiceModel.GenericService2010.exe Exception - Message
20.05.2014 12:42:21    Platform Target: x86 de-DE
DFL 4.0.0.0(4.35.4339.0)    .Net 4.0.30319.34014

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

**************************************************************************
ExceptionType: Datev.Framework.RemoteServiceModel.RemoteServiceCommunicationException

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
Datev.Database.Conserve

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
SecureMessageText: True
ReasonId: 0
Priority: High
--------------------------------------------------------------------------
ExceptionCollection RemoteServiceCommunicationException
**************************************************************************
Exception 1 in Collection:
--------------------------------------------------------------------------
ExceptionType: System.ArgumentException

#EXC485748116
Async End hat einen Aufruf auf dem falschen Kanal platziert.
Parametername: result

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
System.ServiceModel

--------------------------------------------------------------------------
TargetSite
--------------------------------------------------------------------------
System.Object EndCall(System.String, System.Object[], System.IAsyncResult)

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
ParamName: result
--------------------------------------------------------------------------
StackTrace
--------------------------------------------------------------------------
  bei System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
  bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)


----------------------------
Application Information
----------------------------
TimeStamp=Dienstag, 20. Mai 2014, 12:42:21

EntryModule=C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe, 05.12.2013 16:47:50
KernelModule=Datev.Framework.MicroKernel, 18.01.2014 16:12:57
--------------------------------------------------------------------------

Error: (05/20/2014 00:42:21 PM) (Source: Datev.Framework.RemoteServiceModel.EnablerService) (EventID: 0) (User: )
Description: 20.05.2014 12:42:21 12 Error Datev.Framework.RemoteServiceModel 
**************************************************************************
Datev.Framework.RemoteServiceModel.GenericService2010.exe Exception - Message
20.05.2014 12:42:21    Platform Target: x86 de-DE
DFL 4.0.0.0(4.35.4339.0)    .Net 4.0.30319.34014

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

**************************************************************************
ExceptionType: Datev.Framework.RemoteServiceModel.RemoteServiceCommunicationException

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
Datev.Framework.RemoteServiceModel.EnablerService

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
SecureMessageText: True
ReasonId: 0
Priority: High
--------------------------------------------------------------------------
ExceptionCollection RemoteServiceCommunicationException
**************************************************************************
Exception 1 in Collection:
--------------------------------------------------------------------------
ExceptionType: System.ArgumentException

#EXC485748116
Async End hat einen Aufruf auf dem falschen Kanal platziert.
Parametername: result

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
System.ServiceModel

--------------------------------------------------------------------------
TargetSite
--------------------------------------------------------------------------
System.Object EndCall(System.String, System.Object[], System.IAsyncResult)

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
ParamName: result
--------------------------------------------------------------------------
StackTrace
--------------------------------------------------------------------------
  bei System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
  bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)


----------------------------
Application Information
----------------------------
TimeStamp=Dienstag, 20. Mai 2014, 12:42:21

EntryModule=C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe, 05.12.2013 16:47:50
KernelModule=Datev.Framework.MicroKernel, 18.01.2014 16:12:57
--------------------------------------------------------------------------

Error: (05/20/2014 11:14:05 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsFalscher Parameter. (0x80070057)

Error: (05/20/2014 10:49:15 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883

Error: (05/20/2014 10:25:37 AM) (Source: Datev.CC.Processes.Hosting.RdtServiceMode) (EventID: 0) (User: )
Description: 20.05.2014 10:25:37 10 Error Datev.Framework.RemoteServiceModel 
**************************************************************************
Datev.Framework.RemoteServiceModel.GenericService2010.exe Exception - Message
20.05.2014 10:25:37    Platform Target: x86 de-DE
DFL 4.0.0.0(4.35.4339.0)    .Net 4.0.30319.34014

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

**************************************************************************
ExceptionType: Datev.Framework.RemoteServiceModel.RemoteServiceCommunicationException

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
Datev.CC.Processes.Hosting.RdtServiceMode

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
SecureMessageText: True
ReasonId: 0
Priority: High
--------------------------------------------------------------------------
ExceptionCollection RemoteServiceCommunicationException
**************************************************************************
Exception 1 in Collection:
--------------------------------------------------------------------------
ExceptionType: System.TimeoutException

