| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: websearches.com ändert Startseite bei FirefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.04.2014, 23:26
| #1 |
| |  websearches.com ändert Startseite bei Firefox Moin, tja, gerade gelesen, dass ich nicht der einzige mit diesem Trojaner bin und dass es wohl nicht so einfach wird, den loszuwerden. Gescannt habe ich. Die zwei Textdateien kann ich hier anhängen. FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by The White Wolf (administrator) on THEWHITEWOLF-PC on 10-04-2014 00:13:59
Running from G:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Freemake) d:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2006-11-29] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [facemoods] - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe [362200 2011-09-05] (facemoods.com)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKU\S-1-5-21-2948976879-2897103453-1539357336-1000\...\Run: [Facebook Update] - C:\Users\The White Wolf\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-02] (Facebook Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x26AFEE9E53B4CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454&q={searchTerms}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7A32001F1FE341A1&affID=121564&tsp=4958
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454&q={searchTerms}
BHO: HQVid8.1v2 - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQVid8.1v2\HQVid8.1v2-bho64.dll (High-QualityV9)
BHO: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HQVid8.1v2 - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQVid8.1v2\HQVid8.1v2-bho.dll (High-QualityV9)
BHO-x32: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll (Freeven)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: CescrtHlpr Object - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default
FF user.js: detected! => C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default\user.js
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://www.kannkarate.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\The White Wolf\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\The White Wolf\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\The White Wolf\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default\Extensions\abs@avira.com [2014-04-04]
FF Extension: HQVid8.1v2 - C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-04-09]
FF Extension: Facemoods - C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default\Extensions\ffxtlbr@Facemoods.com [2011-12-16]
FF Extension: Quick Start - C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default\Extensions\quick_start@gmail.com [2014-04-09]
FF Extension: No Name - C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default\Extensions\staged [2014-04-10]
FF Extension: Firebug - C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default\Extensions\firebug@software.joehewitt.com.xpi [2011-07-13]
FF Extension: FireFile - C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default\Extensions\firefile@strebitzer.at.xpi [2011-07-13]
FF Extension: Flagfox - C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: Adblock Plus - C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-10-28]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-01]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\The White Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\jk3sbm80.default\extensions\quick_start@gmail.com [2014-04-09]
FF HKCU\...\Firefox\Extensions: [{8c46fde2-8f22-4b77-9d6b-47daa604b639}] - C:\Program Files (x86)\Re-markit Corp\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit Corp\158.xpi [2014-04-09]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454
Chrome:
=======
CHR HomePage: hxxp://istart.webssearches.com/?type=hp&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1397079244&from=tugs&uid=WDCXWD15EARS-00MVWB0_WD-WCAZA097445474454&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\The White Wolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-30]
CHR Extension: (Google Search) - C:\Users\The White Wolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-30]
CHR Extension: (Re-markit) - C:\Users\The White Wolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel [2014-04-09]
CHR Extension: (HQVid8.1v2) - C:\Users\The White Wolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-04-09]
CHR Extension: (Facemoods) - C:\Users\The White Wolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif [2011-12-30]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\The White Wolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-10-24]
CHR Extension: (Skype Click to Call) - C:\Users\The White Wolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-10-24]
CHR Extension: (MediaPlayerplus) - C:\Users\The White Wolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-04-09]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\The White Wolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-10-24]
CHR Extension: (Gmail) - C:\Users\The White Wolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-30]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\The White Wolf\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-22]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-12-16]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2012-12-16]
CHR HKLM-x32\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx [2011-09-05]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\The White Wolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-09]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 FreemakeVideoCapture; d:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2012-09-07] (Freemake)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [688240 2014-03-31] (Cherished Technololgy LIMITED)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-15] (Nero AG)
