Popup "Kostenloses Online Backup verfügbar"

Joh_M · 20.02.2014, 20:44

Hallo,
Ich kämpfe mit dem zickigen Laptop meines Sohnes
seit einiger Zeit erscheint in der unteren rechten Ecke des Bildschirm die o. g. Meldung.
Startseite Firefox ist auch geändert.
Skype startet auch ungewollt...

Nach der Anleitung haben wir die drei geforderten Tools (Hoffentlich korrekt) ausgeführt

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:15 on 20/02/2014 (Johannes)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Johannes (administrator) on LAPTOP-JOHANNES on 20-02-2014 20:24:45
Running from C:\Users\Johannes\Downloads\FRST-OlderVersion
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
() C:\Program Files (x86)\Paragon Software\PONS\PONS-CD.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() C:\WINDOWS\SysWOW64\ResStub.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2014-01-11] (APN)
HKLM-x32\...\Run: [PONS-CD 7] - C:\Program Files (x86)\Paragon Software\PONS\PONS-CD.exe [5878272 2012-02-02] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3229196944-2696586579-1064093783-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20918432 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3229196944-2696586579-1064093783-1002\...\MountPoints2: {a4877876-4a0e-11e2-be8c-806e6f6e6963} - "E:\cdstart.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://i.search.metacrawler.com/?f=1&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByBzy0F0AtCtAtDtD0FtAtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=2057179492&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://i.search.metacrawler.com/?f=1&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByBzy0F0AtCtAtDtD0FtAtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=2057179492&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByBzy0F0AtCtAtDtD0FtAtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=2057179492&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByBzy0F0AtCtAtDtD0FtAtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=2057179492&ir=
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByBzy0F0AtCtAtDtD0FtAtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=2057179492&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByBzy0F0AtCtAtDtD0FtAtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=2057179492&ir=
SearchScopes: HKCU - AA257E48375D4ACF8CFB8E01BF4A7D43 URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtByBzy0F0AtCtAtDtD0FtAtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=2057179492&ir=
SearchScopes: HKCU - {A621E73E-EA2F-4BD0-9153-D2D8237E37F0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {C4F2BD38-97F8-4AA2-B132-21416B065330} URL = hxxp://www.search.ask.com/web?p2=%5EADN%5EOSJ000%5EYY%5EDE&gct=&itbv=12.6.0.11&o=APN10616&tpid=ORJ-V7&apn_uid=B71D854B-1516-4666-A5F9-731F690DE286&apn_ptnrs=ADN&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ie_11.0.9600.16384&doi=2013-11-06&trgb=IE&q={searchTerms}&psv=
BHO: Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll (APN LLC.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: metacrawler  Helper Object - {D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B} - C:\Program Files (x86)\metaCrawler\1.8.19.0\bh\metacrawler.dll (Info Space)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - metacrawler  Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll (Info Space)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\yrr9wc2e.default
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP|www.google.de
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\yrr9wc2e.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\yrr9wc2e.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-28]
FF Extension: Adblock Plus - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\yrr9wc2e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-25]
FF Extension: BonanzaDeals - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\yrr9wc2e.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2013-12-18]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]

Chrome: 
=======
CHR HomePage: hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (BonanzaDeals) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2014-01-05]
CHR Extension: (Google Wallet) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Google Mail) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]