#EXC1859616490
Dieser an net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService gesendete Anforderungsvorgang hat innerhalb des konfigurierten Zeitlimits (00:10:00) keine Antwort empfangen. Der für diesen Vorgang zugewiesene Zeitraum war möglicherweise ein Teil eines längeren Timeouts. Mögliche Ursachen: Der Dienst verarbeitet den Vorgang noch, oder der Dienst konnte keine Antwortnachricht senden. Erwägen Sie, das Zeitlimit für den Vorgang zu erhöhen (indem Sie den Kanal/Proxy in IContextChannel umwandeln und die OperationTimeout-Eigenschaft festlegen), und stellen Sie sicher, dass der Dienst eine Verbindung mit dem Client herstellen kann.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
System.ServiceModel.Internals

--------------------------------------------------------------------------
TargetSite
--------------------------------------------------------------------------
TAsyncResult End[TAsyncResult](System.IAsyncResult)

--------------------------------------------------------------------------
StackTrace
--------------------------------------------------------------------------
  bei System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
  bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)


----------------------------
Application Information
----------------------------
TimeStamp=Dienstag, 20. Mai 2014, 10:25:37

EntryModule=C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe, 05.12.2013 16:47:50
KernelModule=Datev.Framework.MicroKernel, 18.01.2014 16:12:57
--------------------------------------------------------------------------

Error: (05/20/2014 10:25:37 AM) (Source: Datev.Framework.RemoteServiceModel.EnablerService) (EventID: 0) (User: )
Description: 20.05.2014 10:25:37 17 Error Datev.Framework.RemoteServiceModel 
**************************************************************************
Datev.Framework.RemoteServiceModel.GenericService2010.exe Exception - Message
20.05.2014 10:25:37    Platform Target: x86 de-DE
DFL 4.0.0.0(4.35.4339.0)    .Net 4.0.30319.34014

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

**************************************************************************
ExceptionType: Datev.Framework.RemoteServiceModel.RemoteServiceCommunicationException

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
Datev.Framework.RemoteServiceModel.EnablerService

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
SecureMessageText: True
ReasonId: 0
Priority: High
--------------------------------------------------------------------------
ExceptionCollection RemoteServiceCommunicationException
**************************************************************************
Exception 1 in Collection:
--------------------------------------------------------------------------
ExceptionType: System.TimeoutException

#EXC1859616490
Dieser an net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService gesendete Anforderungsvorgang hat innerhalb des konfigurierten Zeitlimits (00:10:00) keine Antwort empfangen. Der für diesen Vorgang zugewiesene Zeitraum war möglicherweise ein Teil eines längeren Timeouts. Mögliche Ursachen: Der Dienst verarbeitet den Vorgang noch, oder der Dienst konnte keine Antwortnachricht senden. Erwägen Sie, das Zeitlimit für den Vorgang zu erhöhen (indem Sie den Kanal/Proxy in IContextChannel umwandeln und die OperationTimeout-Eigenschaft festlegen), und stellen Sie sicher, dass der Dienst eine Verbindung mit dem Client herstellen kann.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
System.ServiceModel.Internals

--------------------------------------------------------------------------
TargetSite
--------------------------------------------------------------------------
TAsyncResult End[TAsyncResult](System.IAsyncResult)

--------------------------------------------------------------------------
StackTrace
--------------------------------------------------------------------------
  bei System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
  bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)


----------------------------
Application Information
----------------------------
TimeStamp=Dienstag, 20. Mai 2014, 10:25:37

EntryModule=C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe, 05.12.2013 16:47:50
KernelModule=Datev.Framework.MicroKernel, 18.01.2014 16:12:57
--------------------------------------------------------------------------

Error: (05/20/2014 10:25:37 AM) (Source: Datev.Database.Conserve) (EventID: 0) (User: )
Description: 20.05.2014 10:25:37 13 Error Datev.Framework.RemoteServiceModel 
**************************************************************************
Datev.Framework.RemoteServiceModel.GenericService2010.exe Exception - Message
20.05.2014 10:25:37    Platform Target: x86 de-DE
DFL 4.0.0.0(4.35.4339.0)    .Net 4.0.30319.34014

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

**************************************************************************
ExceptionType: Datev.Framework.RemoteServiceModel.RemoteServiceCommunicationException

#DFL00301
Es ist ein lokales Verbindungsproblem zur Adresse 'net.pipe://localhost/Datev/Framework/Messaging/CentralMessagingService' auf der Maschine 'BÜRO' aufgetreten.