R2 Re-markit; C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe [142336 2014-04-09] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2009-02-20] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-02-09] (TuneUp Software)
S1 cargtjzu; \??\C:\Windows\system32\drivers\cargtjzu.sys [X]
S1 eanoxexf; \??\C:\Windows\system32\drivers\eanoxexf.sys [X]
S1 gmquiyio; \??\C:\Windows\system32\drivers\gmquiyio.sys [X]
S1 huvhqlrt; \??\C:\Windows\system32\drivers\huvhqlrt.sys [X]
S1 qsllmufj; \??\C:\Windows\system32\drivers\qsllmufj.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-10 00:13 - 2014-04-10 00:13 - 00000000 ____D () C:\FRST
2014-04-09 23:38 - 2014-04-09 23:38 - 00000000 ____D () C:\Users\The White Wolf\AppData\Local\com
2014-04-09 23:37 - 2014-04-09 23:37 - 00000000 ____D () C:\Users\The White Wolf\AppData\Roaming\SupTab
2014-04-09 23:36 - 2014-04-10 00:04 - 00001536 _____ () C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-5.job
2014-04-09 23:36 - 2014-04-10 00:04 - 00001448 _____ () C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-2.job
2014-04-09 23:36 - 2014-04-10 00:04 - 00001432 _____ () C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-5.job
2014-04-09 23:36 - 2014-04-10 00:03 - 00001464 _____ () C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-1.job
2014-04-09 23:36 - 2014-04-09 23:44 - 00000000 ____D () C:\ProgramData\WPM
2014-04-09 23:36 - 2014-04-09 23:37 - 00004566 _____ () C:\Windows\System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-5
2014-04-09 23:36 - 2014-04-09 23:37 - 00004478 _____ () C:\Windows\System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-2
2014-04-09 23:36 - 2014-04-09 23:37 - 00004462 _____ () C:\Windows\System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-5
2014-04-09 23:36 - 2014-04-09 23:37 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-09 23:36 - 2014-04-09 23:37 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-09 23:36 - 2014-04-09 23:36 - 00005232 _____ () C:\Windows\System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4
2014-04-09 23:36 - 2014-04-09 23:36 - 00004494 _____ () C:\Windows\System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-1
2014-04-09 23:35 - 2014-04-10 00:04 - 00002202 _____ () C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.job
2014-04-09 23:35 - 2014-04-10 00:04 - 00001332 _____ () C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-2.job
2014-04-09 23:35 - 2014-04-09 23:36 - 00004368 _____ () C:\Windows\System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-1
2014-04-09 23:35 - 2014-04-09 23:36 - 00004362 _____ () C:\Windows\System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-2
2014-04-09 23:35 - 2014-04-09 23:36 - 00000322 _____ () C:\Users\The White Wolf\AppData\Roaming\aps.uninstall.scan.results
2014-04-09 23:34 - 2014-04-10 00:04 - 00003138 _____ () C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-3.job
2014-04-09 23:34 - 2014-04-10 00:04 - 00002340 _____ () C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-4.job
2014-04-09 23:34 - 2014-04-10 00:03 - 00001338 _____ () C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-1.job
2014-04-09 23:34 - 2014-04-09 23:36 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-09 23:34 - 2014-04-09 23:35 - 00006168 _____ () C:\Windows\System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-3
2014-04-09 23:34 - 2014-04-09 23:34 - 01100952 _____ (AnyProtect.com) C:\Users\The White Wolf\AppData\Local\nslE87E.tmp
2014-04-09 23:34 - 2014-04-09 23:34 - 00005370 _____ () C:\Windows\System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-4
2014-04-09 23:33 - 2014-04-10 00:07 - 00000410 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-04-09 23:33 - 2014-04-10 00:04 - 00002788 _____ () C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-3.job
2014-04-09 23:33 - 2014-04-10 00:03 - 00000408 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-09 23:33 - 2014-04-09 23:36 - 00000000 ____D () C:\Program Files (x86)\HQVid8.1v2
2014-04-09 23:33 - 2014-04-09 23:33 - 00005818 _____ () C:\Windows\System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-3
2014-04-09 23:33 - 2014-04-09 23:33 - 00003076 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-04-09 23:33 - 2014-04-09 23:33 - 00003014 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-04-09 23:33 - 2014-04-09 23:33 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-09 23:33 - 2014-04-09 23:33 - 00000000 ____D () C:\Program Files (x86)\Re-markit Corp
2014-04-09 23:32 - 2014-04-09 23:32 - 00000000 ____D () C:\Users\The White Wolf\AppData\Local\SearchProtect
2014-04-09 10:17 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 10:17 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 10:17 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 10:17 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 10:16 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 10:16 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 10:16 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 10:16 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 10:16 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 10:16 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 10:16 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 10:16 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 10:16 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 10:16 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 10:16 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 10:16 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 10:16 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 10:16 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 10:16 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 10:16 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 10:16 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-01 23:42 - 2014-04-06 22:40 - 00000000 ____D () C:\Users\The White Wolf\Desktop\ÜBERARBEITUNGSVERSIONEN