==================== Services (Whitelisted) =================

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-11] (APN LLC.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
U3 kfayakob; \??\C:\Users\Johannes\AppData\Local\Temp\kfayakob.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-20 20:23 - 2014-02-20 20:23 - 00000703 _____ () C:\Users\Johannes\Downloads\gmer.log
2014-02-20 20:15 - 2014-02-20 20:15 - 00380416 _____ () C:\Users\Johannes\Downloads\qyrzqhm0.exe
2014-02-20 20:13 - 2014-02-20 20:24 - 00000000 ____D () C:\Users\Johannes\Downloads\FRST-OlderVersion
2014-02-20 20:12 - 2014-02-20 20:15 - 00000478 _____ () C:\Users\Johannes\Downloads\defogger_disable.log
2014-02-20 20:12 - 2014-02-20 20:12 - 00000000 _____ () C:\Users\Johannes\defogger_reenable
2014-02-20 20:11 - 2014-02-20 20:11 - 00050477 _____ () C:\Users\Johannes\Downloads\Defogger.exe
2014-02-20 19:19 - 2014-02-20 19:20 - 00033702 _____ () C:\Users\Johannes\Downloads\Addition.txt
2014-02-20 19:18 - 2014-02-20 20:14 - 00054815 _____ () C:\Users\Johannes\Downloads\FRST.txt
2014-02-20 19:18 - 2014-02-20 20:14 - 00000000 ____D () C:\FRST
2014-02-20 19:17 - 2014-02-20 20:13 - 02153984 _____ (Farbar) C:\Users\Johannes\Downloads\FRST64.exe
2014-02-19 21:00 - 2014-02-19 21:00 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Skype
2014-02-19 20:59 - 2014-02-20 18:47 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Skype
2014-02-19 20:59 - 2014-02-19 20:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-19 20:59 - 2014-02-19 20:59 - 00000000 ____D () C:\ProgramData\Skype
2014-02-18 17:42 - 2014-02-18 17:42 - 00001193 _____ () C:\Users\Public\Desktop\Wörterbuch.lnk
2014-02-18 17:41 - 2014-02-18 17:41 - 00000000 ____D () C:\Program Files (x86)\Paragon Software
2014-02-18 17:41 - 2014-02-18 17:41 - 00000000 _____ () C:\WINDOWS\SysWOW64\temp.log
2014-02-16 09:24 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-16 09:24 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-16 09:24 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-16 09:24 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-16 09:24 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-16 09:24 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-16 09:24 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-16 09:24 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-16 09:24 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-16 09:24 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-16 09:24 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-16 09:24 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-16 09:24 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-16 09:24 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-16 09:24 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-16 09:24 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-16 09:24 - 2013-11-27 05:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-16 09:24 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-02-16 09:24 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-02-16 09:24 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-16 09:24 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-16 09:24 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-02-16 09:24 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-02-16 09:24 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-16 09:24 - 2013-11-26 11:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-02-16 09:24 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-16 09:24 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-16 09:24 - 2013-11-25 02:45 - 00142680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-16 09:24 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-16 09:24 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-16 09:24 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-16 09:24 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-16 09:24 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-16 09:24 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-16 09:24 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-16 09:24 - 2013-11-23 08:13 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-16 09:24 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-16 09:24 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-16 09:24 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-16 09:24 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-16 09:24 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-16 09:24 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-16 09:24 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-16 09:24 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-16 09:24 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-16 09:24 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-16 09:24 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-02-16 09:24 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-02-16 09:24 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-16 09:24 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-16 09:24 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-16 09:24 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-16 09:24 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-16 09:24 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-16 09:24 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-14 20:58 - 2014-02-14 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 13:50 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 13:50 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 13:50 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-12 13:50 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 13:50 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 13:50 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-12 13:50 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 13:50 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-12 13:49 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 13:49 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 13:49 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-12 13:49 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 13:49 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 13:49 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-12 13:49 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 13:49 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 13:49 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-12 13:49 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-12 13:49 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-12 13:49 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 13:49 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 13:49 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 13:49 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 13:49 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 13:49 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 13:49 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-12 13:49 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 13:49 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 13:49 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 13:49 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 13:49 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-12 13:49 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-12 13:49 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-12 13:49 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 13:49 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 13:49 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 13:49 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 13:49 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 13:49 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-12 13:49 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 13:49 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 13:49 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 13:49 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-12 13:49 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 13:49 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-12 13:48 - 2014-01-09 09:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-02-12 13:48 - 2014-01-09 08:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-02-12 13:48 - 2014-01-09 08:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-02-12 13:48 - 2014-01-09 08:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-12 13:48 - 2014-01-09 08:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-02-12 13:48 - 2014-01-09 08:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-02-12 13:48 - 2014-01-09 08:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-02-12 13:48 - 2014-01-09 08:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-02-12 13:48 - 2014-01-09 08:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-12 13:48 - 2014-01-09 08:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-02-12 13:48 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-12 13:48 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-12 13:48 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-12 13:48 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-12 13:48 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-12 13:48 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-12 13:48 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-12 13:48 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-12 13:48 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-12 13:48 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-12 13:48 - 2013-12-21 03:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-12 13:48 - 2013-12-21 03:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-12 13:48 - 2013-12-20 11:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-12 13:48 - 2013-12-20 07:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-12 13:48 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 13:48 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-04 21:02 - 2014-02-04 21:22 - 425189255 _____ () C:\Users\Johannes\Downloads\openarena-0.8.8(1).zip
2014-02-02 21:40 - 2014-02-02 21:40 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\OpenArena
2014-02-01 15:01 - 2014-02-01 15:01 - 00005327 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-01 15:01 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-02-01 15:01 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-02-01 15:01 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-02-01 15:01 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-02-01 13:05 - 2014-02-01 13:09 - 67441073 _____ () C:\Users\Johannes\Downloads\GIANTSContest2013_Belgique_Profonde_2_LuxFarm_Ls (6).zip
2014-02-01 13:04 - 2014-02-01 13:09 - 148946596 _____ () C:\Users\Johannes\Downloads\Agrarland_Brandenburg_By_T_Fight (2).zip
2014-02-01 13:03 - 2014-02-01 13:08 - 136835664 _____ () C:\Users\Johannes\Downloads\OveriesselV1 (1).zip
2014-02-01 13:03 - 2014-02-01 13:04 - 20931134 _____ () C:\Users\Johannes\Downloads\NewHolland_T7_210 (7).zip
2014-02-01 13:03 - 2014-02-01 13:04 - 12379704 _____ () C:\Users\Johannes\Downloads\M_RolninTA170_M.zip
2014-02-01 13:02 - 2014-02-01 13:08 - 184153897 _____ () C:\Users\Johannes\Downloads\Drensteinfurt (9).zip
2014-01-27 20:57 - 2014-01-28 14:38 - 00011981 _____ () C:\Users\Johannes\Downloads\Unbenannt 1.odt
2014-01-23 16:47 - 2014-01-23 16:47 - 00115968 _____ () C:\Users\Johannes\Downloads\phase-6-backpack-all-2014-01-23.p6a
2014-01-22 14:41 - 2014-01-28 21:55 - 02402889 _____ () C:\Users\Johannes\Downloads\TechnicLauncher(3).exe
2014-01-21 19:14 - 2014-01-28 21:53 - 02402889 _____ () C:\Users\Johannes\Downloads\TechnicLauncher(2).exe
2014-01-21 15:03 - 2014-01-21 15:03 - 02314844 _____ () C:\Users\Johannes\Downloads\TechnicLauncher(1).exe

