Aufforderung zum Aktualisieren für Java, jetzt ist nur noch Werbung!

vb1887 · 17.02.2014, 11:44

Hallo,

ich wurde heute aufgefordert den Java Player zu aktualisieren und nu habe ich nur noch Werbung.

Bei jeder neuen Seite oder es öffnet sich von ganz allein ein neues Werbefenster in dem ich dann wieder irgendwas klicken soll.
Können Sie mir bitte helfen?

Lieben Dank schon mal

Nessy

cosinus · 17.02.2014, 11:54

Hallo und

Das kommt davon, wenn man sich die Installationsroutinen nicht durchliest und schnell auf weiter weiter klickt

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

vb1887 · 17.02.2014, 12:15

okay und das soll ich installieren obwohl Windows eine Warnung sendet?

cosinus · 17.02.2014, 12:24

Hast du eigentlich irgendwas von meinem Posting gelesen?

vb1887 · 17.02.2014, 12:42

Ja habe ich, darf man nicht mehr was nachfragen?

cosinus · 17.02.2014, 13:57

Du sollst nichts installieren sondern

a) meine Frage zu bisherigen Funden beantworten und
b) FRST runterladen und Logs posten

Das ist nix mit Installieren. Wenn du was anderes meinst musst du schonmal etwas konkreter werden

vb1887 · 17.02.2014, 14:25

Okay dann habe ich mich vielleicht falsch.ausgedrückt.

Also zu a) das Virensystem hatte noch keinen fund gemeldet.

B) wenn ich dieses Frst downloade kommt doch dieser grüner Pfeil oben rechts und da muss ich doch dann drauf klicken und dann öffnet sich ja das Fenster und dann spricht Windows eine Warnung aus.
Mache ich da jetzt was falsch?

Danke schon mal

cosinus · 17.02.2014, 14:43

Lad FRST von hier => Farbar Recovery Scan Tool Download

vb1887 · 17.02.2014, 22:14

So hoffe habe das jetzt richtig gemacht:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by Joschi (administrator) on POU on 17-02-2014 22:02:26
Running from C:\Users\Joschi\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\Joschi\AppData\Roaming\VOPackage\VOsrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\Re-markit\Re-markit_wd.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
() C:\Program Files (x86)\Re-markit\Re-markit154.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Farbar) C:\Users\Joschi\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ASUSQuickGesture(x86)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {233d1340-1d5d-11e2-be6a-806e6f6e6963} - "E:\Setup.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {3afa1282-35d9-11e3-8034-08606e4af0d0} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {3afa12cd-35d9-11e3-8034-08606e4af0d0} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {f83a432c-35dc-11e3-8035-001e101fb2d1} - "F:\AutoRun.exe" 
Startup: C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX&q={searchTerms}
SearchScopes: HKCU - {8830D860-4AFE-46DC-A964-113A5D15A734} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=ddaf024f-58c0-42fc-a9d6-d18dfc211ee5&apn_sauid=5D71D664-7CD3-4DB7-BD04-8C18A5F1DEA0
BHO: Feven Pro - {11111111-1111-1111-1111-110511161178} - C:\Program Files (x86)\Feven Pro\Feven Pro-bho64.dll No File
BHO: ASUS Browser Extension x64 - {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
BHO-x32: Feven Pro - {11111111-1111-1111-1111-110511161178} - C:\Program Files (x86)\Feven Pro\Feven Pro-bho.dll No File
BHO-x32: Whilokii - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\WhilokiiBHO.dll (Whilokii)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll No File
BHO-x32: ASUS Browser Extension x86 - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
BHO-x32: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3C2D7332-A7C1-4F97-8147-E75AFF9BA2B1}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default
FF DefaultSearchEngine: awesomehp
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: awesomehp
FF Homepage: hxxp://www.awesomehp.com/?type=hp&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Feven Pro - C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\Extensions\46bccaaa-4500-481e-8908-9384802e175a@89a8fdd1-d807-4096-8025-a41093fce600.com [2014-02-17]
FF Extension: Lightning Speed Dial - C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\Extensions\lightningnewtab@gmail.com [2014-02-17]
FF Extension: Extension_Protected - C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-17]
FF Extension: PricePeep - C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\Extensions\pricepeep@getpricepeep.com.xpi [2013-08-30]
FF Extension: Whilokii - C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\Extensions\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}.xpi [2014-02-01]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\extensions\lightningnewtab@gmail.com.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-10-15] ()
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.)
R2 Re-markit; C:\Program Files (x86)\Re-markit\Re-markit154.exe [181248 2014-02-17] ()
S2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [80664 2014-02-13] ()
R2 Util Whilokii; C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe [80664 2014-02-13] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
R2 VOsrv; C:\Users\Joschi\AppData\Roaming\VOPackage\VOsrv.exe [61456 2014-02-15] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-02-17] (Cherished Technololgy LIMITED)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X]