2014-03-29 23:11 - 2014-03-29 23:11 - 00000000 ____D () C:\Windows\de
2014-03-29 23:10 - 2014-01-10 13:56 - 00058048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-03-29 23:09 - 2014-03-29 23:10 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-29 23:08 - 2010-06-02 05:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-03-29 23:08 - 2010-06-02 05:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-03-29 23:08 - 2010-06-02 05:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-03-29 23:08 - 2010-06-02 05:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-03-29 23:08 - 2010-05-26 12:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-03-29 23:08 - 2010-05-26 12:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-03-29 23:08 - 2010-05-26 12:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-03-29 23:08 - 2010-05-26 12:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-03-29 23:08 - 2009-09-04 18:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-03-29 23:08 - 2009-09-04 18:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-03-29 23:07 - 2014-03-29 23:08 - 00000349 _____ () C:\Windows\DirectX.log
2014-03-29 23:07 - 2014-03-29 23:07 - 00002128 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-29 23:07 - 2014-03-29 23:07 - 00002128 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-29 23:07 - 2014-03-29 23:07 - 00000000 ___RD () C:\Users\The White Wolf\OneDrive
2014-03-29 23:07 - 2014-03-29 23:07 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-03-29 23:07 - 2014-03-29 23:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-03-29 23:07 - 2006-11-29 14:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-03-29 23:07 - 2006-11-29 14:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-03-29 15:00 - 2014-03-29 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-14 00:38 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 00:38 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 00:38 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 00:38 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 00:38 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 00:38 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 00:38 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 00:38 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 00:38 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 00:38 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 00:38 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 00:38 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 00:38 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 00:38 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 00:38 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 00:38 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 00:38 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 00:38 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 00:38 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 00:38 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 00:38 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 00:38 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 00:38 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 00:38 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 00:38 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 00:38 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 00:38 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 00:38 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 00:38 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 00:38 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 00:38 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 00:38 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 00:38 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 00:38 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 00:38 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 00:38 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 00:38 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 00:38 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 00:38 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 00:38 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 00:34 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 00:34 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 00:34 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 00:34 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 20:21 - 2014-03-12 20:21 - 00000000 ____D () C:\Users\The White Wolf\AppData\Local\{D662F4E9-9659-495B-9AD2-6EC248760FAD}
==================== One Month Modified Files and Folders =======
2014-04-10 00:13 - 2014-04-10 00:13 - 00000000 ____D () C:\FRST
2014-04-10 00:11 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 00:11 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 00:08 - 2011-06-19 23:52 - 01685452 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 00:07 - 2014-04-09 23:33 - 00000410 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-04-10 00:04 - 2014-04-09 23:36 - 00001536 _____ () C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-5.job
2014-04-10 00:04 - 2014-04-09 23:36 - 00001448 _____ () C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-2.job
2014-04-10 00:04 - 2014-04-09 23:36 - 00001432 _____ () C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-5.job
2014-04-10 00:04 - 2014-04-09 23:35 - 00002202 _____ () C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.job
2014-04-10 00:04 - 2014-04-09 23:35 - 00001332 _____ () C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-2.job
