Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Browser ist gesperrt durch Virus oder Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.03.2014, 10:57   #1
ShuyaX
 
Browser ist gesperrt durch Virus oder Trojaner - Standard

Browser ist gesperrt durch Virus oder Trojaner



Bei mir hat sich heute eine Internetseite geöffnet, die behauptet ich hätte gegen Urheberrecht verstoßen oder Kinderpornographie konsumiert. Nun soll ich 100 Euro zahlen um das zu beheben. Ich bekomme folgende Nachrichten:
Zugang von Ihrem Browser wurde gesperrt.
Die ganze Information auf Ihrem PC ist verhaftet.
Alle Ihre Dateien sind verschlüsselt.

Ich kann nun meinen Browser nicht mehr benutzen.
Der Rest meines Rechners funktioniert normal. Ich komm an alle meine Dateien ran. Allerdings schaltet sich der geöffnete Browser mit der Seite immer in den Vordergrund.

Spybot und avira erkennen das nicht als Problem.

Was soll ich jetzt tun.

Schon im Voraus vielen Dank.

Alt 17.03.2014, 11:00   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Browser ist gesperrt durch Virus oder Trojaner - Standard

Browser ist gesperrt durch Virus oder Trojaner



Hi,

Browser über den Taskmanager abschiessen.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 17.03.2014, 11:15   #3
ShuyaX
 
Browser ist gesperrt durch Virus oder Trojaner - Standard

Browser ist gesperrt durch Virus oder Trojaner



Hab den Browser jetzt mit task manager geschlossen und seitdem macht er keine Probleme mehr. Also alles OK. THX für alles. Sollte ich noch Probleme haben melde ich mich nochmal.
Vielen Dank.
__________________

Alt 18.03.2014, 10:31   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Browser ist gesperrt durch Virus oder Trojaner - Standard

Browser ist gesperrt durch Virus oder Trojaner



Wir sollten auf jeden Fall genauer schauen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.03.2014, 10:50   #5
ShuyaX
 
Browser ist gesperrt durch Virus oder Trojaner - Standard

Browser ist gesperrt durch Virus oder Trojaner



so hier die dateien.
vielleicht hilft dir das weiter.

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Shuya_000 (administrator) on COMMANDCENTRAL on 18-03-2014 10:42:56
Running from C:\Users\Shuya_000\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Akamai Technologies, Inc.) C:\Users\Shuya_000\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Shuya_000\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Shuya_000\AppData\Roaming\Spotify\spotify.exe
(Dropbox, Inc.) C:\Users\Shuya_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\ProgramData\dlprotect.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6839952 2012-08-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-07-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-02-05] ()
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3229117270-2468592357-216523851-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Shuya_000\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3229117270-2468592357-216523851-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3229117270-2468592357-216523851-1001\...\Run: [Spotify] - C:\Users\Shuya_000\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-02-28] (Spotify Ltd)
HKU\S-1-5-21-3229117270-2468592357-216523851-1001\...\MountPoints2: {5c114686-8a75-11e2-be72-806e6f6e6963} - "E:\Starter.exe" 
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Startup: C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Shuya_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {753EB1F7-5C97-4D2F-9F12-A3D56F42F16B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX&q={searchTerms}
SearchScopes: HKLM-x32 - {753EB1F7-5C97-4D2F-9F12-A3D56F42F16B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKCU - {753EB1F7-5C97-4D2F-9F12-A3D56F42F16B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default
FF user.js: detected! => C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\user.js
FF NewTab: chrome://lightning/content/newtab.html
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Feven 1.5 - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com [2013-12-19]
FF Extension: Lightning Speed Dial - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\lightningnewtab@gmail.com [2014-02-15]
FF Extension: NetVideoHunter - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\netvideohunter@netvideohunter.com [2013-12-03]
FF Extension: BitTorrent TorqueChrome Plugin - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\TorqueChrome@bittorrenttorque.com [2013-08-19]
FF Extension: Foxtab Speed Dial - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab} [2013-11-06]
FF Extension: Extension_Protected - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-04]
FF Extension: BitTorrent Surf (Beta) - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\surf-bare@bittorrent.com.xpi [2013-08-19]
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{FB096B75-2C65-4614-8442-C5701C5B55DF} [2014-02-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\extensions\lightningnewtab@gmail.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{FB096B75-2C65-4614-8442-C5701C5B55DF}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{FB096B75-2C65-4614-8442-C5701C5B55DF}
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{FB096B75-2C65-4614-8442-C5701C5B55DF} [2014-02-09]