==================== One Month Modified Files and Folders =======

2014-02-20 20:24 - 2014-02-20 20:13 - 00000000 ____D () C:\Users\Johannes\Downloads\FRST-OlderVersion
2014-02-20 20:24 - 2014-02-20 19:18 - 00000000 ____D () C:\FRST
2014-02-20 20:23 - 2014-02-20 20:23 - 00000703 _____ () C:\Users\Johannes\Downloads\gmer.log
2014-02-20 20:15 - 2014-02-20 20:15 - 00380416 _____ () C:\Users\Johannes\Downloads\qyrzqhm0.exe
2014-02-20 20:15 - 2014-02-20 20:12 - 00000478 _____ () C:\Users\Johannes\Downloads\defogger_disable.log
2014-02-20 20:15 - 2013-05-12 19:33 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-20 20:14 - 2014-02-20 19:18 - 00054815 _____ () C:\Users\Johannes\Downloads\FRST.txt
2014-02-20 20:13 - 2014-02-20 19:17 - 02153984 _____ (Farbar) C:\Users\Johannes\Downloads\FRST64.exe
2014-02-20 20:12 - 2014-02-20 20:12 - 00000000 _____ () C:\Users\Johannes\defogger_reenable
2014-02-20 20:12 - 2013-10-26 22:35 - 00000000 ____D () C:\Users\Johannes
2014-02-20 20:11 - 2014-02-20 20:11 - 00050477 _____ () C:\Users\Johannes\Downloads\Defogger.exe
2014-02-20 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-20 19:58 - 2013-10-26 22:28 - 01115665 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-20 19:45 - 2013-11-09 16:45 - 00000336 _____ () C:\WINDOWS\Tasks\MetaCrawler.job
2014-02-20 19:45 - 2013-11-09 16:45 - 00000336 _____ () C:\WINDOWS\Tasks\DigitalSite.job
2014-02-20 19:41 - 2013-03-01 20:14 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-20 19:20 - 2014-02-20 19:19 - 00033702 _____ () C:\Users\Johannes\Downloads\Addition.txt
2014-02-20 18:59 - 2013-02-28 20:20 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3229196944-2696586579-1064093783-1002
2014-02-20 18:49 - 2013-10-27 18:17 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{61B39000-831A-4799-875A-3AB180EE0999}
2014-02-20 18:49 - 2013-09-30 05:14 - 00920526 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-20 18:49 - 2013-09-30 04:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-20 18:49 - 2013-09-30 04:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-20 18:47 - 2014-02-19 20:59 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Skype
2014-02-20 18:47 - 2013-05-12 19:33 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-20 18:47 - 2013-05-12 19:33 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-20 18:47 - 2013-02-28 20:11 - 00000000 ____D () C:\Users\Johannes\Documents\Youcam
2014-02-19 21:00 - 2014-02-19 21:00 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Skype
2014-02-19 20:59 - 2014-02-19 20:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-19 20:59 - 2014-02-19 20:59 - 00000000 ____D () C:\ProgramData\Skype
2014-02-19 20:59 - 2012-11-08 21:39 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-19 20:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-19 20:11 - 2013-05-11 13:47 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Windows Live
2014-02-19 20:10 - 2013-05-11 14:02 - 00000000 ____D () C:\Users\Johannes\Tracing
2014-02-19 20:10 - 2013-03-01 19:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-19 20:09 - 2013-02-28 20:08 - 00000000 ___RD () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-19 20:09 - 2013-02-28 20:08 - 00000000 ___RD () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-19 20:07 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-19 20:07 - 2013-08-22 15:44 - 00363584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-19 20:06 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-19 20:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-19 20:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-19 20:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-19 20:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-19 20:05 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-19 20:05 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-19 17:45 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-18 17:42 - 2014-02-18 17:42 - 00001193 _____ () C:\Users\Public\Desktop\Wörterbuch.lnk
2014-02-18 17:41 - 2014-02-18 17:41 - 00000000 ____D () C:\Program Files (x86)\Paragon Software
2014-02-18 17:41 - 2014-02-18 17:41 - 00000000 _____ () C:\WINDOWS\SysWOW64\temp.log
2014-02-17 16:03 - 2013-03-01 16:40 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\.minecraft
2014-02-16 10:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-16 10:20 - 2013-07-28 12:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-16 10:17 - 2012-11-08 20:48 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-14 20:58 - 2014-02-14 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 00:45 - 2013-11-09 17:45 - 00000212 _____ () C:\Users\Johannes\AppData\Roaming\WB.CFG