2014-04-10 00:04 - 2014-04-09 23:34 - 00003138 _____ () C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-3.job
2014-04-10 00:04 - 2014-04-09 23:34 - 00002340 _____ () C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-4.job
2014-04-10 00:04 - 2014-04-09 23:33 - 00002788 _____ () C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-3.job
2014-04-10 00:03 - 2014-04-09 23:36 - 00001464 _____ () C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-1.job
2014-04-10 00:03 - 2014-04-09 23:34 - 00001338 _____ () C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-1.job
2014-04-10 00:03 - 2014-04-09 23:33 - 00000408 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-10 00:03 - 2013-10-27 16:01 - 00025687 _____ () C:\Windows\setupact.log
2014-04-10 00:03 - 2011-12-04 18:18 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-10 00:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-09 23:45 - 2011-09-24 13:27 - 00000000 ____D () C:\Users\The White Wolf\AppData\Local\Desk-Timer
2014-04-09 23:44 - 2014-04-09 23:36 - 00000000 ____D () C:\ProgramData\WPM
2014-04-09 23:41 - 2011-12-04 18:18 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-09 23:41 - 2011-10-24 19:50 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2948976879-2897103453-1539357336-1000UA.job
2014-04-09 23:39 - 2013-12-23 13:08 - 00134178 _____ () C:\Windows\PFRO.log
2014-04-09 23:38 - 2014-04-09 23:38 - 00000000 ____D () C:\Users\The White Wolf\AppData\Local\com
2014-04-09 23:37 - 2014-04-09 23:37 - 00000000 ____D () C:\Users\The White Wolf\AppData\Roaming\SupTab
2014-04-09 23:37 - 2014-04-09 23:36 - 00004566 _____ () C:\Windows\System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-5
2014-04-09 23:37 - 2014-04-09 23:36 - 00004478 _____ () C:\Windows\System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-2
2014-04-09 23:37 - 2014-04-09 23:36 - 00004462 _____ () C:\Windows\System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-5
2014-04-09 23:37 - 2014-04-09 23:36 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-09 23:37 - 2014-04-09 23:36 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-09 23:36 - 2014-04-09 23:36 - 00005232 _____ () C:\Windows\System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4
2014-04-09 23:36 - 2014-04-09 23:36 - 00004494 _____ () C:\Windows\System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-1
2014-04-09 23:36 - 2014-04-09 23:35 - 00004368 _____ () C:\Windows\System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-1
2014-04-09 23:36 - 2014-04-09 23:35 - 00004362 _____ () C:\Windows\System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-2
2014-04-09 23:36 - 2014-04-09 23:35 - 00000322 _____ () C:\Users\The White Wolf\AppData\Roaming\aps.uninstall.scan.results
2014-04-09 23:36 - 2014-04-09 23:34 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-09 23:36 - 2014-04-09 23:33 - 00000000 ____D () C:\Program Files (x86)\HQVid8.1v2
2014-04-09 23:35 - 2014-04-09 23:34 - 00006168 _____ () C:\Windows\System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-3
2014-04-09 23:35 - 2012-04-05 12:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-09 23:34 - 2014-04-09 23:34 - 01100952 _____ (AnyProtect.com) C:\Users\The White Wolf\AppData\Local\nslE87E.tmp
2014-04-09 23:34 - 2014-04-09 23:34 - 00005370 _____ () C:\Windows\System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-4
2014-04-09 23:33 - 2014-04-09 23:33 - 00005818 _____ () C:\Windows\System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-3
2014-04-09 23:33 - 2014-04-09 23:33 - 00003076 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-04-09 23:33 - 2014-04-09 23:33 - 00003014 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-04-09 23:33 - 2014-04-09 23:33 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-09 23:33 - 2014-04-09 23:33 - 00000000 ____D () C:\Program Files (x86)\Re-markit Corp
2014-04-09 23:33 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-09 23:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-09 23:32 - 2014-04-09 23:32 - 00000000 ____D () C:\Users\The White Wolf\AppData\Local\SearchProtect
2014-04-09 23:32 - 2013-07-01 22:59 - 00000000 _____ () C:\END
2014-04-09 23:24 - 2013-03-02 15:19 - 00000964 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2948976879-2897103453-1539357336-1000UA.job
2014-04-09 19:26 - 2011-06-22 20:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 19:25 - 2013-08-15 07:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 19:24 - 2011-06-20 16:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 14:24 - 2013-03-02 15:19 - 00000942 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2948976879-2897103453-1539357336-1000Core.job
2014-04-08 19:41 - 2011-10-24 19:50 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2948976879-2897103453-1539357336-1000Core.job
2014-04-08 17:21 - 2011-06-20 23:23 - 00000000 ____D () C:\Users\The White Wolf\PCAdress
2014-04-06 22:40 - 2014-04-01 23:42 - 00000000 ____D () C:\Users\The White Wolf\Desktop\ÜBERARBEITUNGSVERSIONEN
2014-04-05 15:11 - 2011-07-13 13:11 - 00000000 ____D () C:\Users\The White Wolf\AppData\Roaming\FileZilla
2014-04-03 10:10 - 2010-05-12 10:18 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-04-03 10:10 - 2010-05-12 10:18 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-04-03 10:10 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 03:16 - 2014-04-09 10:17 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 10:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 10:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 10:17 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 20:36 - 2011-12-04 18:18 - 00004122 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 20:36 - 2011-12-04 18:18 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-30 09:54 - 2012-04-24 23:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 23:11 - 2014-03-29 23:11 - 00000000 ____D () C:\Windows\de