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
Datev.Database.Conserve

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
SecureMessageText: True
ReasonId: 0
Priority: High
--------------------------------------------------------------------------
ExceptionCollection RemoteServiceCommunicationException
**************************************************************************
Exception 1 in Collection:
--------------------------------------------------------------------------
ExceptionType: System.ArgumentException

#EXC485748116
Async End hat einen Aufruf auf dem falschen Kanal platziert.
Parametername: result

--------------------------------------------------------------------------
ExceptionSource
--------------------------------------------------------------------------
System.ServiceModel

--------------------------------------------------------------------------
TargetSite
--------------------------------------------------------------------------
System.Object EndCall(System.String, System.Object[], System.IAsyncResult)

--------------------------------------------------------------------------

Details:
--------------------------------------------------------------------------
ParamName: result
--------------------------------------------------------------------------
StackTrace
--------------------------------------------------------------------------
  bei System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
  bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
  bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)


----------------------------
Application Information
----------------------------
TimeStamp=Dienstag, 20. Mai 2014, 10:25:37

EntryModule=C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe, 05.12.2013 16:47:50
KernelModule=Datev.Framework.MicroKernel, 18.01.2014 16:12:57
--------------------------------------------------------------------------


CodeIntegrity Errors:
===================================
  Date: 2014-05-20 16:33:26.548
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 12:50:41.223
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 12:50:41.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 12:50:41.133
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 12:50:41.078
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 11:22:17.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 11:22:17.849
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 11:21:36.579
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 11:21:36.548
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-20 11:21:36.501
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 8147.29 MB
Available physical RAM: 5622.69 MB
Total Pagefile: 9619.29 MB
Available Pagefile: 6428.01 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:106.55 GB) (Free:14.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.21 GB) (Free:1.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Daten) (Fixed) (Total:1863.01 GB) (Free:1706.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 5F071EC3)

Partition: GPT Partition Type.

==================== End Of Log ============================
Ich hoffe jetzt hab ich richtig gemacht

cosinus 20.05.2014 16:03
Das ist doch ein gewerblich genutztes System, oder? Büro-PC.

DiabolusXXX 20.05.2014 16:07
Nein mein privater PC! Name kommt aufgrund einer selbständigen Nebentätigkeit

cosinus 20.05.2014 16:11
Nagut, das würde auch die Games erklären :D

Was ist denn jetzt mit Malwarebytes, war das wirklich das einzige Log? Bitte nochmal richtig nachsehen.

DiabolusXXX 20.05.2014 16:15
Code:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20.05.2014
Scan Time: 15:37:09
Logfile: log1.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.20.04
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Tobias

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377268
Time Elapsed: 8 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 14
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, Quarantined, [d9cbdc77295271c59d219691c939fb05],
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B47A69DE-9B38-4EC0-996E-99F90C0F8CA5}, Quarantined, [d9cbdc77295271c59d219691c939fb05],
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B47A69DE-9B38-4EC0-996E-99F90C0F8CA5}, Quarantined, [d9cbdc77295271c59d219691c939fb05],
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, Quarantined, [d9cbdc77295271c59d219691c939fb05],
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-91668819-312498841-480008626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, Quarantined, [d9cbdc77295271c59d219691c939fb05],
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-91668819-312498841-480008626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, Quarantined, [d9cbdc77295271c59d219691c939fb05],
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-91668819-312498841-480008626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{59F39B89-94C3-44C5-B903-9A6B85C32921}, Quarantined, [931155fe6f0c6fc71ca32afd6f9304fc],
PUP.Optional.OfferMosquito, HKU\S-1-5-21-91668819-312498841-480008626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82B16A3D-F03E-4565-A532-666B219C9A53}, Quarantined, [daca6be8017aef47aa084ce079890cf4],
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-91668819-312498841-480008626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SimpleNewTab, Quarantined, [acf8e86b6f0c37ff20b9b0d5bc46768a],
PUP.Optional.AlexaTB.A, HKU\S-1-5-21-91668819-312498841-480008626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\Toolbars, Quarantined, [772ddf74cead78beddfd2b90cf34c33d],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-91668819-312498841-480008626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [1c88421112692d099ba34a55cb3711ef],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-91668819-312498841-480008626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [fba96ee55229e25401457d3804ff926e],
PUP.Optional.Softonic.A, HKU\S-1-5-21-91668819-312498841-480008626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [11931c3745364beb2ca8c0cdd52d639d],
PUP.Optional.AmazonTB.A, HKU\S-1-5-21-91668819-312498841-480008626-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ALEXA INTERNET\ALEXA9\Amazon, Quarantined, [7a2a2a295e1d88ae439a92298e753fc1],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-91668819-312498841-480008626-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1L1J1L1S1R1N, Quarantined, [fba96ee55229e25401457d3804ff926e]