2014-02-11 01:10 - 2013-05-12 19:33 - 00004118 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 01:10 - 2013-05-12 19:33 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 00:45 - 2013-11-09 16:45 - 00002674 _____ () C:\WINDOWS\System32\Tasks\MetaCrawler
2014-02-06 13:16 - 2014-02-12 13:49 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 13:49 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 13:49 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 13:49 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 13:49 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 13:49 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 13:49 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 13:49 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-06 11:49 - 2014-02-12 13:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 13:49 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 13:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 13:49 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 13:49 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 13:49 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 13:49 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 13:49 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 13:49 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 13:49 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 13:49 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 13:49 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 13:49 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 13:49 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 13:49 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 10:47 - 2014-02-12 13:49 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 13:49 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 13:49 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 13:49 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 13:49 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 13:49 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 13:49 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 13:49 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 13:49 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 13:49 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 13:49 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 13:49 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 13:49 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 13:49 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-04 21:41 - 2013-03-01 20:14 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-04 21:22 - 2014-02-04 21:02 - 425189255 _____ () C:\Users\Johannes\Downloads\openarena-0.8.8(1).zip
2014-02-02 21:40 - 2014-02-02 21:40 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\OpenArena
2014-02-01 15:01 - 2014-02-01 15:01 - 00005327 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-01 15:01 - 2013-11-06 20:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-01 15:01 - 2013-07-03 22:17 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-01 13:09 - 2014-02-01 13:05 - 67441073 _____ () C:\Users\Johannes\Downloads\GIANTSContest2013_Belgique_Profonde_2_LuxFarm_Ls (6).zip
2014-02-01 13:09 - 2014-02-01 13:04 - 148946596 _____ () C:\Users\Johannes\Downloads\Agrarland_Brandenburg_By_T_Fight (2).zip
2014-02-01 13:08 - 2014-02-01 13:03 - 136835664 _____ () C:\Users\Johannes\Downloads\OveriesselV1 (1).zip
2014-02-01 13:08 - 2014-02-01 13:02 - 184153897 _____ () C:\Users\Johannes\Downloads\Drensteinfurt (9).zip
2014-02-01 13:04 - 2014-02-01 13:03 - 20931134 _____ () C:\Users\Johannes\Downloads\NewHolland_T7_210 (7).zip
2014-02-01 13:04 - 2014-02-01 13:03 - 12379704 _____ () C:\Users\Johannes\Downloads\M_RolninTA170_M.zip
2014-01-31 17:23 - 2013-08-22 15:46 - 00336783 _____ () C:\WINDOWS\setupact.log
2014-01-30 21:47 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 21:47 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 21:55 - 2014-01-22 14:41 - 02402889 _____ () C:\Users\Johannes\Downloads\TechnicLauncher(3).exe
2014-01-28 21:55 - 2014-01-09 13:13 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\.technic
2014-01-28 21:53 - 2014-01-21 19:14 - 02402889 _____ () C:\Users\Johannes\Downloads\TechnicLauncher(2).exe
2014-01-28 14:38 - 2014-01-27 20:57 - 00011981 _____ () C:\Users\Johannes\Downloads\Unbenannt 1.odt
2014-01-23 16:47 - 2014-01-23 16:47 - 00115968 _____ () C:\Users\Johannes\Downloads\phase-6-backpack-all-2014-01-23.p6a
2014-01-22 15:32 - 2013-09-12 17:59 - 00001137 _____ () C:\Users\Public\Desktop\phase-6 desktop.lnk
2014-01-21 19:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-21 15:03 - 2014-01-21 15:03 - 02314844 _____ () C:\Users\Johannes\Downloads\TechnicLauncher(1).exe