2014-03-29 23:10 - 2014-03-29 23:09 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-29 23:10 - 2012-04-19 23:58 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-29 23:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-29 23:08 - 2014-03-29 23:07 - 00000349 _____ () C:\Windows\DirectX.log
2014-03-29 23:07 - 2014-03-29 23:07 - 00002128 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-29 23:07 - 2014-03-29 23:07 - 00002128 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-29 23:07 - 2014-03-29 23:07 - 00000000 ___RD () C:\Users\The White Wolf\OneDrive
2014-03-29 23:07 - 2014-03-29 23:07 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-03-29 23:07 - 2014-03-29 23:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-03-29 23:07 - 2011-06-20 00:14 - 00000000 ____D () C:\Users\The White Wolf
2014-03-29 15:00 - 2014-03-29 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-27 20:36 - 2011-10-24 19:50 - 00004144 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2948976879-2897103453-1539357336-1000UA
2014-03-27 20:36 - 2011-10-24 19:50 - 00003748 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2948976879-2897103453-1539357336-1000Core
2014-03-26 14:20 - 2011-08-22 16:38 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-26 14:19 - 2011-08-22 16:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-26 14:19 - 2011-08-22 16:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-17 00:52 - 2011-07-13 13:05 - 00012288 ____H () C:\Users\The White Wolf\Desktop\photothumb.db
2014-03-14 07:45 - 2009-07-14 06:45 - 05011024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 07:43 - 2013-07-31 02:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 07:43 - 2013-07-31 02:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 13:46 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-13 00:35 - 2012-04-05 12:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 00:35 - 2012-04-05 12:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-13 00:35 - 2011-06-20 07:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 20:21 - 2014-03-12 20:21 - 00000000 ____D () C:\Users\The White Wolf\AppData\Local\{D662F4E9-9659-495B-9AD2-6EC248760FAD}
2014-03-11 10:52 - 2011-04-27 15:25 - 00133928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
Some content of TEMP:
====================
C:\Users\The White Wolf\AppData\Local\Temp\avgnt.exe
C:\Users\The White Wolf\AppData\Local\Temp\BackupSetup.exe
C:\Users\The White Wolf\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-09 13:11
==================== End Of Log ============================
Additional Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by The White Wolf at 2014-04-10 00:15:01
Running from G:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
ATI Catalyst Install Manager (HKLM\...\{D587747C-370E-E29D-250C-079703113FF0}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
ccc-utility64 (Version: 2011.0126.1749.31909 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CPUID CPU-Z 1.58 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Intel(R) Network Connections 16.3.48.0 (HKLM\...\PROSetDX) (Version: 16.3.48.0 - Intel)
Intel(R) Network Connections 16.3.48.0 (Version: 16.3.48.0 - Intel) Hidden
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Family Safety (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-09-26 17:50 - 00002177 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 hxxp://www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 activate.adobe.com:443
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
There are 7 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {0A5EB985-12D8-45EF-B6A2-C9D2B899F65F} - System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-4 => C:\Program Files (x86)\HQVid8.1v2\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-4.exe [2014-04-09] (High-QualityV9)
Task: {0DBDCBA4-570C-414B-B00F-4E64B585AAF1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2948976879-2897103453-1539357336-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {175C5846-8869-4F37-9BF2-954906A0CAB1} - System32\Tasks\{3F4C8A05-8A58-4CE2-B22A-D97FBC030F4D} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsProgressBar
Task: {1A227D7C-B7DA-4B46-BBFC-CE4D67C621DA} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {1DD32F84-39A4-4796-A93B-3963F405E239} - System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-2 => C:\Program Files (x86)\MediaPlayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-2.exe [2014-04-09] (Freeven)
Task: {3213899D-EEC9-4E12-8E30-4AEB2ABB3FCF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {37A7348B-5636-4BBA-A580-8C0C6BDA4F4C} - System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-1 => C:\Program Files (x86)\HQVid8.1v2\HQVid8.1v2-codedownloader.exe [2014-04-09] (High-QualityV9)
Task: {3C53A239-42FA-4963-A770-6AE824070254} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit Corp\ReMar.exe [2014-04-09] () <==== ATTENTION
Task: {46E927EB-CF24-4E02-94A0-46C7945AEC69} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2948976879-2897103453-1539357336-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5E7E33FA-D101-4B82-8077-06FA842650A3} - System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-3 => C:\Program Files (x86)\MediaPlayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-3.exe [2014-04-09] (Freeven)
Task: {64499463-88B7-45CC-A42C-089D25D59942} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] ()
Task: {66EEE3C4-55FD-4D9E-BDC1-0F6F770254C1} - System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-3 => C:\Program Files (x86)\HQVid8.1v2\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-3.exe [2014-04-09] (High-QualityV9)
Task: {69BA365B-0C9B-4B8D-AD72-CBBF76B9A098} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04] (Google Inc.)