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3322288&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F5CBD0E-ABFA-4BC7-ABB1-054C1773F46C&SSPV=
CHR Extension: (Google Docs) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (YouTube) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (Google-Suche) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (Google Wallet) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Download Protect) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpphcdbjjifamflnbfeplcdahmfoklm [2014-02-18]
CHR Extension: (Google Mail) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe -service [X]

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [277648 2012-09-19] (Realtek Semiconductor Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-07-06] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-19] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-18 10:42 - 2014-03-18 10:43 - 00026219 _____ () C:\Users\Shuya_000\Desktop\FRST.txt
2014-03-18 10:42 - 2014-03-18 10:42 - 00000000 ____D () C:\FRST
2014-03-18 10:40 - 2014-03-18 10:40 - 02157056 _____ (Farbar) C:\Users\Shuya_000\Desktop\FRST64.exe
2014-03-17 09:31 - 2014-02-05 08:21 - 00450639 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140317-093150.backup
2014-03-14 20:09 - 2014-03-14 20:09 - 00000949 _____ () C:\Users\Shuya_000\Desktop\Bejeweled Twist(TM).lnk
2014-03-14 20:09 - 2014-03-14 20:09 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-03-13 07:48 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-13 07:48 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-13 07:48 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-13 07:48 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-13 07:48 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-13 07:48 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-13 07:48 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-13 07:48 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-13 07:48 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-13 07:48 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-13 07:48 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-13 07:48 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-13 07:48 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-13 07:48 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-13 07:48 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-13 07:48 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-13 07:48 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-13 07:48 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-13 07:48 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-13 07:48 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-13 07:48 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-13 07:48 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-13 07:48 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-13 07:48 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-13 07:48 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-13 07:48 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-13 07:48 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-13 07:48 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-13 07:48 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-13 07:48 - 2014-01-27 12:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-13 07:48 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-13 07:48 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-13 07:48 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-13 07:48 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-13 07:48 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-13 07:48 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-13 07:47 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-13 07:47 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-13 07:47 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-13 07:47 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-13 07:47 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-13 07:47 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-13 07:47 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-13 07:47 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-13 07:47 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-13 07:47 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-13 07:47 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-13 07:47 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-13 07:47 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-13 07:47 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-13 07:47 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-13 07:47 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-13 07:47 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-13 07:47 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-13 07:47 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-13 07:47 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-13 07:47 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-13 07:47 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-12 20:43 - 2014-03-12 20:43 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Gogii Games
2014-03-12 20:41 - 2014-03-12 20:41 - 00001237 _____ () C:\Users\Shuya_000\Desktop\The Mirror Mysteries - Forgotten Kingdoms Deluxe.lnk
2014-03-10 18:57 - 2014-03-10 18:57 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\YoudaGames
2014-03-09 07:05 - 2014-03-09 07:05 - 00000000 ____D () C:\ProgramData\Playrix Entertainment
2014-03-09 07:03 - 2014-03-09 07:03 - 00001011 _____ () C:\Users\Shuya_000\Desktop\Gardenscapes 2 Premium Edition.lnk
2014-03-08 21:20 - 2014-03-08 21:20 - 00000885 _____ () C:\Users\Shuya_000\Desktop\Word Slinger.lnk
2014-03-08 12:54 - 2014-03-08 12:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\AlawarEntertainment
2014-03-08 12:52 - 2014-03-08 21:12 - 00000000 ____D () C:\ProgramData\Trymedia
2014-03-08 12:52 - 2014-03-08 12:52 - 00000000 ____D () C:\Program Files (x86)\Online Games Manager
2014-03-08 12:49 - 2014-03-14 20:08 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Zylom Games
2014-03-08 12:49 - 2014-03-08 12:49 - 00000138 _____ () C:\Users\Shuya_000\Desktop\Zylom.url
2014-03-08 12:49 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Neuer Ordner
2014-03-08 12:49 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\WinRAR
2014-03-08 12:48 - 2014-03-14 20:08 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-03-05 11:55 - 2014-03-05 11:55 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\concept design
2014-03-05 11:54 - 2014-03-17 11:54 - 00000352 _____ () C:\WINDOWS\Tasks\MT66 Software Update.job
2014-03-05 11:54 - 2014-03-05 11:54 - 00002946 _____ () C:\WINDOWS\System32\Tasks\MT66 Software Update
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Users\Public\Documents\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\ProgramData\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Program Files (x86)\MedienTeam66