Registry Data: 0
(No malicious items detected)

Folders: 12
PUP.Optional.OpenCandy, C:\Users\Tobias\AppData\Roaming\OpenCandy, Quarantined, [b9eb0b48accfcf67fcfc086a9d6532ce],
PUP.Optional.OpenCandy, C:\Users\Tobias\AppData\Roaming\OpenCandy\0373762C29274D58992B118262C8F55A, Quarantined, [b9eb0b48accfcf67fcfc086a9d6532ce],
PUP.Optional.OpenCandy, C:\Users\Tobias\AppData\Roaming\OpenCandy\0F2010D181D341E98DF3ABB80E65696F, Quarantined, [b9eb0b48accfcf67fcfc086a9d6532ce],
PUP.Optional.SimpleNewTab.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga, Quarantined, [c9dbb59efa810f2790baa3df69996a96],
PUP.Optional.SimpleNewTab.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0, Quarantined, [c9dbb59efa810f2790baa3df69996a96],
PUP.Optional.SimpleNewTab.A, C:\Users\Tobias\AppData\Local\simple_new_tab, Quarantined, [762ea9aad2a902347fcce89a669ca45c],
PUP.Optional.SimpleNewTab.A, C:\Users\Tobias\AppData\Local\simple_new_tab\htmls, Quarantined, [762ea9aad2a902347fcce89a669ca45c],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Roaming\OfferMosquito, Quarantined, [34707ad97506221475d798ea10f2a55b],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito, Quarantined, [0e9690c32f4ca294e669641e9b67ce32],