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
U0 msahci; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-17 22:02 - 2014-02-17 22:02 - 00019662 _____ () C:\Users\Joschi\Downloads\FRST.txt
2014-02-17 22:02 - 2014-02-17 22:02 - 00000000 ____D () C:\FRST
2014-02-17 22:01 - 2014-02-17 22:01 - 02152448 _____ (Farbar) C:\Users\Joschi\Downloads\FRST64(1).exe
2014-02-17 21:59 - 2014-02-17 21:59 - 01141248 _____ (Farbar) C:\Users\Joschi\Downloads\FRST.exe
2014-02-17 12:13 - 2014-02-17 12:13 - 02152448 _____ (Farbar) C:\Users\Joschi\Downloads\FRST64.exe
2014-02-17 11:14 - 2014-02-17 11:15 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-02-17 11:14 - 2014-02-17 11:14 - 00825216 _____ (AnyProtect.com) C:\Users\Joschi\AppData\Local\nseD7D0.tmp
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2014-02-17 10:55 - 2014-02-17 22:00 - 00000288 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-02-17 10:55 - 2014-02-17 21:55 - 00000282 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-02-17 10:55 - 2014-02-17 10:55 - 00003182 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-02-17 10:55 - 2014-02-17 10:55 - 00002486 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2014-02-17 10:55 - 2014-02-17 10:55 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Uniblue
2014-02-17 10:54 - 2014-02-17 21:55 - 00001506 _____ () C:\Windows\Tasks\Feven Pro-updater.job
2014-02-17 10:54 - 2014-02-17 21:55 - 00001462 _____ () C:\Windows\Tasks\Feven Pro-codedownloader.job
2014-02-17 10:54 - 2014-02-17 21:55 - 00001360 _____ () C:\Windows\Tasks\Feven Pro-enabler.job
2014-02-17 10:54 - 2014-02-17 10:54 - 00004510 _____ () C:\Windows\System32\Tasks\Feven Pro-updater
2014-02-17 10:54 - 2014-02-17 10:54 - 00004466 _____ () C:\Windows\System32\Tasks\Feven Pro-codedownloader
2014-02-17 10:54 - 2014-02-17 10:54 - 00004364 _____ () C:\Windows\System32\Tasks\Feven Pro-enabler
2014-02-17 10:54 - 2014-02-17 10:54 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-02-17 10:54 - 2014-02-17 10:54 - 00000000 ____D () C:\ProgramData\WPM
2014-02-17 10:54 - 2014-02-17 10:54 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-17 10:53 - 2014-02-17 21:55 - 00003094 _____ () C:\Windows\Tasks\Feven Pro-chromeinstaller.job
2014-02-17 10:53 - 2014-02-17 21:55 - 00002262 _____ () C:\Windows\Tasks\Feven Pro-firefoxinstaller.job
2014-02-17 10:53 - 2014-02-17 21:55 - 00000394 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-02-17 10:53 - 2014-02-17 21:55 - 00000380 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-02-17 10:53 - 2014-02-17 11:04 - 00000000 ____D () C:\Program Files (x86)\Re-markit
2014-02-17 10:53 - 2014-02-17 10:53 - 00003036 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-02-17 10:53 - 2014-02-17 10:53 - 00002962 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-02-17 10:53 - 2014-02-17 10:53 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\VOPackage
2014-02-17 10:53 - 2014-02-17 10:53 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\awesomehp
2014-02-17 10:52 - 2014-02-17 10:52 - 00330240 _____ () C:\Users\Joschi\Downloads\Java.exe
2014-02-16 01:09 - 2014-02-16 01:09 - 00002109 _____ () C:\Users\Public\Desktop\Fallen Shadows – Schatten der Kindheit.lnk
2014-02-16 01:07 - 2014-02-16 01:07 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Happy Muffin Top
2014-02-14 23:47 - 2014-02-14 23:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 22:59 - 2014-02-14 23:33 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\GhostPainting
2014-02-14 22:58 - 2014-02-14 22:58 - 00001401 _____ () C:\Users\Joschi\Desktop\Walsingham‘s Manor - Verlies der Seelen.lnk
2014-02-14 00:54 - 2014-02-14 00:54 - 00000000 ____D () C:\Users\Joschi\Documents\PassionFruit Games
2014-02-14 00:48 - 2014-02-14 00:48 - 00001519 _____ () C:\Users\Joschi\Desktop\Mysteriez - Versteckte Zahlen - Verknüpfung.lnk
2014-02-14 00:48 - 2014-02-14 00:48 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Absolutist
2014-02-14 00:45 - 2014-02-14 00:45 - 00002004 _____ () C:\Users\Joschi\Desktop\Vampirsaga 3 - Der Ausbruch - Verknüpfung.lnk
2014-02-13 21:48 - 2014-02-13 21:48 - 00001573 _____ () C:\Users\Joschi\Desktop\Vampire Saga - Welcome to Hell Lock - Verknüpfung.lnk
2014-02-13 21:48 - 2014-02-13 21:48 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\VampireSagaHL
2014-02-13 09:11 - 2014-02-13 09:11 - 00301200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-13 09:09 - 2014-01-30 22:10 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-13 09:09 - 2014-01-30 22:10 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-13 00:15 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 00:15 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 00:15 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 00:15 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 21:24 - 2014-02-11 21:24 - 00001197 _____ () C:\Users\Joschi\Desktop\VampireSaga - Verknüpfung.lnk
2014-02-11 21:24 - 2014-02-11 21:24 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\VampireSaga
2014-02-11 21:19 - 2014-02-14 00:52 - 00000000 ____D () C:\Program Files (x86)\Purplehills
2014-02-11 10:45 - 2013-06-16 23:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-02-11 10:45 - 2013-06-01 12:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-02-11 10:45 - 2013-06-01 12:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-02-11 10:45 - 2013-06-01 12:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-02-11 10:45 - 2013-06-01 11:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-02-11 10:45 - 2013-06-01 10:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-02-11 10:45 - 2013-06-01 10:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2014-02-11 10:45 - 2013-06-01 10:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-02-11 10:45 - 2013-06-01 10:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2014-02-11 10:45 - 2013-06-01 10:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2014-02-11 10:45 - 2013-06-01 10:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-02-11 10:45 - 2013-06-01 10:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2014-02-11 10:45 - 2013-06-01 10:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-02-11 10:45 - 2013-06-01 10:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2014-02-11 10:45 - 2013-06-01 10:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2014-02-11 10:45 - 2013-06-01 10:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-02-11 10:45 - 2013-06-01 10:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2014-02-11 10:45 - 2013-06-01 10:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-02-11 10:45 - 2013-06-01 10:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-02-11 10:45 - 2013-06-01 10:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2014-02-11 10:45 - 2013-06-01 10:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2014-02-11 10:45 - 2013-06-01 10:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-02-11 10:45 - 2013-06-01 10:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2014-02-11 10:45 - 2013-06-01 04:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2014-02-11 10:45 - 2013-05-24 23:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-02-11 10:45 - 2013-05-24 23:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-02-11 10:45 - 2013-05-24 23:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-02-11 10:45 - 2013-05-24 23:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-02-11 10:41 - 2013-06-22 06:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-02-11 10:41 - 2013-06-22 06:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-02-11 10:40 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-11 10:40 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-02-11 10:40 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-02-11 10:40 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2014-02-11 10:40 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-02-11 10:40 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-11 10:40 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-02-11 10:40 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-02-11 10:40 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-02-11 10:40 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-11 10:40 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2014-02-11 10:40 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2014-02-11 10:40 - 2013-07-06 01:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-02-11 10:40 - 2013-07-05 23:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-02-11 10:40 - 2013-07-05 23:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-02-11 10:40 - 2013-07-04 03:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-02-11 10:40 - 2013-07-02 01:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-02-11 10:40 - 2013-07-01 23:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2014-02-11 10:40 - 2013-07-01 23:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-02-11 10:40 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-02-11 10:40 - 2013-06-29 04:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-02-11 10:40 - 2013-05-24 00:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-02-11 10:40 - 2013-05-23 23:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-02-11 10:40 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-02-11 10:40 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-02-11 10:39 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-02-11 10:39 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-02-11 10:39 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2014-02-11 10:39 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-02-11 10:39 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2014-02-11 10:39 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-02-11 10:39 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-02-11 10:39 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-02-11 10:39 - 2013-08-16 06:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2014-02-11 10:39 - 2013-08-16 06:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2014-02-11 10:39 - 2013-08-16 06:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-02-11 10:39 - 2013-08-16 06:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-02-11 10:39 - 2013-08-16 06:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2014-02-11 10:39 - 2013-08-16 06:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2014-02-11 10:39 - 2013-08-16 06:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-02-11 10:39 - 2013-08-16 06:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2014-02-11 10:39 - 2013-08-16 06:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2014-02-11 10:39 - 2013-08-16 06:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2014-02-11 10:39 - 2013-08-16 06:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-02-11 10:39 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-02-11 10:39 - 2013-08-16 06:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-02-11 10:39 - 2013-08-15 23:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-02-11 10:39 - 2013-08-15 23:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2014-02-11 10:39 - 2013-08-15 23:43 - 00083968 _____ () C:\Windows\SysWOW64\OEMLicense.dll
2014-02-11 10:39 - 2013-08-15 23:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-02-11 10:39 - 2013-08-15 23:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2014-02-11 10:39 - 2013-08-15 23:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2014-02-11 10:39 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2014-02-11 10:39 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-02-11 10:39 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-02-11 10:39 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-02-11 10:39 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-02-11 10:39 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-02-11 10:39 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-02-11 10:39 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-02-11 10:39 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2014-02-11 10:39 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-02-11 10:39 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-02-11 10:39 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-02-11 10:39 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-02-11 10:38 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-02-11 10:38 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-02-11 10:38 - 2013-07-09 09:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-02-11 10:38 - 2013-07-09 07:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-02-11 10:38 - 2013-07-09 05:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-02-11 10:38 - 2013-07-09 04:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2014-02-11 10:38 - 2013-07-08 23:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2014-02-11 10:38 - 2013-07-08 23:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-02-11 10:38 - 2013-07-08 23:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2014-02-11 10:38 - 2013-07-08 23:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2014-02-11 10:38 - 2013-07-06 01:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-02-11 10:38 - 2013-07-03 01:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-02-11 10:38 - 2013-07-03 01:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-02-11 10:38 - 2013-07-03 01:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-02-11 10:38 - 2013-07-03 01:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2014-02-11 10:38 - 2013-06-30 23:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2014-02-11 10:38 - 2013-06-30 23:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2014-02-11 10:38 - 2013-06-29 07:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-02-11 10:38 - 2013-06-29 07:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-02-11 10:38 - 2013-06-29 06:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-02-11 10:38 - 2013-06-26 04:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2014-02-11 10:38 - 2013-06-26 03:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2014-02-11 10:38 - 2013-06-24 23:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-02-11 10:38 - 2013-06-24 23:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-02-11 10:38 - 2013-06-24 23:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-02-11 10:38 - 2013-06-19 06:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2014-02-11 10:38 - 2013-06-19 06:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-02-11 10:38 - 2013-06-18 23:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2014-02-11 10:38 - 2013-06-18 23:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-02-11 10:38 - 2013-06-12 00:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2014-02-11 10:38 - 2013-06-12 00:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2014-02-11 10:38 - 2013-06-10 20:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-02-11 10:38 - 2013-06-10 20:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-02-11 10:38 - 2013-06-10 20:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-02-11 10:38 - 2013-06-10 20:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-02-11 10:38 - 2013-06-06 09:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-02-11 10:37 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-11 10:37 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-02-11 10:37 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-02-11 10:37 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-02-11 10:37 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-02-11 10:37 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-02-11 10:37 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-02-11 10:37 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-02-11 10:37 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-02-11 10:37 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-02-11 10:37 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-02-11 10:37 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-02-11 10:37 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-02-11 10:37 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-02-11 10:37 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-02-11 10:37 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-02-11 10:37 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-02-11 10:37 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-02-11 10:37 - 2013-10-03 23:09 - 00385528 _____ () C:\Windows\system32\ApnDatabase.xml
2014-02-11 10:37 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-02-11 10:37 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-02-11 10:37 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-02-11 10:37 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-02-11 10:37 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-02-11 10:37 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-02-11 10:37 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-11 10:37 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-02-11 10:37 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-02-11 10:37 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-02-11 10:37 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-02-11 10:37 - 2013-08-07 06:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-02-11 10:37 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-11 10:37 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-02-11 10:37 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-02-11 10:37 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2014-02-11 10:37 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-11 10:37 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-11 10:37 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-11 10:37 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-11 10:37 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-11 10:37 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-11 10:37 - 2013-05-04 07:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-02-11 10:37 - 2013-05-04 05:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-02-11 10:37 - 2013-04-11 23:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-02-11 10:37 - 2013-04-11 23:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-02-11 10:36 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-02-11 10:36 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-11 10:36 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-02-11 10:36 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-11 10:36 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-02-11 10:36 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-02-11 10:36 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-11 10:36 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-02-11 10:36 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-02-11 10:36 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-02-11 10:36 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-02-11 10:36 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-02-11 10:36 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-02-11 10:36 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-02-11 10:36 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-02-11 10:36 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-02-11 10:36 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2014-02-11 10:36 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-02-11 10:36 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-11 10:36 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-11 10:36 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2014-02-11 10:36 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-11 10:36 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-02-11 10:36 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-02-11 10:36 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-11 10:36 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-02-11 10:36 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-02-11 10:36 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-02-11 10:36 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-02-11 10:36 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-02-11 10:36 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-02-11 10:36 - 2013-08-16 06:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-02-11 10:36 - 2013-08-15 23:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-02-11 10:36 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-02-11 10:36 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-02-11 10:36 - 2013-07-13 07:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-02-11 10:36 - 2013-07-13 07:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-02-11 10:36 - 2013-07-13 07:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2014-02-11 10:36 - 2013-07-13 07:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2014-02-11 10:36 - 2013-07-13 05:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-02-11 10:36 - 2013-07-13 05:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2014-02-11 10:36 - 2013-07-13 05:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2014-02-11 10:36 - 2013-06-01 10:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-02-11 10:36 - 2013-06-01 10:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-02-11 10:36 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-02-11 10:36 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-02-11 10:36 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-02-11 10:36 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-02-05 23:56 - 2014-02-05 23:56 - 00001214 _____ () C:\Users\Joschi\Desktop\Invisible Man.lnk
2014-02-05 23:56 - 2014-02-05 23:56 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\DE_TheInvisibleMan_v_1_0_0
2014-02-01 20:23 - 2014-02-01 20:23 - 00001286 _____ () C:\Users\Public\Desktop\Dark Mysteries - Der Seelensammler.lnk
2014-02-01 20:23 - 2014-02-01 20:23 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\cerasus.media
2014-02-01 20:21 - 2014-02-01 20:23 - 00000000 ____D () C:\Program Files (x86)\Dark Mysteries - Der Seelensammler
2014-02-01 20:15 - 2014-02-01 20:15 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\ShamanGS
2014-02-01 20:14 - 2014-02-01 20:14 - 00001343 _____ () C:\Users\Joschi\Desktop\Dreamscapes - The Sandman.lnk
2014-02-01 20:11 - 2014-02-14 22:57 - 00000000 ____D () C:\Program Files (x86)\play+smile
2014-02-01 20:10 - 2014-02-14 22:56 - 00000032 _____ () C:\Windows\Setup.INI