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Program Files (x86)\CollageIt
2014-03-05 11:52 - 2014-03-05 11:52 - 00000000 ____D () C:\Program Files\PhotoZoom Internet 5
2014-03-05 11:49 - 2007-05-25 14:57 - 00061440 _____ () C:\WINDOWS\SysWOW64\CIUtils.dll
2014-03-05 11:47 - 2014-03-05 11:55 - 00000000 ____D () C:\Program Files (x86)\Franzis
2014-03-05 11:46 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Photos
2014-03-05 11:43 - 2014-03-05 11:43 - 00000000 ____D () C:\Program Files\Franzis
2014-02-28 06:39 - 2014-03-18 09:52 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Spotify
2014-02-28 06:39 - 2014-03-18 07:07 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\Spotify
2014-02-28 06:39 - 2014-02-28 06:39 - 00127080 _____ (Spotify Ltd) C:\Users\Shuya_000\Downloads\SpotifySetup.exe
2014-02-28 06:39 - 2014-02-28 06:39 - 00001877 _____ () C:\Users\Shuya_000\Desktop\Spotify.lnk
2014-02-28 06:39 - 2014-02-28 06:39 - 00001863 _____ () C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-19 09:08 - 2014-02-19 09:43 - 1561413632 _____ () C:\Users\Shuya_000\Downloads\Blood - The Last Vampire (DVD-Rip).avi
2014-02-19 08:42 - 2014-02-19 08:58 - 733968384 _____ () C:\Users\Shuya_000\Downloads\Haywire (2012) (BDRip LineDubbed).avi
2014-02-19 08:23 - 2014-02-19 08:41 - 733024256 _____ () C:\Users\Shuya_000\Downloads\Ein Riskanter Plan (2012) (DVD-Rip LineDubbed).avi
2014-02-18 18:00 - 2014-02-18 22:42 - 4246568478 _____ () C:\Users\Shuya_000\Downloads\Die Purpurnen Fluesse 2 - Die Engel der Apokalypse (2004) (Full-HD 1080p DTS).mkv
2014-02-18 16:23 - 2014-02-18 16:40 - 732450816 _____ () C:\Users\Shuya_000\Downloads\Minis first time.avi
2014-02-18 11:28 - 2014-02-18 16:05 - 904038086 _____ () C:\Users\Shuya_000\Downloads\Die purpurnen Fluesse (2000) (Full-HD 1080p DTS).mkv
2014-02-18 07:13 - 2014-02-18 07:13 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-02-18 06:10 - 2014-02-18 08:00 - 666303764 _____ () C:\Users\Shuya_000\Downloads\Ghost Rider 2 (2012) - Spirit of Vengeance (HD 720p AC3-Dubbed) (1).mkv
2014-02-17 08:23 - 2014-02-17 08:23 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-17 08:23 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2014-02-17 08:23 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2014-02-17 08:23 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2014-02-17 08:05 - 2014-02-17 08:05 - 00000000 ____D () C:\WINDOWS\SysWOW64\SearchProtect
2014-02-17 08:02 - 2014-02-17 08:02 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\TuneUp Software
2014-02-17 08:01 - 2014-02-18 12:53 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-17 08:01 - 2014-02-17 08:01 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-17 08:00 - 2014-02-17 08:01 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Nero
2014-02-17 07:59 - 2014-02-17 07:59 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\OpenCandy
2014-02-17 07:49 - 2014-02-18 07:11 - 00000000 ____D () C:\ProgramData\Nero
2014-02-17 07:43 - 2014-02-17 07:45 - 82702176 _____ (Nero AG) C:\Users\Shuya_000\Downloads\Nero_BurningROM2014-15.0.04200_trial.exe
2014-02-17 07:09 - 2014-02-05 08:21 - 00450639 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140217-070950.backup
2014-02-17 07:09 - 2014-02-05 08:21 - 00450639 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140217-070915.backup
2014-02-16 20:44 - 2014-03-18 09:49 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-16 20:44 - 2014-03-17 20:49 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-16 20:44 - 2014-02-16 20:45 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-16 20:44 - 2014-02-16 20:44 - 00004118 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 20:44 - 2014-02-16 20:44 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-16 20:43 - 2014-02-16 20:44 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\Deployment
2014-02-16 20:43 - 2014-02-16 20:43 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\Apps\2.0
2014-02-16 07:10 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-16 07:10 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-16 07:10 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-16 07:10 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-16 07:10 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-16 07:10 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-16 07:10 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-16 07:10 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-16 07:10 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-16 07:10 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-16 07:10 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-16 07:10 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-16 07:10 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-16 07:10 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-16 07:10 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-16 07:10 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-16 07:10 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-16 07:10 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-16 07:10 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-16 07:10 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-16 07:10 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-16 07:10 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-16 07:10 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-16 07:10 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-16 07:10 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-16 07:10 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-16 07:10 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-16 07:10 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-16 07:10 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-16 07:10 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-16 07:10 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-16 07:10 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-16 07:10 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-16 07:10 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-16 07:10 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-16 07:10 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-16 07:10 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-16 07:10 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-16 07:10 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-16 07:10 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-16 07:10 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-16 07:10 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-16 07:10 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-16 07:10 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-16 07:10 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-16 07:10 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