Files: 79
PUP.Optional.Searchprotect, C:\Users\Tobias\AppData\Roaming\OpenCandy\0373762C29274D58992B118262C8F55A\INTERNALWRAPPER.exe, Quarantined, [80247dd61764191d6c09d14ad829f50b],
PUP.Optional.OpenCandy.A, C:\Users\Tobias\AppData\Roaming\OpenCandy\0373762C29274D58992B118262C8F55A\LatestDLMgr.exe, Quarantined, [c4e0f85bd1aaaa8cf15c54b8e21fcc34],
PUP.Optional.OpenCandy.A, C:\Users\Tobias\AppData\Roaming\OpenCandy\0F2010D181D341E98DF3ABB80E65696F\LatestDLMgr.exe, Quarantined, [d0d4e0738af12e082c2137d57091ad53],
PUP.Optional.ToolBarInstaller.A, C:\Users\Tobias\AppData\Local\Temp\BuenoSearchTB.exe, Quarantined, [e9bb7bd888f3d2641472fd25000415eb],
PUP.Optional.BuenoSearch.A, C:\Users\Tobias\AppData\Local\Temp\~nsu.tmp\Au_.exe, Quarantined, [13916be896e573c3f848f97eb34e04fc],
PUP.Optional.Softonic.A, C:\Users\Tobias\Downloads\SoftonicDownloader_fuer_kindle-for-pc.exe, Quarantined, [30740e456813c670bf379f8029d89070],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\extensions\om@offermosquito.com.xpi, Quarantined, [089c9db6245777bf17c54e37768c1ae6],
PUP.Optional.AmazonTB.A, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\extensions\abb@amazon.com.xpi, Quarantined, [faaaee65403bc96dbb742272719115eb],
PUP.Optional.BuenoSearch.A, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\searchplugins\buenosearch.xml, Quarantined, [cfd5084bcfac9f973c147d17db27b848],
PUP.Optional.OpenCandy, C:\Users\Tobias\AppData\Roaming\OpenCandy\0373762C29274D58992B118262C8F55A\Amazon_CB_ALL_p1v6.exe, Quarantined, [b9eb0b48accfcf67fcfc086a9d6532ce],
PUP.Optional.OpenCandy, C:\Users\Tobias\AppData\Roaming\OpenCandy\0F2010D181D341E98DF3ABB80E65696F\TuneUpUtilities2013-2200218-p3v0.exe, Quarantined, [b9eb0b48accfcf67fcfc086a9d6532ce],
PUP.Optional.OpenCandy, C:\Users\Tobias\AppData\Roaming\OpenCandy\0F2010D181D341E98DF3ABB80E65696F\TuneUpUtilities2013-2200218_de-DE.exe, Quarantined, [b9eb0b48accfcf67fcfc086a9d6532ce],
PUP.Optional.SimpleNewTab.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\manifest.json, Quarantined, [c9dbb59efa810f2790baa3df69996a96],
PUP.Optional.SimpleNewTab.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\newtab.js, Quarantined, [c9dbb59efa810f2790baa3df69996a96],
PUP.Optional.SimpleNewTab.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\options.html, Quarantined, [c9dbb59efa810f2790baa3df69996a96],
PUP.Optional.SimpleNewTab.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\options.js, Quarantined, [c9dbb59efa810f2790baa3df69996a96],
PUP.Optional.SimpleNewTab.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\snt.html, Quarantined, [c9dbb59efa810f2790baa3df69996a96],
PUP.Optional.SimpleNewTab.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\snt.js, Quarantined, [c9dbb59efa810f2790baa3df69996a96],
PUP.Optional.SimpleNewTab.A, C:\Users\Tobias\AppData\Local\simple_new_tab\htmls\index.html, Quarantined, [762ea9aad2a902347fcce89a669ca45c],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\ads.js, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\contextualClickProcessor.js, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\country.js, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\deferredXhr.js, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\dependencies.js, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\icon.png, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\main.js, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\manifest.json, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\ping.js, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\pingurl.txt, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\rmPopup.js, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams.json, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sss.js, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\tracking.js, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\utils.js, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams\background.js, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams\content.js, Quarantined, [64404b08ee8dca6caca294eecd357090],
PUP.Optional.OfferMosquito.A, C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx, Quarantined, [0e9690c32f4ca294e669641e9b67ce32],