Some content of TEMP:
====================
C:\Users\Johannes\AppData\Local\Temp\APNSetup.exe
C:\Users\Johannes\AppData\Local\Temp\AppLauncher.exe
C:\Users\Johannes\AppData\Local\Temp\BackupSetup.exe
C:\Users\Johannes\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Johannes\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-20 18:59

==================== End Of Log ============================

GMER startete erst nach dem dritten Versuch, und bei jedem Start poppte ein Fenster auf

"C:\Windows\System32\config\system

Der Prozess kann nicht auf die Datei zugreifen weil sie von einem anderen Prozess verwendet wird"

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-20 20:23:33
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000032 ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB
Running: qyrzqhm0.exe; Driver: C:\Users\Johannes\AppData\Local\Temp\kfayakob.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\WINDOWS\System32\win32k.sys!W32pServiceTable       fffff96000213500 15 bytes [00, F1, 0F, 02, C0, 1E, 70, ...]
.text  C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16  fffff96000213510 11 bytes [00, 4D, FC, FF, 80, 7C, DF, ...]

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                                 unknown MBR code

---- EOF - GMER 2.1 ----

Wir hoffen, daß es nichts schlimmes ist, und würden uns sehr über Beistand freuen!

Popup "Kostenloses Online Backup verfügbar"

Log-Analyse und Auswertung: Popup "Kostenloses Online Backup verfügbar"

Popup "Kostenloses Online Backup verfügbar"

Ähnliche Themen: Popup "Kostenloses Online Backup verfügbar"