==================== One Month Modified Files and Folders =======

2014-03-18 10:43 - 2014-03-18 10:42 - 00026219 _____ () C:\Users\Shuya_000\Desktop\FRST.txt
2014-03-18 10:42 - 2014-03-18 10:42 - 00000000 ____D () C:\FRST
2014-03-18 10:40 - 2014-03-18 10:40 - 02157056 _____ (Farbar) C:\Users\Shuya_000\Desktop\FRST64.exe
2014-03-18 10:35 - 2014-02-05 08:27 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87AE96E8-9741-4E48-8084-73A45027B149}
2014-03-18 10:12 - 2013-08-09 08:34 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-18 10:11 - 2013-11-19 14:49 - 01623524 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-18 10:08 - 2013-11-06 19:08 - 00000332 _____ () C:\WINDOWS\Tasks\FoxTab.job
2014-03-18 10:07 - 2013-11-06 19:07 - 00000336 _____ () C:\WINDOWS\Tasks\UpdaterEX.job
2014-03-18 10:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-18 09:52 - 2014-02-28 06:39 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Spotify
2014-03-18 09:49 - 2014-02-16 20:44 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 07:07 - 2014-02-28 06:39 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\Spotify
2014-03-17 20:49 - 2014-02-16 20:44 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 11:54 - 2014-03-05 11:54 - 00000352 _____ () C:\WINDOWS\Tasks\MT66 Software Update.job
2014-03-17 11:12 - 2013-08-05 18:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\vlc
2014-03-17 08:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-16 18:24 - 2013-08-17 20:49 - 00003200 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForShuya_000
2014-03-16 18:24 - 2013-08-17 20:49 - 00000378 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForShuya_000.job
2014-03-16 01:13 - 2013-07-06 21:13 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-03-16 01:13 - 2013-07-06 21:13 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-15 12:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-15 12:19 - 2013-07-04 12:49 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3229117270-2468592357-216523851-1001
2014-03-15 11:37 - 2013-11-19 14:58 - 00000000 __RDO () C:\Users\Shuya_000\SkyDrive
2014-03-15 11:36 - 2013-09-13 12:43 - 00000000 ___RD () C:\Users\Shuya_000\Dropbox
2014-03-15 11:36 - 2013-09-13 12:41 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Dropbox
2014-03-15 11:33 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-15 11:33 - 2013-08-22 15:44 - 00478872 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-15 11:32 - 2013-09-29 20:04 - 00243226 _____ () C:\WINDOWS\PFRO.log
2014-03-15 11:31 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-15 11:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 11:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 11:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 11:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-15 11:26 - 2013-11-19 14:29 - 00000000 ____D () C:\Users\Shuya_000
2014-03-14 20:09 - 2014-03-14 20:09 - 00000949 _____ () C:\Users\Shuya_000\Desktop\Bejeweled Twist(TM).lnk
2014-03-14 20:09 - 2014-03-14 20:09 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-03-14 20:08 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Zylom Games
2014-03-14 20:08 - 2014-03-08 12:48 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-03-14 13:48 - 2013-08-05 20:13 - 06104064 ___SH () C:\Users\Shuya_000\Desktop\Thumbs.db
2014-03-12 20:43 - 2014-03-12 20:43 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Gogii Games
2014-03-12 20:41 - 2014-03-12 20:41 - 00001237 _____ () C:\Users\Shuya_000\Desktop\The Mirror Mysteries - Forgotten Kingdoms Deluxe.lnk
2014-03-12 16:24 - 2013-08-19 20:02 - 00000000 ____D () C:\Users\Shuya_000\Desktop\dokumente
2014-03-12 16:24 - 2013-07-26 14:10 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-11 19:12 - 2013-08-09 08:34 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-10 18:57 - 2014-03-10 18:57 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\YoudaGames
2014-03-10 18:14 - 2013-07-05 19:22 - 00000000 ____D () C:\Users\Shuya_000\Documents\Youcam