==================== One Month Modified Files and Folders =======

2014-02-17 22:02 - 2014-02-17 22:02 - 00019662 _____ () C:\Users\Joschi\Downloads\FRST.txt
2014-02-17 22:02 - 2014-02-17 22:02 - 00000000 ____D () C:\FRST
2014-02-17 22:01 - 2014-02-17 22:01 - 02152448 _____ (Farbar) C:\Users\Joschi\Downloads\FRST64(1).exe
2014-02-17 22:00 - 2014-02-17 10:55 - 00000288 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-02-17 22:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-17 21:59 - 2014-02-17 21:59 - 01141248 _____ (Farbar) C:\Users\Joschi\Downloads\FRST.exe
2014-02-17 21:58 - 2013-10-23 07:38 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-02-17 21:57 - 2013-10-23 07:36 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-02-17 21:56 - 2013-02-18 10:03 - 00000401 _____ () C:\Users\Joschi\AppData\Roaming\sp_data.sys
2014-02-17 21:55 - 2014-02-17 10:55 - 00000282 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-02-17 21:55 - 2014-02-17 10:54 - 00001506 _____ () C:\Windows\Tasks\Feven Pro-updater.job
2014-02-17 21:55 - 2014-02-17 10:54 - 00001462 _____ () C:\Windows\Tasks\Feven Pro-codedownloader.job
2014-02-17 21:55 - 2014-02-17 10:54 - 00001360 _____ () C:\Windows\Tasks\Feven Pro-enabler.job
2014-02-17 21:55 - 2014-02-17 10:53 - 00003094 _____ () C:\Windows\Tasks\Feven Pro-chromeinstaller.job
2014-02-17 21:55 - 2014-02-17 10:53 - 00002262 _____ () C:\Windows\Tasks\Feven Pro-firefoxinstaller.job
2014-02-17 21:55 - 2014-02-17 10:53 - 00000394 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-02-17 21:55 - 2014-02-17 10:53 - 00000380 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-02-17 12:36 - 2013-10-23 07:36 - 00000304 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-02-17 12:13 - 2014-02-17 12:13 - 02152448 _____ (Farbar) C:\Users\Joschi\Downloads\FRST64.exe
2014-02-17 11:49 - 2013-02-19 09:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 11:15 - 2014-02-17 11:14 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-02-17 11:14 - 2014-02-17 11:14 - 00825216 _____ (AnyProtect.com) C:\Users\Joschi\AppData\Local\nseD7D0.tmp
2014-02-17 11:14 - 2014-02-17 11:14 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2014-02-17 11:04 - 2014-02-17 10:53 - 00000000 ____D () C:\Program Files (x86)\Re-markit
2014-02-17 10:55 - 2014-02-17 10:55 - 00003182 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-02-17 10:55 - 2014-02-17 10:55 - 00002486 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2014-02-17 10:55 - 2014-02-17 10:55 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Uniblue
2014-02-17 10:55 - 2012-10-23 23:28 - 01161483 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 10:54 - 2014-02-17 10:54 - 00004510 _____ () C:\Windows\System32\Tasks\Feven Pro-updater
2014-02-17 10:54 - 2014-02-17 10:54 - 00004466 _____ () C:\Windows\System32\Tasks\Feven Pro-codedownloader
2014-02-17 10:54 - 2014-02-17 10:54 - 00004364 _____ () C:\Windows\System32\Tasks\Feven Pro-enabler
2014-02-17 10:54 - 2014-02-17 10:54 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-02-17 10:54 - 2014-02-17 10:54 - 00000000 ____D () C:\ProgramData\WPM
2014-02-17 10:54 - 2014-02-17 10:54 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-17 10:54 - 2013-02-18 10:02 - 00000000 ___RD () C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 10:53 - 2014-02-17 10:53 - 00003036 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-02-17 10:53 - 2014-02-17 10:53 - 00002962 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-02-17 10:53 - 2014-02-17 10:53 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\VOPackage
2014-02-17 10:53 - 2014-02-17 10:53 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\awesomehp
2014-02-17 10:53 - 2013-02-19 09:39 - 00001365 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-17 10:53 - 2013-02-18 10:02 - 00001668 _____ () C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-17 10:52 - 2014-02-17 10:52 - 00330240 _____ () C:\Users\Joschi\Downloads\Java.exe
2014-02-16 21:51 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-02-16 01:09 - 2014-02-16 01:09 - 00002109 _____ () C:\Users\Public\Desktop\Fallen Shadows – Schatten der Kindheit.lnk
2014-02-16 01:07 - 2014-02-16 01:07 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Happy Muffin Top
2014-02-15 23:53 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-02-15 23:53 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-02-15 23:53 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 23:48 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-15 23:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-02-15 23:39 - 2013-02-19 09:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 11:05 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-02-14 23:47 - 2014-02-14 23:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 23:33 - 2014-02-14 22:59 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\GhostPainting
2014-02-14 22:58 - 2014-02-14 22:58 - 00001401 _____ () C:\Users\Joschi\Desktop\Walsingham‘s Manor - Verlies der Seelen.lnk
2014-02-14 22:57 - 2014-02-01 20:11 - 00000000 ____D () C:\Program Files (x86)\play+smile
2014-02-14 22:56 - 2014-02-01 20:10 - 00000032 _____ () C:\Windows\Setup.INI
2014-02-14 00:54 - 2014-02-14 00:54 - 00000000 ____D () C:\Users\Joschi\Documents\PassionFruit Games
2014-02-14 00:52 - 2014-02-11 21:19 - 00000000 ____D () C:\Program Files (x86)\Purplehills
2014-02-14 00:48 - 2014-02-14 00:48 - 00001519 _____ () C:\Users\Joschi\Desktop\Mysteriez - Versteckte Zahlen - Verknüpfung.lnk
2014-02-14 00:48 - 2014-02-14 00:48 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Absolutist
2014-02-14 00:45 - 2014-02-14 00:45 - 00002004 _____ () C:\Users\Joschi\Desktop\Vampirsaga 3 - Der Ausbruch - Verknüpfung.lnk
2014-02-13 21:48 - 2014-02-13 21:48 - 00001573 _____ () C:\Users\Joschi\Desktop\Vampire Saga - Welcome to Hell Lock - Verknüpfung.lnk
2014-02-13 21:48 - 2014-02-13 21:48 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\VampireSagaHL
2014-02-13 09:13 - 2013-02-18 10:02 - 00000000 ___RD () C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-13 09:11 - 2014-02-13 09:11 - 00301200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-13 09:10 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-02-13 09:09 - 2012-07-26 06:37 - 00000000 ____D () C:\Windows\servicing
2014-02-13 09:04 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-02-13 09:04 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-02-13 09:03 - 2012-07-26 10:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-13 09:03 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-02-13 09:03 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-13 09:03 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-13 09:03 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-02-13 09:02 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-02-13 09:02 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-02-11 21:24 - 2014-02-11 21:24 - 00001197 _____ () C:\Users\Joschi\Desktop\VampireSaga - Verknüpfung.lnk
2014-02-11 21:24 - 2014-02-11 21:24 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\VampireSaga
2014-02-10 22:36 - 2013-10-23 07:21 - 00000000 ____D () C:\Program Files (x86)\Whilokii
2014-02-10 21:43 - 2013-02-25 10:34 - 00000000 ____D () C:\Users\Joschi\AppData\Local\Adobe
2014-02-10 21:43 - 2013-02-19 09:43 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 23:56 - 2014-02-05 23:56 - 00001214 _____ () C:\Users\Joschi\Desktop\Invisible Man.lnk
2014-02-05 23:56 - 2014-02-05 23:56 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\DE_TheInvisibleMan_v_1_0_0
2014-02-01 20:23 - 2014-02-01 20:23 - 00001286 _____ () C:\Users\Public\Desktop\Dark Mysteries - Der Seelensammler.lnk
2014-02-01 20:23 - 2014-02-01 20:23 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\cerasus.media
2014-02-01 20:23 - 2014-02-01 20:21 - 00000000 ____D () C:\Program Files (x86)\Dark Mysteries - Der Seelensammler
2014-02-01 20:15 - 2014-02-01 20:15 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\ShamanGS
2014-02-01 20:15 - 2013-02-18 09:58 - 00000000 ____D () C:\Users\Joschi\AppData\Local\VirtualStore
2014-02-01 20:14 - 2014-02-01 20:14 - 00001343 _____ () C:\Users\Joschi\Desktop\Dreamscapes - The Sandman.lnk
2014-01-30 22:10 - 2014-02-13 09:09 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2014-02-13 09:09 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Joschi\AppData\Local\Temp\AskSLib.dll
C:\Users\Joschi\AppData\Local\Temp\avgnt.exe
C:\Users\Joschi\AppData\Local\Temp\BackupSetup.exe
C:\Users\Joschi\AppData\Local\Temp\install_flashplayer11x32_ltr5x64d_awc_aih.exe
C:\Users\Joschi\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-16 21:20