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.admin", false);), Replaced,[04a072e1c4b758de4391b5c716eed12f]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.aflt", "babsst");), Replaced,[9b099ab9522954e2d2029be1679db44c]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");), Replaced,[4460054ec5b622149b3977059371c63a]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.autoRvrt", "false");), Replaced,[7d278ac9accf58de24b0522adc282ed2]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.dfltLng", "en");), Replaced,[6b395ff4b0cb72c46074cbb128dcf50b]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.excTlbr", false);), Replaced,[574d55fe601b9a9cc3114c30ed17b848]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.ffxUnstlRst", true);), Replaced,[8a1a272c5b202f0730a4d2aa5da78080]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.id", "e02b1f4300000000000000ff054c7f0a");), Replaced,[079db99a7ffcb1857d57f3892cd860a0]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlDay", "16135");), Replaced,[04a0e46f2457b1856074fb814bb9916f]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlRef", "sst");), Replaced,[40642d267a010e28864eceae26de0af6]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.newTab", false);), Replaced,[fda72330b8c34aec27ade29a9a6a9a66]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.prdct", "buenosearch");), Replaced,[7034361db5c684b233a1a5d746be6d93]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.prtnrId", "buenosearch");), Replaced,[71335ff46d0ea492775d1c6015efd828]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.rvrt", "false");), Replaced,[e9bb0e45fe7d171f61737b012ada6d93]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.smplGrp", "none");), Replaced,[c5dfd18277042016874d3a4247bdb749]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=E02B00FF054C7F0A&affID=128491&tsp=5178");), Replaced,[e8bcf65dc7b473c39f353e3e29db738d]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrId", "base");), Replaced,[a1033320f18aca6c7d5782fa4cb8946c]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=E02B00FF054C7F0A&affID=128491&tsp=5178");), Replaced,[5a4aea69a1da3bfb4e865428b054bd43]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsn", "1.8.28.7");), Replaced,[b5ef8dc6cab1072f5c781d5fbd4734cc]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:53:27");), Replaced,[ccd82a29ea91bf7733a1780417edb848]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsni", "1.8.28.7");), Replaced,[881cf0639cdf61d51bb9502ccc3857a9]
PUP.Optional.BuenoSearch.A, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=E02B00FF054C7F0A&affID=128491&tsp=5178");), Replaced,[cfd554ffdd9e92a44f86fe7d0bf97e82]
PUP.Optional.BuenoSearch.A, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=E02B00FF054C7F0A&affID=128491&tsp=5178");), Replaced,[b3f1193a8fec65d1e4f13f3c6a9a0cf4]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.id", "e02b1f4300000000000000ff054c7f0a");), Replaced,[752fc98a97e451e5b61dfc804eb60bf5]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");), Replaced,[8e16e271f3881c1a8c470676eb19c838]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlDay", "16135");), Replaced,[c6de8ec547345dd9379cf884ce36ad53]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsn", "1.8.28.7");), Replaced,[9212242f8cef2a0c0fc4cfadca3abf41]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsni", "1.8.28.7");), Replaced,[e8bc3023e99296a08350681421e330d0]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsnTs", "1.8.28.715:53:27");), Replaced,[594b8fc495e655e1c31093e970948c74]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.prtnrId", "buenosearch");), Replaced,[d6ce054e413a3204ede6c6b6887c966a]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.prdct", "buenosearch");), Replaced,[8f157ad96e0d53e308cb90ecae56fe02]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.aflt", "babsst");), Replaced,[0a9a1d365e1dfa3c0bc8b1cbf014be42]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.smplGrp", "none");), Replaced,[396ba7ac9cdfda5c5c774339a55f6898]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrId", "base");), Replaced,[7c28a9aa512af73fe8ebfd7f3ec69967]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlRef", "sst");), Replaced,[861e60f37b00d660963d3745f2123ac6]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.dfltLng", "en");), Replaced,[ffa575dede9d5dd9b2213b419e6629d7]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.excTlbr", false);), Replaced,[6242d380b1cad75f785b5e1ed133e719]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.ffxUnstlRst", true);), Replaced,[dfc54b087dfee84e2fa44537b2521be5]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.admin", false);), Replaced,[089cd281f685c96da33057251fe59769]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.autoRvrt", "false");), Replaced,[2e76a5ae007b191dac27a5d7ef15ed13]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.rvrt", "false");), Replaced,[a7fdf95aa8d341f53c97f88415ef56aa]
PUP.Optional.BuenoSearch, C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\501byysu.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.newTab", false);), Replaced,[c1e398bb0972f343b023a0dc30d418e8]