2014-03-10 06:34 - 2013-09-30 05:14 - 01984420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-10 06:34 - 2013-09-30 04:56 - 00843606 _____ () C:\WINDOWS\system32\perfh007.dat
2014-03-10 06:34 - 2013-09-30 04:56 - 00192300 _____ () C:\WINDOWS\system32\perfc007.dat
2014-03-10 06:32 - 2013-08-22 15:46 - 00300280 _____ () C:\WINDOWS\setupact.log
2014-03-09 07:05 - 2014-03-09 07:05 - 00000000 ____D () C:\ProgramData\Playrix Entertainment
2014-03-09 07:03 - 2014-03-09 07:03 - 00001011 _____ () C:\Users\Shuya_000\Desktop\Gardenscapes 2 Premium Edition.lnk
2014-03-08 21:20 - 2014-03-08 21:20 - 00000885 _____ () C:\Users\Shuya_000\Desktop\Word Slinger.lnk
2014-03-08 21:12 - 2014-03-08 12:52 - 00000000 ____D () C:\ProgramData\Trymedia
2014-03-08 12:54 - 2014-03-08 12:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\AlawarEntertainment
2014-03-08 12:52 - 2014-03-08 12:52 - 00000000 ____D () C:\Program Files (x86)\Online Games Manager
2014-03-08 12:49 - 2014-03-08 12:49 - 00000138 _____ () C:\Users\Shuya_000\Desktop\Zylom.url
2014-03-08 12:49 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Neuer Ordner
2014-03-08 12:49 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\WinRAR
2014-03-08 12:49 - 2014-03-05 11:46 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Photos
2014-03-07 18:34 - 2013-09-13 18:02 - 00000000 ____D () C:\Users\Shuya_000\Desktop\bilder
2014-03-05 20:49 - 2013-07-04 12:40 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\VirtualStore
2014-03-05 11:55 - 2014-03-05 11:55 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\concept design
2014-03-05 11:55 - 2014-03-05 11:47 - 00000000 ____D () C:\Program Files (x86)\Franzis
2014-03-05 11:54 - 2014-03-05 11:54 - 00002946 _____ () C:\WINDOWS\System32\Tasks\MT66 Software Update
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Users\Public\Documents\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\ProgramData\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Program Files (x86)\MedienTeam66
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Program Files (x86)\CollageIt
2014-03-05 11:52 - 2014-03-05 11:52 - 00000000 ____D () C:\Program Files\PhotoZoom Internet 5
2014-03-05 11:43 - 2014-03-05 11:43 - 00000000 ____D () C:\Program Files\Franzis
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-02 13:42 - 2013-03-11 17:30 - 00006911 _____ () C:\WINDOWS\system32\RaCoInst.log
2014-03-02 13:42 - 2012-08-04 01:02 - 00000000 ____D () C:\SWSetup
2014-03-01 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-03-01 19:41 - 2013-07-04 12:40 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\Packages
2014-03-01 07:05 - 2014-03-13 07:48 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-13 07:47 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-13 07:47 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-13 07:47 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-13 07:47 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-13 07:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-13 07:47 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-13 07:47 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-13 07:47 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 07:47 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 07:47 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-13 07:47 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 07:47 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 07:47 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 07:47 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 07:47 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 07:47 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-28 07:08 - 2013-12-19 07:07 - 00000070 _____ () C:\Users\Shuya_000\AppData\Roaming\WB.CFG
2014-02-28 06:39 - 2014-02-28 06:39 - 00127080 _____ (Spotify Ltd) C:\Users\Shuya_000\Downloads\SpotifySetup.exe
2014-02-28 06:39 - 2014-02-28 06:39 - 00001877 _____ () C:\Users\Shuya_000\Desktop\Spotify.lnk