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2014
Ran by Joschi at 2014-02-17 22:03:56
Running from C:\Users\Joschi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.4.144 - Adobe Systems, Inc.)
Advanced System Protector (x32 Version: 2.1.1000.12150 - Systweak Software) <==== ATTENTION
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
AnyProtect (x32 Version: 1.0.0.0 - CMI Limited)
ASUS Instant Connect (x32 Version: 1.2.8 - ASUS)
ASUS InstantOn (x32 Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (x32 Version: 3.1.4 - ASUS)
ASUS Live Update (x32 Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (x32 Version: 1.0.32 - ASUS)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.03.0004 - ASUS)
ASUS Tutor (x32 Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (x32 Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (x32 Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (x32 Version: 2.0.10.168 - ASUSTEK)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (x32 Version: 1.0.0023 - ASUS)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
awesomehp Browser newtab extension (x32 Version:  - awesomehp)
Big City Adventure(TM) - New York City (x32 Version:  - zylom)
BlueStacks App Player (x32 Version: 0.7.17.916 - BlueStack Systems, Inc.)
BlueStacks Notification Center (x32 Version: 0.7.17.916 - BlueStack Systems, Inc.)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
Dark Mysteries - Der Seelensammler (x32 Version:  - cerasus.media GmbH)
Dreamscapes - The Sandman (x32 Version:  - rondomedia Marketing & Vertriebs GmbH)
Extended Update (HKCU Version:  - )
Fallen Shadows - Schatten der Kindheit (x32 Version: 1.0.0 - Happy Muffin Top)
Feven Pro (x32 Version: 1.34.2.13 - Feven) <==== ATTENTION
Fishdom H2O - Hidden Odyssey(TM) (x32 Version:  - zylom)
IePluginService12.27.0.3326 (x32 Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Invisible Man (x32 Version:  - rondomedia Marketing & Vertriebs GmbH)
Magic Academy (x32 Version:  - zylom)
Microsoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (x32 Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (x32 Version: 21.005.15.00.705 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 27.0.1 (x86 de) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0.1 - Mozilla)
MyPC Backup  (Version:  - JDi Backup Ltd) <==== ATTENTION
Mysteriez - Versteckte Zahlen (x32 Version:  - )
Online Games Manager v1.21 (x32 Version: 1.21.2 - Real Networks, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PricePeep (x32 Version: 2.2.0.3 - betwikx LLC) <==== ATTENTION
Ralink RT2860 Wireless LAN Card (x32 Version: 1.2.0.40 - Ralink)
Re-markit (x32 Version:  - Re-markit Software) <==== ATTENTION
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Sherlock Holmes and The Hound of The Baskervilles (x32 Version:  - zylom)
SpeedUpMyPC (x32 Version: 6.0.1.1 - Uniblue Systems Limited)
Spirit Walkers - Curse of the Cypress Witch (x32 Version:  - zylom)
SupTab (x32 Version: 1.1.1.0 - ) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Temple of Life - The Legend of Four Elements (x32 Version:  - zylom)
Tiger Eye (x32 Version:  - )
Twisted Lands - Shadow Town Premium Edition (x32 Version:  - zylom)
Vampir Saga (x32 Version:  - )
Vampire Saga - Welcome to Hell Lock (x32 Version:  - )
Vampirsaga 3 - Der Ausbruch (x32 Version:  - )
VIA Platform Device Manager (x32 Version: 1.39 - VIA Technologies, Inc.)
VO Package (x32 Version: 1.0.0.0 - )
Walsingham‘s Manor - Verlies der Seelen (x32 Version:  - rondomedia Marketing & Vertriebs GmbH)
Whilokii 1.0.0 (Version: 1.0.0 - Whilokii) <==== ATTENTION
Windows Driver Package - ASUS (ATP) Mouse  (08/27/2012 1.0.0.125) (Version: 08/27/2012 1.0.0.125 - ASUS)
WinFlash (x32 Version: 2.41.1 - ASUS)
WPM17.8.0.3325 (x32 Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Restore Points  =========================

26-01-2014 11:30:06 Geplanter Prüfpunkt
04-02-2014 22:19:23 Geplanter Prüfpunkt
12-02-2014 22:11:29 Windows Update
15-02-2014 09:13:14 Windows Modules Installer
17-02-2014 09:53:50 Uniblue SpeedUpMyPC installation

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {141664A6-ADE8-44F1-A047-F92420799A0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-10] (Adobe Systems Incorporated)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {201D4347-5C1B-436E-9985-8E885FF6A5F5} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit\Re-markit_wd.exe [2014-02-17] () <==== ATTENTION
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {328A5A9C-DE94-420D-AFF4-4E18DFCB5F5C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {3931CC22-9967-47EE-BD58-9C5B3135E5BF} - System32\Tasks\Feven Pro-enabler => C:\Program Files (x86)\Feven Pro\Feven Pro-enabler.exe <==== ATTENTION
Task: {3D21014E-6491-4CB4-BAC7-B8F8A5D2E9B8} - System32\Tasks\Feven Pro-firefoxinstaller => C:\Program Files (x86)\Feven Pro\Feven Pro-firefoxinstaller.exe <==== ATTENTION
Task: {3F51F86A-4B76-4BF1-B2D9-76188F40EE10} - System32\Tasks\Feven Pro-updater => C:\Program Files (x86)\Feven Pro\Feven Pro-updater.exe <==== ATTENTION
Task: {4FD10073-458F-44DA-BB56-4AD3F1E8477A} - System32\Tasks\Feven Pro-codedownloader => C:\Program Files (x86)\Feven Pro\Feven Pro-codedownloader.exe <==== ATTENTION
Task: {852F0462-6F82-46DE-8FAA-C8B218418064} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {A0D8F2BA-B7BB-4E72-A924-A99EDEBA8289} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2013-10-04] (Systweak) <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BBA3A79A-DFF5-42AA-80FA-F2B5E9F1CF84} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: {BD48E47C-8E91-4EF3-AA40-6459068FEFEA} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D18A15C6-F51A-4EF3-ABAD-FCE1ACDA6111} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {D5AB0C5C-71A0-4C86-89D6-7AA0CC19643F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {DA007ABD-B24E-4A2A-86D3-F65574868A7C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {E016697D-59AE-4FFC-B8D8-3FDD1091996D} - System32\Tasks\Feven Pro-chromeinstaller => C:\Program Files (x86)\Feven Pro\Feven Pro-chromeinstaller.exe <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F494D5FD-79A2-42DA-8FB1-32752E34ACE2} - System32\Tasks\UpdaterEX => C:\Users\Joschi\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {FF97E558-7429-4756-A78B-167E9D0FDDB7} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Feven Pro-chromeinstaller.job => C:\Program Files (x86)\Feven Pro\Feven Pro-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven Pro-codedownloader.job => C:\Program Files (x86)\Feven Pro\Feven Pro-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven Pro-enabler.job => C:\Program Files (x86)\Feven Pro\Feven Pro-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven Pro-firefoxinstaller.job => C:\Program Files (x86)\Feven Pro\Feven Pro-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven Pro-updater.job => C:\Program Files (x86)\Feven Pro\Feven Pro-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit\Re-markit_wd.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Joschi\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-02-17 10:53 - 2014-02-17 10:53 - 00093184 _____ () C:\Program Files (x86)\Re-markit\Re-markit_wd.exe
2012-10-23 23:16 - 2012-08-16 11:04 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-10-23 23:16 - 2012-08-16 11:04 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-09-21 03:56 - 2012-08-15 18:52 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-02-06 16:19 - 2014-02-06 16:19 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-02-06 16:13 - 2014-02-06 16:13 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2013-10-23 07:36 - 2012-07-25 11:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
2013-10-23 07:36 - 2013-10-04 17:20 - 01730928 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll
2013-10-23 07:36 - 2012-07-25 11:03 - 00168448 _____ () C:\Program Files (x86)\Advanced System Protector\UNRAR.DLL
2012-08-24 17:17 - 2012-08-24 17:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-02-14 23:47 - 2014-02-14 23:47 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2014 11:49:04 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/15/2014 11:44:54 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/15/2014 11:40:04 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/15/2014 10:32:53 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_44.exe, Version: 12.0.0.44, Zeitstempel: 0x52e70cce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02e473b0
ID des fehlerhaften Prozesses: 0x1130
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_44.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_44.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_44.exe2
Berichtskennung: FlashPlayerPlugin_12_0_0_44.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_12_0_0_44.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_12_0_0_44.exe5

Error: (02/14/2014 00:03:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_44.exe, Version: 12.0.0.44, Zeitstempel: 0x52e70cce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02a72be0
ID des fehlerhaften Prozesses: 0x704
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_44.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_44.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_44.exe2
Berichtskennung: FlashPlayerPlugin_12_0_0_44.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_12_0_0_44.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_12_0_0_44.exe5

Error: (02/14/2014 10:59:15 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_44.exe, Version: 12.0.0.44, Zeitstempel: 0x52e70cce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02c07408
ID des fehlerhaften Prozesses: 0x1290
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_44.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_44.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_44.exe2
Berichtskennung: FlashPlayerPlugin_12_0_0_44.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_12_0_0_44.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_12_0_0_44.exe5

Error: (02/14/2014 10:34:21 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d293
Name des fehlerhaften Moduls: NPSWF32_12_0_0_44.dll, Version: 12.0.0.44, Zeitstempel: 0x52e70f10
Ausnahmecode: 0x40000015
Fehleroffset: 0x00355cbb
ID des fehlerhaften Prozesses: 0x4dc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (02/13/2014 11:55:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Vampire Saga - Welcome to Hell Lock.exe, Version: 1.2.3.4, Zeitstempel: 0x4e1e7853
Name des fehlerhaften Moduls: Vampire Saga - Welcome to Hell Lock.exe, Version: 1.2.3.4, Zeitstempel: 0x4e1e7853
Ausnahmecode: 0x40000015
Fehleroffset: 0x000ed833
ID des fehlerhaften Prozesses: 0xfd8
Startzeit der fehlerhaften Anwendung: 0xVampire Saga - Welcome to Hell Lock.exe0
Pfad der fehlerhaften Anwendung: Vampire Saga - Welcome to Hell Lock.exe1
Pfad des fehlerhaften Moduls: Vampire Saga - Welcome to Hell Lock.exe2
Berichtskennung: Vampire Saga - Welcome to Hell Lock.exe3
Vollständiger Name des fehlerhaften Pakets: Vampire Saga - Welcome to Hell Lock.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Vampire Saga - Welcome to Hell Lock.exe5

Error: (02/13/2014 09:12:15 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/13/2014 09:08:50 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (02/16/2014 09:20:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5 unter Windows 8 und Windows Server 2012 für x64-basierte Systeme (KB2898866)

Error: (02/16/2014 09:20:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB2916036)

Error: (02/16/2014 09:20:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5 unter Windows 8 und Windows Server 2012 für x64-basierte Systeme (KB2901120)

Error: (02/16/2014 09:20:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4.5 unter Windows 8 und Windows Server 2012 für x64-basierte Systeme (KB2901119)

Error: (02/16/2014 09:20:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB2904659)

Error: (02/16/2014 09:20:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB2909210)