Task: {69E0ED78-C469-4271-8CC5-3A90836457DE} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe [2014-04-09] () <==== ATTENTION
Task: {6E677144-B930-45AF-902C-B1E1D30AEC93} - System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-5 => C:\Program Files (x86)\MediaPlayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-5.exe [2014-04-09] (Freeven)
Task: {6FEF0632-93BE-4BA0-B1F9-BB4708352306} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04] (Google Inc.)
Task: {75F68639-2C23-4C95-820D-870A39113860} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2948976879-2897103453-1539357336-1000UA => C:\Users\The White Wolf\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24] (Google Inc.)
Task: {7A260662-CEB8-49D5-9E80-C3B34B42BBED} - System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-2 => C:\Program Files (x86)\HQVid8.1v2\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-2.exe [2014-04-09] (High-QualityV9)
Task: {7B2132B9-4089-415E-A54F-607697D5C4F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {9D461FC4-CCAF-4314-9A95-4C6E506294EF} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)
Task: {A4260FEF-C1BA-4E8E-9011-A760FC114B76} - System32\Tasks\Google Updater and Installer => C:\Users\The White Wolf\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24] (Google Inc.)
Task: {B8318187-69D9-4B70-B7B9-391F4060D8AC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2948976879-2897103453-1539357336-1000UA => C:\Users\The White Wolf\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-02] (Facebook Inc.)
Task: {CA962E6A-0C31-469D-A2C3-510439F3E6BD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2948976879-2897103453-1539357336-1000Core => C:\Users\The White Wolf\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-02] (Facebook Inc.)
Task: {D46280E2-9018-40C0-8EC5-89281115EEFE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {D9369C10-C2BD-4467-B175-E5EAD73CCD5D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DA337C19-F612-4A8E-87EC-1A5F4B2A1570} - System32\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-5 => C:\Program Files (x86)\HQVid8.1v2\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-5.exe [2014-04-09] (High-QualityV9)
Task: {E16EE029-72D5-421C-A133-709308DA134B} - System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4 => C:\Program Files (x86)\MediaPlayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.exe [2014-04-09] (Freeven)
Task: {E26A6247-D2E9-4EAF-AB3C-DB4BB0170CE2} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {F3F7ED45-7D85-45AA-A154-60594E292C76} - System32\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe [2014-04-09] (Freeven)
Task: {F438D307-C0B5-481A-8041-9BF3F95A24C0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2948976879-2897103453-1539357336-1000
Task: {FC8A5AFA-D0B2-4D0D-A42F-F8BFA7892735} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2948976879-2897103453-1539357336-1000Core => C:\Users\The White Wolf\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24] (Google Inc.)