Physical Sectors: 0
(No malicious items detected)


(end)
Code:

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 20.05.2014 15:28:37, SYSTEM, BÃ?RO, Protection, Malware Protection, Starting,
Protection, 20.05.2014 15:28:37, SYSTEM, BÃ?RO, Protection, Malware Protection, Started,
Protection, 20.05.2014 15:28:37, SYSTEM, BÃ?RO, Protection, Malicious Website Protection, Starting,
Protection, 20.05.2014 15:28:38, SYSTEM, BÃ?RO, Protection, Malicious Website Protection, Started,
Update, 20.05.2014 15:28:43, SYSTEM, BÃ?RO, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 20.05.2014 15:28:50, SYSTEM, BÃ?RO, Manual, Malware Database, 2014.3.4.9, 2014.5.20.4,
Protection, 20.05.2014 15:28:51, SYSTEM, BÃ?RO, Protection, Refresh, Starting,
Protection, 20.05.2014 15:28:51, SYSTEM, BÃ?RO, Protection, Malicious Website Protection, Stopping,
Protection, 20.05.2014 15:28:52, SYSTEM, BÃ?RO, Protection, Malicious Website Protection, Stopped,
Protection, 20.05.2014 15:28:54, SYSTEM, BÃ?RO, Protection, Refresh, Success,
Protection, 20.05.2014 15:28:54, SYSTEM, BÃ?RO, Protection, Malicious Website Protection, Starting,
Protection, 20.05.2014 15:28:54, SYSTEM, BÃ?RO, Protection, Malicious Website Protection, Started,
Detection, 20.05.2014 15:29:11, SYSTEM, BÃ?RO, Protection, Malware Protection, File, PUP.Optional.SimpleNewTab.A, C:\Users\Tobias\AppData\Local\simple_new_tab\simple_new_tab.dll, Quarantine, [f9abf85b423970c61635473b09f9df21]
Protection, 20.05.2014 15:39:28, SYSTEM, BÃ?RO, Protection, Malware Protection, Starting,
Protection, 20.05.2014 15:39:28, SYSTEM, BÃ?RO, Protection, Malware Protection, Started,
Protection, 20.05.2014 15:39:28, SYSTEM, BÃ?RO, Protection, Malicious Website Protection, Starting,
Protection, 20.05.2014 15:40:24, SYSTEM, BÃ?RO, Protection, Malicious Website Protection, Started,
Update, 20.05.2014 16:58:59, SYSTEM, BÃ?RO, Scheduler, Malware Database, 2014.5.20.4, 2014.5.20.5,
Protection, 20.05.2014 16:59:01, SYSTEM, BÃ?RO, Protection, Refresh, Starting,
Protection, 20.05.2014 16:59:01, SYSTEM, BÃ?RO, Protection, Malicious Website Protection, Stopping,
Protection, 20.05.2014 16:59:02, SYSTEM, BÃ?RO, Protection, Malicious Website Protection, Stopped,
Protection, 20.05.2014 16:59:06, SYSTEM, BÃ?RO, Protection, Refresh, Success,
Protection, 20.05.2014 16:59:06, SYSTEM, BÃ?RO, Protection, Malicious Website Protection, Starting,
Protection, 20.05.2014 16:59:06, SYSTEM, BÃ?RO, Protection, Malicious Website Protection, Started,

(end)
Code:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20.05.2014
Scan Time: 16:31:06
Logfile: log3.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.20.04
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Tobias

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377365
Time Elapsed: 6 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Ich hoffe du meintest diese sonst musst du genauer werden (Laie!):kloppen:

cosinus 20.05.2014 22:18
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


DiabolusXXX 21.05.2014 09:13
AdwCleaner Logfile:
Code:
# AdwCleaner v3.210 - Bericht erstellt am 21/05/2014 um 09:35:48
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Tobias - BÜRO
# Gestartet von : C:\Users\Tobias\Downloads\adwcleaner_3.210.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : SystemStoreService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Users\Kerstin\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\wangzhisong\AppData\Local\Mobogenie
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Freemium1ClickMaint
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Software Updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\OfferMosquito
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Description

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v23.0.1 (de)

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [4329 octets] - [21/05/2014 09:34:00]
AdwCleaner[S0].txt - [3438 octets] - [21/05/2014 09:35:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3498 octets] ##########
--- --- ---

[/CODE]

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Tobias on 21.05.2014 at  9:49:24,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A8603C26-4698-4A3B-ABCC-B951E8B91737}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D8A45D76-F54C-47F3-B516-9187A5DEFB16}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A8603C26-4698-4A3B-ABCC-B951E8B91737}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Tobias\AppData\Roaming\datamgr"
Successfully deleted: [Folder] "C:\Users\Tobias\AppData\Roaming\intermediate"
Successfully deleted: [Folder] "C:\Users\Tobias\AppData\Roaming\metacrawler"
Successfully deleted: [Folder] "C:\Users\Tobias\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Tobias\AppData\Roaming\scheck"
Successfully deleted: [Folder] "C:\Users\Tobias\AppData\Roaming\simplitec"
Successfully deleted: [Folder] "C:\Users\Tobias\AppData\Roaming\ssync"



~~~ FireFox

Successfully deleted: [File] C:\Users\Tobias\AppData\Roaming\mozilla\firefox\profiles\501byysu.default\user.js
Successfully deleted: [File] C:\Users\Tobias\AppData\Roaming\mozilla\firefox\profiles\501byysu.default\searchplugins\search.xml
Successfully deleted the following from C:\Users\Tobias\AppData\Roaming\mozilla\firefox\profiles\501byysu.default\prefs.js

user_pref("browser.search.defaulturl", "hxxp://native-search.com/search.php?channel=deg&q=");
user_pref("simplenewtab.url", "hxxp://native-search.com/?channel=deg_nt");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.05.2014 at  9:51:55,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:06 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19