Error: (02/16/2014 09:20:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Microsoft .NET Framework 3.5 unter Windows 8 und Windows Server 2012 für x64-basierte Systeme (KB2836946)

Error: (02/16/2014 09:20:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2911101)

Error: (02/16/2014 09:20:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB2871690)

Error: (02/16/2014 09:20:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2843630)


Microsoft Office Sessions:
=========================
Error: (02/15/2014 11:49:04 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/15/2014 11:44:54 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/15/2014 11:40:04 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/15/2014 10:32:53 AM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_12_0_0_44.exe12.0.0.4452e70cceunknown0.0.0.000000000c000000502e473b0113001cf2a2ef43af6f1C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exeunknown2429dfc2-9624-11e3-8066-08606e4af0d0

Error: (02/14/2014 00:03:12 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_12_0_0_44.exe12.0.0.4452e70cceunknown0.0.0.000000000c000000502a72be070401cf29720f8b0425C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exeunknown97df2c60-9567-11e3-8066-08606e4af0d0

Error: (02/14/2014 10:59:15 AM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_12_0_0_44.exe12.0.0.4452e70cceunknown0.0.0.000000000c000000502c07408129001cf2967fe123c39C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exeunknowna8ffc6f6-955e-11e3-8066-08606e4af0d0

Error: (02/14/2014 10:34:21 AM) (Source: Application Error)(User: )
Description: plugin-container.exe26.0.0.508752a0d293NPSWF32_12_0_0_44.dll12.0.0.4452e70f104000001500355cbb4dc01cf29651cec6c01C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_12_0_0_44.dll2e804cc8-955b-11e3-8066-08606e4af0d0

Error: (02/13/2014 11:55:11 PM) (Source: Application Error)(User: )
Description: Vampire Saga - Welcome to Hell Lock.exe1.2.3.44e1e7853Vampire Saga - Welcome to Hell Lock.exe1.2.3.44e1e785340000015000ed833fd801cf28fcff31ff56C:\Program Files (x86)\Purplehills\Vampire Saga - Welcome to Hell Lock\Vampire Saga - Welcome to Hell Lock.exeC:\Program Files (x86)\Purplehills\Vampire Saga - Welcome to Hell Lock\Vampire Saga - Welcome to Hell Lock.exee43d9775-9501-11e3-8066-08606e4af0d0

Error: (02/13/2014 09:12:15 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/13/2014 09:08:50 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 3979.81 MB
Available physical RAM: 2251.09 MB
Total Pagefile: 5003.81 MB
Available Pagefile: 2916.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:123.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:219.38 GB) (Free:219.26 GB) NTFS
Drive e: (Wimmelbildbox 7) (CDROM) (Total:1.27 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 944CB54D)

Partition: GPT Partition Type
==================== End Of Log ============================

cosinus · 17.02.2014, 22:52

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

vb1887 · 17.02.2014, 23:45

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.17.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
Joschi :: POU [limited]

17.02.2014 23:01:38
mbar-log-2014-02-17 (23-01-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 254899
Time elapsed: 35 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 14
HKLM\SOFTWARE\CLASSES\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B} (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B} (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PricePeep.PricePeepBho.1 (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PricePeep.PricePeepBho (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PricePeep.PricePeepBho (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PricePeep.PricePeepBho.1 (Adware.Agent) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\PricePeep\pricepeep.dll (Adware.Agent) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 17.02.2014, 23:48

Neuen Lauf mit MBAR machen

vb1887 · 18.02.2014, 00:36

Jetzt wurde nichts mehr gefunden

Code:

ATTFilter

alwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Non-administrative

Internet Explorer version: 10.0.9200.16599

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.295000 GHz
Memory total: 4173135872, free: 2149539840

Downloaded database version: v2014.02.17.08
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     02/17/2014 23:01:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C63x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\AsusTP.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbfiltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\drivers\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800490d420
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000038\
Lower Device Object: 0xfffffa80043487f0
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800490d420, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800498d040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800490d420, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8003653660, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80043487f0, DeviceName: \Device\00000038\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 944CB54D

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 976773167

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2577975715
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid 3b8ce02e-d9c8-4c0e-9577-ce6d9cab2655
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2577975715
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid 3b8ce02e-d9c8-4c0e-9577-ce6d9cab2655
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 6a6efe0-e39a-4b29-8f2d-7e87cfa8cf8
    FirstLBA 2048  Last LBA 616447
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 0 is bootable
    Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID a1f5d742-d1a7-446a-aa33-50492651b0fe
    FirstLBA 616448  Last LBA 1845247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 3f2df1f8-721-4d3b-93ef-b79329e3967c
    FirstLBA 1845248  Last LBA 2107391
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID c4417851-4959-4f93-b63c-a24bf35326
    FirstLBA 2107392  Last LBA 392816639
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 4686f603-5c2c-4f0f-b976-b77031a546de
    FirstLBA 392816640  Last LBA 852889599
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID da38c879-85ea-4ee7-84af-3bb49772b24
    FirstLBA 934809600  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} --> [Adware.Agent]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} --> [Adware.Agent]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B} --> [Adware.Agent]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} --> [Adware.Agent]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B} --> [Adware.Agent]
Infected: C:\Program Files (x86)\PricePeep\pricepeep.dll --> [Adware.Agent]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} --> [Adware.Agent]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} --> [Adware.Agent]
Infected: HKLM\SOFTWARE\CLASSES\PricePeep.PricePeepBho.1 --> [Adware.Agent]
Infected: HKLM\SOFTWARE\CLASSES\PricePeep.PricePeepBho --> [Adware.Agent]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\PricePeep.PricePeepBho --> [Adware.Agent]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} --> [Adware.Agent]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\PricePeep.PricePeepBho.1 --> [Adware.Agent]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} --> [Adware.Agent]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} --> [Adware.Agent]
Infected file C:\Users\Joschi\AppData\Local\Temp\is1275519350\36876958_stp\wajam_validate.exe could not be remediated because backup file is not available
Infected file C:\Users\Joschi\AppData\Local\Temp\is45637729\128125723_stp\wajam_validate.exe could not be remediated because backup file is not available
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16599

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.295000 GHz
Memory total: 4173135872, free: 2677428224

=======================================
Initializing...
------------ Kernel report ------------
     02/17/2014 23:51:50
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C63x64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\AsusTP.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbfiltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\drivers\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80049ad6b0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000038\
Lower Device Object: 0xfffffa80044277f0
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80049ad6b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80049ac040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80049ad6b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8004347670, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80044277f0, DeviceName: \Device\00000038\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 944CB54D

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 976773167

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2577975715
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid 3b8ce02e-d9c8-4c0e-9577-ce6d9cab2655
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2577975715
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid 3b8ce02e-d9c8-4c0e-9577-ce6d9cab2655
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 6a6efe0-e39a-4b29-8f2d-7e87cfa8cf8
    FirstLBA 2048  Last LBA 616447
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 0 is bootable
    Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID a1f5d742-d1a7-446a-aa33-50492651b0fe
    FirstLBA 616448  Last LBA 1845247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 3f2df1f8-721-4d3b-93ef-b79329e3967c
    FirstLBA 1845248  Last LBA 2107391
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID c4417851-4959-4f93-b63c-a24bf35326
    FirstLBA 2107392  Last LBA 392816639
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 4686f603-5c2c-4f0f-b976-b77031a546de
    FirstLBA 392816640  Last LBA 852889599
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID da38c879-85ea-4ee7-84af-3bb49772b24
    FirstLBA 934809600  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Infected file C:\Users\Joschi\AppData\Local\Temp\is1275519350\36876958_stp\wajam_validate.exe could not be remediated because backup file is not available
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-r.mbam...
Removal finished

Das wollte ich eigentlich einfügen

Code:

ATTFilter

alwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.17.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
Joschi :: POU [administrator]

17.02.2014 23:51:55
mbar-log-2014-02-17 (23-51-55).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 254920
Time elapsed: 37 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 18.02.2014, 00:41

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

vb1887 · 18.02.2014, 01:00

Das hier schon mal

Code:

ATTFilter

# AdwCleaner v3.019 - Bericht erstellt am 18/02/2014 um 00:44:06
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Joschi - POU
# Gestartet von : C:\Users\Joschi\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : BackupStack
Dienst Gelöscht : IePluginService
[#] Dienst Gelöscht : update whilokii
[#] Dienst Gelöscht : Util Whilokii
Dienst Gelöscht : Wpm

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Alawar Stargaze
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue
Ordner Gelöscht : C:\Program Files (x86)\Advanced System Protector
Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\PricePeep
Ordner Gelöscht : C:\Program Files (x86)\Re-markit
Ordner Gelöscht : C:\Program Files (x86)\Whilokii
Ordner Gelöscht : C:\Users\Joschi\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Joschi\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Joschi\AppData\Roaming\quickclick
Ordner Gelöscht : C:\Users\Joschi\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Joschi\AppData\Roaming\uniblue
Ordner Gelöscht : C:\Users\Joschi\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\Joschi\AppData\Roaming\Alawar Stargaze
Ordner Gelöscht : C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Ordner Gelöscht : C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\Joschi\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\Extensions\46bccaaa-4500-481e-8908-9384802e175a@89a8fdd1-d807-4096-8025-a41093fce600.com
Ordner Gelöscht : C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\Extensions\lightningnewtab@gmail.com
Datei Gelöscht : C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\Extensions\pricepeep@getpricepeep.com.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector_startup
Datei Gelöscht : C:\Windows\Tasks\Re-markit Update.job
Datei Gelöscht : C:\Windows\System32\Tasks\Re-markit Update
Datei Gelöscht : C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
Datei Gelöscht : C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
Datei Gelöscht : C:\Windows\Tasks\UpdaterEX.job
Datei Gelöscht : C:\Windows\System32\Tasks\UpdaterEX

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Joschi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Joschi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lightningnewtab@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051678.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051678.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051678.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051678.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511161178}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522162278}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555165578}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566166678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B0295E2-967E-439E-9560-807D9F625B57}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544164478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511161178}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511161178}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522162278}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555165578}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566166678}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511161178}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\UpdaterEX
Schlüssel Gelöscht : HKCU\Software\Whilokii
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PricePeep
Schlüssel Gelöscht : HKLM\Software\caphyon
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Whilokii
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\supTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Whilokii