Task: C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe
Task: C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-2.job => C:\Program Files (x86)\MediaPlayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-2.exe
Task: C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-3.job => C:\Program Files (x86)\MediaPlayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-3.exe
Task: C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.job => C:\Program Files (x86)\MediaPlayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-4.exe
Task: C:\Windows\Tasks\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-5.job => C:\Program Files (x86)\MediaPlayerplus\84fec6d9-2ff8-4df1-af03-941a44d5d8f4-5.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-1.job => C:\Program Files (x86)\HQVid8.1v2\HQVid8.1v2-codedownloader.exe
Task: C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-2.job => C:\Program Files (x86)\HQVid8.1v2\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-2.exe
Task: C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-3.job => C:\Program Files (x86)\HQVid8.1v2\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-3.exe
Task: C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-4.job => C:\Program Files (x86)\HQVid8.1v2\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-4.exe
Task: C:\Windows\Tasks\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-5.job => C:\Program Files (x86)\HQVid8.1v2\d8196673-3ed8-4a48-a051-70eb7ce8fdf0-5.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2948976879-2897103453-1539357336-1000Core.job => C:\Users\The White Wolf\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2948976879-2897103453-1539357336-1000UA.job => C:\Users\The White Wolf\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2948976879-2897103453-1539357336-1000Core.job => C:\Users\The White Wolf\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2948976879-2897103453-1539357336-1000UA.job => C:\Users\The White Wolf\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit Corp\ReMar.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-04-09 23:33 - 2014-04-09 23:33 - 00077312 _____ () C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
2012-09-13 01:38 - 2012-09-13 01:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-04-09 23:33 - 2014-04-09 23:33 - 00142336 _____ () C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe
2011-01-26 18:48 - 2011-01-26 18:48 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-11-04 11:43 - 2012-09-19 20:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-06-20 19:20 - 2004-07-26 17:11 - 00028672 ____N () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2012-01-06 00:14 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 01:39 - 2012-09-13 01:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-04-09 23:33 - 2014-04-09 23:33 - 00133120 _____ () C:\Program Files (x86)\Re-markit Corp\Re-markit158.dll
2014-03-29 15:00 - 2014-03-29 15:00 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-13 00:35 - 2014-03-13 00:35 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\The White Wolf\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/09/2014 01:11:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/09/2014 01:11:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error: (04/08/2014 06:45:40 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/08/2014 06:45:38 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error: (04/07/2014 00:16:34 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/07/2014 00:16:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error: (04/06/2014 10:34:41 PM) (Source: RasClient) (User: )
Description: CoID={C0A4612B-D3CF-436D-AE1D-2ED038990317}: Der Benutzer "TheWhiteWolf-PC\The White Wolf" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.
Error: (04/06/2014 01:08:22 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/06/2014 01:08:21 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error: (04/06/2014 11:10:18 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (04/09/2014 11:48:08 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/09/2014 11:39:13 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (04/09/2014 11:35:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/09/2014 11:35:51 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Installer erreicht.
Error: (04/09/2014 11:35:51 PM) (Source: DCOM) (User: )
Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046}
Error: (04/09/2014 10:11:36 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (04/09/2014 10:08:34 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
Error: (04/09/2014 05:26:15 PM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{B1751A0F-A384-4229-85E3-388AE4DD7851} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (04/09/2014 03:36:33 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/09/2014 00:07:16 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Microsoft Office Sessions:
=========================
Error: (02/10/2013 11:39:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22760 seconds with 3360 seconds of active time. This session ended with a crash.
Error: (02/08/2013 00:23:04 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13768 seconds with 4140 seconds of active time. This session ended with a crash.
Error: (01/09/2013 00:44:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 313 seconds with 300 seconds of active time. This session ended with a crash.
Error: (01/07/2013 07:16:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 632 seconds with 600 seconds of active time. This session ended with a crash.
Error: (01/02/2013 09:31:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11990 seconds with 3540 seconds of active time. This session ended with a crash.
Error: (01/02/2013 00:40:36 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11006 seconds with 8820 seconds of active time. This session ended with a crash.
Error: (12/28/2012 00:20:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6934 seconds with 1680 seconds of active time. This session ended with a crash.
Error: (12/27/2012 10:24:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2652 seconds with 1140 seconds of active time. This session ended with a crash.
Error: (12/27/2012 09:39:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5702 seconds with 1500 seconds of active time. This session ended with a crash.