2014-02-28 06:39 - 2014-02-28 06:39 - 00001863 _____ () C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-20 08:57 - 2013-08-20 20:02 - 00323072 ___SH () C:\Users\Shuya_000\Downloads\Thumbs.db
2014-02-19 09:43 - 2014-02-19 09:08 - 1561413632 _____ () C:\Users\Shuya_000\Downloads\Blood - The Last Vampire (DVD-Rip).avi
2014-02-19 08:58 - 2014-02-19 08:42 - 733968384 _____ () C:\Users\Shuya_000\Downloads\Haywire (2012) (BDRip LineDubbed).avi
2014-02-19 08:41 - 2014-02-19 08:23 - 733024256 _____ () C:\Users\Shuya_000\Downloads\Ein Riskanter Plan (2012) (DVD-Rip LineDubbed).avi
2014-02-18 22:42 - 2014-02-18 18:00 - 4246568478 _____ () C:\Users\Shuya_000\Downloads\Die Purpurnen Fluesse 2 - Die Engel der Apokalypse (2004) (Full-HD 1080p DTS).mkv
2014-02-18 16:40 - 2014-02-18 16:23 - 732450816 _____ () C:\Users\Shuya_000\Downloads\Minis first time.avi
2014-02-18 16:05 - 2014-02-18 11:28 - 904038086 _____ () C:\Users\Shuya_000\Downloads\Die purpurnen Fluesse (2000) (Full-HD 1080p DTS).mkv
2014-02-18 12:53 - 2014-02-17 08:01 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-18 08:00 - 2014-02-18 06:10 - 666303764 _____ () C:\Users\Shuya_000\Downloads\Ghost Rider 2 (2012) - Spirit of Vengeance (HD 720p AC3-Dubbed) (1).mkv
2014-02-18 07:14 - 2013-03-11 17:53 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-18 07:13 - 2014-02-18 07:13 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-02-18 07:11 - 2014-02-17 07:49 - 00000000 ____D () C:\ProgramData\Nero
2014-02-17 08:52 - 2013-08-05 21:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-17 08:50 - 2013-07-05 21:10 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-17 08:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Cursors
2014-02-17 08:23 - 2014-02-17 08:23 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-17 08:05 - 2014-02-17 08:05 - 00000000 ____D () C:\WINDOWS\SysWOW64\SearchProtect
2014-02-17 08:02 - 2014-02-17 08:02 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\TuneUp Software
2014-02-17 08:01 - 2014-02-17 08:01 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-17 08:01 - 2014-02-17 08:00 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Nero
2014-02-17 07:59 - 2014-02-17 07:59 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\OpenCandy
2014-02-17 07:45 - 2014-02-17 07:43 - 82702176 _____ (Nero AG) C:\Users\Shuya_000\Downloads\Nero_BurningROM2014-15.0.04200_trial.exe
2014-02-17 06:58 - 2013-07-04 12:43 - 00000000 ___RD () C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 06:58 - 2013-07-04 12:43 - 00000000 ___RD () C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-17 06:52 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-17 06:52 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-17 06:52 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-17 06:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-17 06:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-17 06:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-17 06:49 - 2013-08-19 11:48 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Torque
2014-02-16 20:45 - 2014-02-16 20:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-16 20:44 - 2014-02-16 20:44 - 00004118 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 20:44 - 2014-02-16 20:44 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-16 20:44 - 2014-02-16 20:43 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\Deployment
2014-02-16 20:44 - 2013-11-06 19:07 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\Google
2014-02-16 20:43 - 2014-02-16 20:43 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\Apps\2.0
2014-02-16 20:41 - 2014-02-04 20:25 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-16 20:40 - 2014-02-01 13:36 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-16 20:40 - 2013-12-11 20:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 20:38 - 2013-09-16 11:23 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe