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\prefs.js ]

Zeile gelöscht : user_pref("accessibility.lightning.homepage", "hxxp://www.awesomehp.com/?type=hp&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "awesomehp");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "awesomehp");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.awesomehp.com/?type=hp&ts=1392630816&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q079AWR079AWRX");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1443f4ae7ccd7bb5283fd10e54e52693");

*************************

AdwCleaner[R0].txt - [13771 octets] - [18/02/2014 00:43:26]
AdwCleaner[S0].txt - [11126 octets] - [18/02/2014 00:44:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11187 octets] ##########

und das

Code:

ATTFilter

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8 x64
Ran by Joschi on 18.02.2014 at  0:53:29,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update whilokii
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasapi32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatewhilokii_rasapi32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatewhilokii_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8830D860-4AFE-46DC-A964-113A5D15A734}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Joschi\AppData\Roaming\mozilla\firefox\profiles\t6ma2sc2.default\minidumps [109 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.02.2014 at  0:57:05,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und das letzte

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by Joschi (administrator) on POU on 18-02-2014 00:59:03
Running from C:\Users\Joschi\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
() C:\Users\Joschi\AppData\Roaming\VOPackage\VOsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Farbar) C:\Users\Joschi\Downloads\FRST64(2).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ASUSQuickGesture(x86)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {233d1340-1d5d-11e2-be6a-806e6f6e6963} - "E:\Setup.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {3afa1282-35d9-11e3-8034-08606e4af0d0} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {3afa12cd-35d9-11e3-8034-08606e4af0d0} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3714319823-260000009-872883684-1001\...\MountPoints2: {f83a432c-35dc-11e3-8035-001e101fb2d1} - "F:\AutoRun.exe" 

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ASUS Browser Extension x64 - {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
BHO-x32: ASUS Browser Extension x86 - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3C2D7332-A7C1-4F97-8147-E75AFF9BA2B1}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default
FF NewTab: chrome://lightning/content/newtab.html
FF SearchEngineOrder.1: Ask.com
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Extension_Protected - C:\Users\Joschi\AppData\Roaming\Mozilla\Firefox\Profiles\t6ma2sc2.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-17]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-10-15] ()
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
R2 VOsrv; C:\Users\Joschi\AppData\Roaming\VOPackage\VOsrv.exe [61456 2014-02-15] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
S2 Re-markit; C:\Program Files (x86)\Re-markit\Re-markit154.exe [X]