Error: (12/27/2012 08:04:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1590 seconds with 1020 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 27%
Total physical RAM: 8173.64 MB
Available physical RAM: 5963.46 MB
Total Pagefile: 16345.47 MB
Available Pagefile: 13934.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:92.27 GB) (Free:5.32 GB) NTFS
Drive d: (Videos) (Fixed) (Total:1000 GB) (Free:250.08 GB) NTFS
Drive e: (Bilder) (Fixed) (Total:100 GB) (Free:57.02 GB) NTFS
Drive f: (Musik) (Fixed) (Total:100 GB) (Free:82.22 GB) NTFS
Drive g: (Programme und Downloads) (Fixed) (Total:51.61 GB) (Free:20.75 GB) NTFS
Drive h: (Schriftverkehr) (Fixed) (Total:52.28 GB) (Free:19.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=92 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-798972968960) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
10.04.2014, 06:07
| #2 |
| /// the machine /// TB-Ausbilder    | websearches.com ändert Startseite bei Firefox Hi,
__________________bevor es hier support gibt wird erstmal alles gecrackte von Adobe entfernt.
__________________ |
|
10.04.2014, 09:50
| #3 |
| | websearches.com ändert Startseite bei Firefox Moin - ich kann derzeit nicht viel deinstallieren. Siehe Bild.
__________________Ich hatte den anderen Kram, der sich mitinstalliert hatte, deinstalliert. Seitdem habe ich angeblich nur noch 14 Programme zum Deinstallieren. Geändert von TWW (10.04.2014 um 09:56 Uhr) |
|
11.04.2014, 06:33
| #4 | |
| /// the machine /// TB-Ausbilder | websearches.com ändert Startseite bei Firefox Ich sehe kein Bild. Zitat:
Installiere Ccleaner, zeigt der alle Programme an? Wenn ja dann auch über CCleaner Adobe löschen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.04.2014, 10:18
| #5 |
| | websearches.com ändert Startseite bei Firefox Moin, Mit CCleaner werden auch die anderen Programme wieder aufgelistet. Habe es mal durchlaufen lassen. Probleme scheinen gelöst. Ich muss mir den Trojaner bei der Installation eines Players (der mir unbedingt empfohlen wurde) eingehandelt haben. Zusammen mit noch fünf Programmen. Danke soweit für die Unterstützung. |
|
13.04.2014, 13:57
| #6 |
| /// the machine /// TB-Ausbilder | websearches.com ändert Startseite bei Firefox Ja, aber ich muss wissen welche 5, was DU deinstalliert hast und wann genau dann das Problem mit der Uninstall liste kam.
__________________ --> websearches.com ändert Startseite bei Firefox |
|
13.04.2014, 16:15
| #7 |
| | websearches.com ändert Startseite bei Firefox Die Programme hatte ich vorher schon deinstalliert. |
|
14.04.2014, 14:48
| #8 | |
| /// the machine /// TB-Ausbilder | websearches.com ändert Startseite bei Firefox Ich glaube ich drücke mich undeutlich aus. Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.04.2014, 14:58
| #9 |
| | websearches.com ändert Startseite bei Firefox Den einzigen den ich mir merken konnte, weil er hartnäckig war, ist Re-Markit. Ich habe mir igendeinen Player, der angeblich dringend für das Abspielen meine Videodateien benötigt wurde, herunter geladen. Leider habe ich mir den Namen des Players nicht gemerkt. Als ich den dann deinstallierte, fiel mir auf, dass dort noch mehr mit installiert wurde. |
|
15.04.2014, 11:00
| #10 |
| /// the machine /// TB-Ausbilder | websearches.com ändert Startseite bei Firefox Ok. Adobe entfernt? WIr müssen die Kiste ja noch bereinigen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.04.2014, 19:08
| #12 |
| /// the machine /// TB-Ausbilder | websearches.com ändert Startseite bei Firefox ok.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.04.2014, 21:30
| #13 |
| | websearches.com ändert Startseite bei Firefox Danke für die Unterstützung! |
|
17.04.2014, 13:55
| #14 |
| /// the machine /// TB-Ausbilder | websearches.com ändert Startseite bei Firefox Gern Geschehen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu websearches.com ändert Startseite bei Firefox |
| .dll, administrator, adobe, antivir, avira, chromium, cpu-z, desktop, explorer, firefox, flash player, home, homepage, iexplore.exe, mozilla, newtab, object, opera, registry, security, services.exe, software, svchost.exe, system, temp, trojaner, usb, vcredist, websearches.com, white, winlogon.exe |
Linear-Darstellung