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
U0 msahci; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-18 00:58 - 2014-02-18 00:58 - 02152448 _____ (Farbar) C:\Users\Joschi\Downloads\FRST64(2).exe
2014-02-18 00:57 - 2014-02-18 00:57 - 00001458 _____ () C:\Users\Joschi\Desktop\JRT.txt
2014-02-18 00:53 - 2014-02-18 00:53 - 01037530 _____ (Thisisu) C:\Users\Joschi\Downloads\JRT(1).exe
2014-02-18 00:50 - 2014-02-18 00:50 - 01037530 _____ (Thisisu) C:\Users\Joschi\Downloads\JRT.exe
2014-02-18 00:50 - 2014-02-18 00:50 - 00000000 ____D () C:\Windows\ERUNT
2014-02-18 00:43 - 2014-02-18 00:44 - 00000000 ____D () C:\AdwCleaner
2014-02-18 00:42 - 2014-02-18 00:43 - 01241834 _____ () C:\Users\Joschi\Downloads\adwcleaner.exe
2014-02-18 00:11 - 2014-02-18 00:11 - 00001054 _____ () C:\Users\Joschi\Desktop\Continue VuuPC Installation.lnk
2014-02-17 23:01 - 2014-02-17 23:51 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-17 23:01 - 2014-02-17 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 23:00 - 2014-02-18 00:31 - 00000000 ____D () C:\Users\Joschi\Desktop\mbar
2014-02-17 23:00 - 2014-02-17 23:51 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-17 23:00 - 2014-02-17 23:00 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Joschi\Downloads\mbar-1.07.0.1009.exe
2014-02-17 22:03 - 2014-02-17 22:13 - 00026993 _____ () C:\Users\Joschi\Downloads\Addition.txt
2014-02-17 22:02 - 2014-02-18 00:59 - 00012870 _____ () C:\Users\Joschi\Downloads\FRST.txt
2014-02-17 22:02 - 2014-02-18 00:59 - 00000000 ____D () C:\FRST
2014-02-17 22:01 - 2014-02-17 22:01 - 02152448 _____ (Farbar) C:\Users\Joschi\Downloads\FRST64(1).exe
2014-02-17 21:59 - 2014-02-17 21:59 - 01141248 _____ (Farbar) C:\Users\Joschi\Downloads\FRST.exe
2014-02-17 12:13 - 2014-02-17 12:13 - 02152448 _____ (Farbar) C:\Users\Joschi\Downloads\FRST64.exe
2014-02-17 11:14 - 2014-02-17 11:14 - 00825216 _____ (AnyProtect.com) C:\Users\Joschi\AppData\Local\nseD7D0.tmp
2014-02-17 10:55 - 2014-02-18 00:46 - 00000282 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-02-17 10:55 - 2014-02-17 10:55 - 00002486 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2014-02-17 10:54 - 2014-02-18 00:46 - 00001506 _____ () C:\Windows\Tasks\Feven Pro-updater.job
2014-02-17 10:54 - 2014-02-18 00:46 - 00001462 _____ () C:\Windows\Tasks\Feven Pro-codedownloader.job
2014-02-17 10:54 - 2014-02-18 00:46 - 00001360 _____ () C:\Windows\Tasks\Feven Pro-enabler.job
2014-02-17 10:54 - 2014-02-17 10:54 - 00004510 _____ () C:\Windows\System32\Tasks\Feven Pro-updater
2014-02-17 10:54 - 2014-02-17 10:54 - 00004466 _____ () C:\Windows\System32\Tasks\Feven Pro-codedownloader
2014-02-17 10:54 - 2014-02-17 10:54 - 00004364 _____ () C:\Windows\System32\Tasks\Feven Pro-enabler
2014-02-17 10:53 - 2014-02-18 00:46 - 00003094 _____ () C:\Windows\Tasks\Feven Pro-chromeinstaller.job
2014-02-17 10:53 - 2014-02-18 00:46 - 00002262 _____ () C:\Windows\Tasks\Feven Pro-firefoxinstaller.job
2014-02-17 10:53 - 2014-02-18 00:46 - 00000380 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-02-17 10:53 - 2014-02-17 10:53 - 00002962 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-02-17 10:53 - 2014-02-17 10:53 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\VOPackage
2014-02-17 10:53 - 2014-02-17 10:53 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\awesomehp
2014-02-17 10:52 - 2014-02-17 10:52 - 00330240 _____ () C:\Users\Joschi\Downloads\Java.exe
2014-02-16 01:09 - 2014-02-16 01:09 - 00002109 _____ () C:\Users\Public\Desktop\Fallen Shadows – Schatten der Kindheit.lnk
2014-02-16 01:07 - 2014-02-16 01:07 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Happy Muffin Top
2014-02-14 23:47 - 2014-02-14 23:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 22:59 - 2014-02-15 00:49 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\GhostPainting
2014-02-14 22:58 - 2014-02-14 22:58 - 00001401 _____ () C:\Users\Joschi\Desktop\Walsingham‘s Manor - Verlies der Seelen.lnk
2014-02-14 00:54 - 2014-02-14 00:54 - 00000000 ____D () C:\Users\Joschi\Documents\PassionFruit Games
2014-02-14 00:48 - 2014-02-14 00:48 - 00001519 _____ () C:\Users\Joschi\Desktop\Mysteriez - Versteckte Zahlen - Verknüpfung.lnk
2014-02-14 00:48 - 2014-02-14 00:48 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Absolutist
2014-02-14 00:45 - 2014-02-14 00:45 - 00002004 _____ () C:\Users\Joschi\Desktop\Vampirsaga 3 - Der Ausbruch - Verknüpfung.lnk
2014-02-13 21:48 - 2014-02-13 21:48 - 00001573 _____ () C:\Users\Joschi\Desktop\Vampire Saga - Welcome to Hell Lock - Verknüpfung.lnk
2014-02-13 21:48 - 2014-02-13 21:48 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\VampireSagaHL
2014-02-13 09:11 - 2014-02-13 09:11 - 00301200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-13 09:09 - 2014-01-30 22:10 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-13 09:09 - 2014-01-30 22:10 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-13 00:15 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 00:15 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 00:15 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 00:15 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 21:24 - 2014-02-11 21:24 - 00001197 _____ () C:\Users\Joschi\Desktop\VampireSaga - Verknüpfung.lnk
2014-02-11 21:24 - 2014-02-11 21:24 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\VampireSaga
2014-02-11 21:19 - 2014-02-14 00:52 - 00000000 ____D () C:\Program Files (x86)\Purplehills
2014-02-11 10:45 - 2013-06-16 23:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-02-11 10:45 - 2013-06-01 12:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-02-11 10:45 - 2013-06-01 12:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-02-11 10:45 - 2013-06-01 12:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-02-11 10:45 - 2013-06-01 11:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-02-11 10:45 - 2013-06-01 10:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-02-11 10:45 - 2013-06-01 10:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2014-02-11 10:45 - 2013-06-01 10:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-02-11 10:45 - 2013-06-01 10:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2014-02-11 10:45 - 2013-06-01 10:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2014-02-11 10:45 - 2013-06-01 10:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-02-11 10:45 - 2013-06-01 10:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2014-02-11 10:45 - 2013-06-01 10:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-02-11 10:45 - 2013-06-01 10:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2014-02-11 10:45 - 2013-06-01 10:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2014-02-11 10:45 - 2013-06-01 10:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-02-11 10:45 - 2013-06-01 10:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2014-02-11 10:45 - 2013-06-01 10:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-02-11 10:45 - 2013-06-01 10:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-02-11 10:45 - 2013-06-01 10:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2014-02-11 10:45 - 2013-06-01 10:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2014-02-11 10:45 - 2013-06-01 10:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-02-11 10:45 - 2013-06-01 10:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2014-02-11 10:45 - 2013-06-01 04:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2014-02-11 10:45 - 2013-05-24 23:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-02-11 10:45 - 2013-05-24 23:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-02-11 10:45 - 2013-05-24 23:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-02-11 10:45 - 2013-05-24 23:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-02-11 10:41 - 2013-06-22 06:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-02-11 10:41 - 2013-06-22 06:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-02-11 10:40 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-11 10:40 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-02-11 10:40 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-02-11 10:40 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2014-02-11 10:40 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-02-11 10:40 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-11 10:40 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-02-11 10:40 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-02-11 10:40 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-02-11 10:40 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-11 10:40 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2014-02-11 10:40 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2014-02-11 10:40 - 2013-07-06 01:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-02-11 10:40 - 2013-07-05 23:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-02-11 10:40 - 2013-07-05 23:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-02-11 10:40 - 2013-07-04 03:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-02-11 10:40 - 2013-07-02 01:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-02-11 10:40 - 2013-07-01 23:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2014-02-11 10:40 - 2013-07-01 23:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-02-11 10:40 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-02-11 10:40 - 2013-06-29 04:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-02-11 10:40 - 2013-05-24 00:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-02-11 10:40 - 2013-05-23 23:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-02-11 10:40 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-02-11 10:40 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-02-11 10:39 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-02-11 10:39 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-02-11 10:39 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2014-02-11 10:39 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-02-11 10:39 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2014-02-11 10:39 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-02-11 10:39 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-02-11 10:39 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-02-11 10:39 - 2013-08-16 06:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2014-02-11 10:39 - 2013-08-16 06:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2014-02-11 10:39 - 2013-08-16 06:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-02-11 10:39 - 2013-08-16 06:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-02-11 10:39 - 2013-08-16 06:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2014-02-11 10:39 - 2013-08-16 06:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2014-02-11 10:39 - 2013-08-16 06:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-02-11 10:39 - 2013-08-16 06:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2014-02-11 10:39 - 2013-08-16 06:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2014-02-11 10:39 - 2013-08-16 06:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2014-02-11 10:39 - 2013-08-16 06:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-02-11 10:39 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-02-11 10:39 - 2013-08-16 06:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-02-11 10:39 - 2013-08-15 23:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-02-11 10:39 - 2013-08-15 23:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2014-02-11 10:39 - 2013-08-15 23:43 - 00083968 _____ () C:\Windows\SysWOW64\OEMLicense.dll
2014-02-11 10:39 - 2013-08-15 23:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-02-11 10:39 - 2013-08-15 23:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2014-02-11 10:39 - 2013-08-15 23:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2014-02-11 10:39 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2014-02-11 10:39 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-02-11 10:39 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-02-11 10:39 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-02-11 10:39 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-02-11 10:39 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-02-11 10:39 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-02-11 10:39 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-02-11 10:39 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2014-02-11 10:39 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-02-11 10:39 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-02-11 10:39 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-02-11 10:39 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-02-11 10:38 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-02-11 10:38 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-02-11 10:38 - 2013-07-09 09:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-02-11 10:38 - 2013-07-09 07:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-02-11 10:38 - 2013-07-09 05:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-02-11 10:38 - 2013-07-09 04:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2014-02-11 10:38 - 2013-07-08 23:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2014-02-11 10:38 - 2013-07-08 23:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-02-11 10:38 - 2013-07-08 23:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2014-02-11 10:38 - 2013-07-08 23:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2014-02-11 10:38 - 2013-07-06 01:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-02-11 10:38 - 2013-07-03 01:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-02-11 10:38 - 2013-07-03 01:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-02-11 10:38 - 2013-07-03 01:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-02-11 10:38 - 2013-07-03 01:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2014-02-11 10:38 - 2013-06-30 23:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2014-02-11 10:38 - 2013-06-30 23:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2014-02-11 10:38 - 2013-06-29 07:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-02-11 10:38 - 2013-06-29 07:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-02-11 10:38 - 2013-06-29 06:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-02-11 10:38 - 2013-06-26 04:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2014-02-11 10:38 - 2013-06-26 03:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2014-02-11 10:38 - 2013-06-24 23:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-02-11 10:38 - 2013-06-24 23:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-02-11 10:38 - 2013-06-24 23:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-02-11 10:38 - 2013-06-19 06:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2014-02-11 10:38 - 2013-06-19 06:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-02-11 10:38 - 2013-06-18 23:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2014-02-11 10:38 - 2013-06-18 23:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-02-11 10:38 - 2013-06-12 00:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2014-02-11 10:38 - 2013-06-12 00:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2014-02-11 10:38 - 2013-06-10 20:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-02-11 10:38 - 2013-06-10 20:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-02-11 10:38 - 2013-06-10 20:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-02-11 10:38 - 2013-06-10 20:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-02-11 10:38 - 2013-06-06 09:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-02-11 10:37 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-11 10:37 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-02-11 10:37 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-02-11 10:37 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-02-11 10:37 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-02-11 10:37 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-02-11 10:37 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-02-11 10:37 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-02-11 10:37 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-02-11 10:37 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-02-11 10:37 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-02-11 10:37 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-02-11 10:37 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-02-11 10:37 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-02-11 10:37 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-02-11 10:37 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-02-11 10:37 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-02-11 10:37 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-02-11 10:37 - 2013-10-03 23:09 - 00385528 _____ () C:\Windows\system32\ApnDatabase.xml
2014-02-11 10:37 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-02-11 10:37 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-02-11 10:37 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-02-11 10:37 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-02-11 10:37 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-02-11 10:37 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-02-11 10:37 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-11 10:37 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-02-11 10:37 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-02-11 10:37 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-02-11 10:37 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-02-11 10:37 - 2013-08-07 06:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-02-11 10:37 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-11 10:37 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-02-11 10:37 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-02-11 10:37 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2014-02-11 10:37 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-11 10:37 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-11 10:37 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-11 10:37 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-11 10:37 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-11 10:37 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-11 10:37 - 2013-05-04 07:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-02-11 10:37 - 2013-05-04 05:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-02-11 10:37 - 2013-04-11 23:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-02-11 10:37 - 2013-04-11 23:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-02-11 10:36 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-02-11 10:36 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-11 10:36 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-02-11 10:36 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-11 10:36 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-02-11 10:36 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-02-11 10:36 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-11 10:36 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-02-11 10:36 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-02-11 10:36 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-02-11 10:36 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-02-11 10:36 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-02-11 10:36 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-02-11 10:36 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-02-11 10:36 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-02-11 10:36 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-02-11 10:36 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2014-02-11 10:36 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-02-11 10:36 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-11 10:36 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-11 10:36 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2014-02-11 10:36 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-11 10:36 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-02-11 10:36 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-02-11 10:36 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-11 10:36 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-02-11 10:36 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-02-11 10:36 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-02-11 10:36 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-02-11 10:36 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-02-11 10:36 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-02-11 10:36 - 2013-08-16 06:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-02-11 10:36 - 2013-08-15 23:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-02-11 10:36 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-02-11 10:36 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-02-11 10:36 - 2013-07-13 07:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-02-11 10:36 - 2013-07-13 07:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-02-11 10:36 - 2013-07-13 07:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2014-02-11 10:36 - 2013-07-13 07:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2014-02-11 10:36 - 2013-07-13 05:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-02-11 10:36 - 2013-07-13 05:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2014-02-11 10:36 - 2013-07-13 05:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2014-02-11 10:36 - 2013-06-01 10:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-02-11 10:36 - 2013-06-01 10:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-02-11 10:36 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-02-11 10:36 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-02-11 10:36 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-02-11 10:36 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-02-05 23:56 - 2014-02-05 23:56 - 00001214 _____ () C:\Users\Joschi\Desktop\Invisible Man.lnk
2014-02-05 23:56 - 2014-02-05 23:56 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\DE_TheInvisibleMan_v_1_0_0
2014-02-01 20:23 - 2014-02-01 20:23 - 00001286 _____ () C:\Users\Public\Desktop\Dark Mysteries - Der Seelensammler.lnk
2014-02-01 20:23 - 2014-02-01 20:23 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\cerasus.media
2014-02-01 20:21 - 2014-02-01 20:23 - 00000000 ____D () C:\Program Files (x86)\Dark Mysteries - Der Seelensammler
2014-02-01 20:15 - 2014-02-01 20:15 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\ShamanGS
2014-02-01 20:14 - 2014-02-01 20:14 - 00001343 _____ () C:\Users\Joschi\Desktop\Dreamscapes - The Sandman.lnk
2014-02-01 20:11 - 2014-02-14 22:57 - 00000000 ____D () C:\Program Files (x86)\play+smile
2014-02-01 20:10 - 2014-02-14 22:56 - 00000032 _____ () C:\Windows\Setup.INI

==================== One Month Modified Files and Folders =======

2014-02-18 00:59 - 2014-02-17 22:02 - 00012870 _____ () C:\Users\Joschi\Downloads\FRST.txt
2014-02-18 00:59 - 2014-02-17 22:02 - 00000000 ____D () C:\FRST
2014-02-18 00:59 - 2013-02-18 10:08 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3714319823-260000009-872883684-1001
2014-02-18 00:58 - 2014-02-18 00:58 - 02152448 _____ (Farbar) C:\Users\Joschi\Downloads\FRST64(2).exe
2014-02-18 00:57 - 2014-02-18 00:57 - 00001458 _____ () C:\Users\Joschi\Desktop\JRT.txt
2014-02-18 00:53 - 2014-02-18 00:53 - 01037530 _____ (Thisisu) C:\Users\Joschi\Downloads\JRT(1).exe
2014-02-18 00:50 - 2014-02-18 00:50 - 01037530 _____ (Thisisu) C:\Users\Joschi\Downloads\JRT.exe
2014-02-18 00:50 - 2014-02-18 00:50 - 00000000 ____D () C:\Windows\ERUNT
2014-02-18 00:49 - 2013-02-19 09:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-18 00:47 - 2013-02-18 10:03 - 00000401 _____ () C:\Users\Joschi\AppData\Roaming\sp_data.sys
2014-02-18 00:46 - 2014-02-17 10:55 - 00000282 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-02-18 00:46 - 2014-02-17 10:54 - 00001506 _____ () C:\Windows\Tasks\Feven Pro-updater.job
2014-02-18 00:46 - 2014-02-17 10:54 - 00001462 _____ () C:\Windows\Tasks\Feven Pro-codedownloader.job
2014-02-18 00:46 - 2014-02-17 10:54 - 00001360 _____ () C:\Windows\Tasks\Feven Pro-enabler.job
2014-02-18 00:46 - 2014-02-17 10:53 - 00003094 _____ () C:\Windows\Tasks\Feven Pro-chromeinstaller.job
2014-02-18 00:46 - 2014-02-17 10:53 - 00002262 _____ () C:\Windows\Tasks\Feven Pro-firefoxinstaller.job
2014-02-18 00:46 - 2014-02-17 10:53 - 00000380 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-02-18 00:46 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-18 00:44 - 2014-02-18 00:43 - 00000000 ____D () C:\AdwCleaner
2014-02-18 00:44 - 2013-02-19 09:39 - 00001051 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-18 00:44 - 2013-02-18 10:02 - 00000999 _____ () C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-18 00:44 - 2013-02-18 10:02 - 00000000 ___RD () C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-18 00:43 - 2014-02-18 00:42 - 01241834 _____ () C:\Users\Joschi\Downloads\adwcleaner.exe
2014-02-18 00:31 - 2014-02-17 23:00 - 00000000 ____D () C:\Users\Joschi\Desktop\mbar
2014-02-18 00:11 - 2014-02-18 00:11 - 00001054 _____ () C:\Users\Joschi\Desktop\Continue VuuPC Installation.lnk
2014-02-18 00:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-17 23:51 - 2014-02-17 23:01 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-17 23:51 - 2014-02-17 23:00 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-17 23:40 - 2012-08-02 14:24 - 00034060 _____ () C:\Windows\PFRO.log
2014-02-17 23:39 - 2012-10-23 23:28 - 01166897 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 23:01 - 2014-02-17 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 23:00 - 2014-02-17 23:00 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Joschi\Downloads\mbar-1.07.0.1009.exe
2014-02-17 22:13 - 2014-02-17 22:03 - 00026993 _____ () C:\Users\Joschi\Downloads\Addition.txt
2014-02-17 22:01 - 2014-02-17 22:01 - 02152448 _____ (Farbar) C:\Users\Joschi\Downloads\FRST64(1).exe
2014-02-17 21:59 - 2014-02-17 21:59 - 01141248 _____ (Farbar) C:\Users\Joschi\Downloads\FRST.exe
2014-02-17 12:13 - 2014-02-17 12:13 - 02152448 _____ (Farbar) C:\Users\Joschi\Downloads\FRST64.exe
2014-02-17 11:14 - 2014-02-17 11:14 - 00825216 _____ (AnyProtect.com) C:\Users\Joschi\AppData\Local\nseD7D0.tmp
2014-02-17 10:55 - 2014-02-17 10:55 - 00002486 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2014-02-17 10:54 - 2014-02-17 10:54 - 00004510 _____ () C:\Windows\System32\Tasks\Feven Pro-updater
2014-02-17 10:54 - 2014-02-17 10:54 - 00004466 _____ () C:\Windows\System32\Tasks\Feven Pro-codedownloader
2014-02-17 10:54 - 2014-02-17 10:54 - 00004364 _____ () C:\Windows\System32\Tasks\Feven Pro-enabler
2014-02-17 10:53 - 2014-02-17 10:53 - 00002962 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-02-17 10:53 - 2014-02-17 10:53 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\VOPackage
2014-02-17 10:53 - 2014-02-17 10:53 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\awesomehp
2014-02-17 10:52 - 2014-02-17 10:52 - 00330240 _____ () C:\Users\Joschi\Downloads\Java.exe
2014-02-16 21:51 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-02-16 01:09 - 2014-02-16 01:09 - 00002109 _____ () C:\Users\Public\Desktop\Fallen Shadows – Schatten der Kindheit.lnk
2014-02-16 01:07 - 2014-02-16 01:07 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Happy Muffin Top
2014-02-15 23:53 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-02-15 23:53 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-02-15 23:53 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 23:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-02-15 23:39 - 2013-02-19 09:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 11:05 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-02-15 00:49 - 2014-02-14 22:59 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\GhostPainting
2014-02-14 23:47 - 2014-02-14 23:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 22:58 - 2014-02-14 22:58 - 00001401 _____ () C:\Users\Joschi\Desktop\Walsingham‘s Manor - Verlies der Seelen.lnk
2014-02-14 22:57 - 2014-02-01 20:11 - 00000000 ____D () C:\Program Files (x86)\play+smile
2014-02-14 22:56 - 2014-02-01 20:10 - 00000032 _____ () C:\Windows\Setup.INI
2014-02-14 00:54 - 2014-02-14 00:54 - 00000000 ____D () C:\Users\Joschi\Documents\PassionFruit Games
2014-02-14 00:52 - 2014-02-11 21:19 - 00000000 ____D () C:\Program Files (x86)\Purplehills
2014-02-14 00:48 - 2014-02-14 00:48 - 00001519 _____ () C:\Users\Joschi\Desktop\Mysteriez - Versteckte Zahlen - Verknüpfung.lnk
2014-02-14 00:48 - 2014-02-14 00:48 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\Absolutist
2014-02-14 00:45 - 2014-02-14 00:45 - 00002004 _____ () C:\Users\Joschi\Desktop\Vampirsaga 3 - Der Ausbruch - Verknüpfung.lnk
2014-02-13 21:48 - 2014-02-13 21:48 - 00001573 _____ () C:\Users\Joschi\Desktop\Vampire Saga - Welcome to Hell Lock - Verknüpfung.lnk
2014-02-13 21:48 - 2014-02-13 21:48 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\VampireSagaHL
2014-02-13 09:13 - 2013-02-18 10:02 - 00000000 ___RD () C:\Users\Joschi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-13 09:11 - 2014-02-13 09:11 - 00301200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-13 09:10 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-02-13 09:09 - 2012-07-26 06:37 - 00000000 ____D () C:\Windows\servicing
2014-02-13 09:04 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-02-13 09:04 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-02-13 09:03 - 2012-07-26 10:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-13 09:03 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-02-13 09:03 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-13 09:03 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-13 09:03 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-02-13 09:02 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-02-13 09:02 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-02-11 21:24 - 2014-02-11 21:24 - 00001197 _____ () C:\Users\Joschi\Desktop\VampireSaga - Verknüpfung.lnk
2014-02-11 21:24 - 2014-02-11 21:24 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\VampireSaga
2014-02-10 21:43 - 2013-02-25 10:34 - 00000000 ____D () C:\Users\Joschi\AppData\Local\Adobe
2014-02-10 21:43 - 2013-02-19 09:43 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 23:56 - 2014-02-05 23:56 - 00001214 _____ () C:\Users\Joschi\Desktop\Invisible Man.lnk
2014-02-05 23:56 - 2014-02-05 23:56 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\DE_TheInvisibleMan_v_1_0_0
2014-02-01 20:23 - 2014-02-01 20:23 - 00001286 _____ () C:\Users\Public\Desktop\Dark Mysteries - Der Seelensammler.lnk
2014-02-01 20:23 - 2014-02-01 20:23 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\cerasus.media
2014-02-01 20:23 - 2014-02-01 20:21 - 00000000 ____D () C:\Program Files (x86)\Dark Mysteries - Der Seelensammler
2014-02-01 20:15 - 2014-02-01 20:15 - 00000000 ____D () C:\Users\Joschi\AppData\Roaming\ShamanGS
2014-02-01 20:15 - 2013-02-18 09:58 - 00000000 ____D () C:\Users\Joschi\AppData\Local\VirtualStore
2014-02-01 20:14 - 2014-02-01 20:14 - 00001343 _____ () C:\Users\Joschi\Desktop\Dreamscapes - The Sandman.lnk
2014-01-30 22:10 - 2014-02-13 09:09 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2014-02-13 09:09 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Joschi\AppData\Local\Temp\AskSLib.dll
C:\Users\Joschi\AppData\Local\Temp\avgnt.exe
C:\Users\Joschi\AppData\Local\Temp\BackupSetup.exe
C:\Users\Joschi\AppData\Local\Temp\install_flashplayer11x32_ltr5x64d_awc_aih.exe
C:\Users\Joschi\AppData\Local\Temp\Quarantine.exe
C:\Users\Joschi\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-16 21:20

==================== End Of Log ============================

--- --- ---

--- --- ---

17.02.2014, 12:24	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Aufforderung zum Aktualisieren für Java, jetzt ist nur noch Werbung! Hast du eigentlich irgendwas von meinem Posting gelesen? __________________ Logfiles bitte immer in CODE-Tags posten

17.02.2014, 13:57	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Aufforderung zum Aktualisieren für Java, jetzt ist nur noch Werbung! Du sollst nichts installieren sondern a) meine Frage zu bisherigen Funden beantworten und b) FRST runterladen und Logs posten Das ist nix mit Installieren. Wenn du was anderes meinst musst du schonmal etwas konkreter werden __________________ --> Aufforderung zum Aktualisieren für Java, jetzt ist nur noch Werbung!

17.02.2014, 14:43	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Aufforderung zum Aktualisieren für Java, jetzt ist nur noch Werbung! Lad FRST von hier => Farbar Recovery Scan Tool Download __________________ Logfiles bitte immer in CODE-Tags posten

17.02.2014, 23:48	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Aufforderung zum Aktualisieren für Java, jetzt ist nur noch Werbung! Neuen Lauf mit MBAR machen __________________ Logfiles bitte immer in CODE-Tags posten

Aufforderung zum Aktualisieren für Java, jetzt ist nur noch Werbung!

Plagegeister aller Art und deren Bekämpfung: Aufforderung zum Aktualisieren für Java, jetzt ist nur noch Werbung!