Some content of TEMP:
====================
C:\Users\Shuya_000\AppData\Local\Temp\avgnt.exe
C:\Users\Shuya_000\AppData\Local\Temp\Extract.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-13 07:48] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-03-15 12:14

==================== End Of Log ============================
         
--- --- ---



addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Shuya_000 at 2014-03-18 10:44:30
Running from C:\Users\Shuya_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

1click Fotorahmen (HKLM-x32\...\{EA1641E2-B005-4E24-96A3-43866A4C6935}_is1) (Version:  - Franzis)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bejeweled Twist(TM) (HKLM-x32\...\a2b64e6c4a2998d49f0d91cb4984f7e3) (Version:  - Zylom)
BenVista PhotoZoom Internet 5.1 (HKLM-x32\...\PhotoZoom Express 5) (Version: 5.1 - BenVista Ltd.)
calibre (HKLM-x32\...\{AF63A317-D3BD-4147-8398-286E163332DF}) (Version: 0.9.44 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon MX390 series Benutzerregistrierung (HKLM-x32\...\Canon MX390 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MX390 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX390_series) (Version: 1.00 - Canon Inc.)
Canon MX390 series On-screen Manual (HKLM-x32\...\Canon MX390 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
CollageIt 1.9.3 (HKLM-x32\...\{D9757258-30B2-496E-86F2-84920C5858E1}_is1) (Version: 1.9.3 - PearlMountain Technology Co., Ltd)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Cut Out 3.0 (HKLM-x32\...\Cut Out_is1) (Version:  - Franzis.de)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.2.5712 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.2.2114 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.2.2110 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.5.5811 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Protect (HKCU\...\{132401a7-2006-4342-b43c-ccf5f02c2b01}) (Version:  - Download Protect)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EverQuest II (HKCU\...\SOE-EverQuest II PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
Extended Update (HKCU\...\UpdaterEX) (Version:  - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FRANZIS Photo goes Full HD (HKLM-x32\...\{8FF8411B-508A-4C47-A5B5-A9CFC9FCF230}_is1) (Version: Photo goes Full HD - FRANZIS Verlag GmbH)
Free Zip Viewer (HKLM-x32\...\Free Zip Viewer) (Version: 1.0 - Free Zip Viewer)
Gardenscapes 2 Premium Edition (HKLM-x32\...\217189c061ce7414a007e377048c4973) (Version:  - Zylom)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
HDR Projects elements (64-Bit) (HKLM\...\HDR Projects elements_is1) (Version: 1.22 - Franzis Verlag GmbH)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{8C3E36C3-7615-46B9-B043-6053810E591B}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 8.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IePluginService12.27.0.3326 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MT66 Software Update (HKLM-x32\...\{F2E4F3A5-A8F0-46F4-8E91-E8C1DE1FCFE5}_is1) (Version:  - )
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
One Click Wipe  Basic (HKLM-x32\...\Stepok's One Click Wipe  Basic_is1) (Version:  - Stepok Image Lab.)
Online Games Manager v1.21 (HKLM-x32\...\Online Games Manager) (Version: 1.21.2 - Real Networks, Inc.)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Miniatur!It 1.0 Professional (HKLM-x32\...\{78B8621A-E451-4a17-929E-887BA59AEB61}_is1) (Version:  - )
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6714 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.29040 - Realtek Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.10.20.64 - Conduit) <==== ATTENTION
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
The Mirror Mysteries - Forgotten Kingdoms Deluxe (HKLM-x32\...\b3a238b8fa7c5a7ec1a7ad36f4e819fb) (Version:  - Zylom)
Torque (HKCU\...\Torque) (Version: 4.2.5.28819 - BitTorrent Inc.)
VIS (HKLM-x32\...\VIS) (Version:  - ) <==== ATTENTION
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Word Slinger (HKLM-x32\...\8617b280ce3d8581e46e17e0197f18ad) (Version:  - Zylom)
WPM17.8.0.3325 (HKLM-x32\...\WPM) (Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Restore Points  =========================


==================== Hosts content: ==========================

2013-08-22 14:25 - 2014-02-05 08:21 - 00450639 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {17BE66A0-B78D-469C-BA8B-3E3741B2FB2B} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {1B8438CE-D63A-440F-9B3A-4F7A93511B99} - System32\Tasks\DealPlyUpdate => C:\Program
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31F0E690-82C0-4C91-91C7-938A4403C6CB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-11-14] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {435BB0BC-9411-4337-A2D0-4D91E123ECF2} - System32\Tasks\MT66 Software Update => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe [2009-11-18] (MedienTeam66)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {640EA647-1936-4C9E-9B8B-C283738007F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {680F4EAC-C2D7-4767-B93E-5D4DD998D861} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {744260A3-B032-4F30-8464-96B475197706} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {752042FF-44C0-49C7-A191-4E23D8029E94} - System32\Tasks\FoxTab => C:\Users\Shuya_000\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {80C432E6-437C-459E-BDDD-81236FBFA307} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-02-17] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8F5D5455-B560-448C-951C-2C666DC15D39} - System32\Tasks\HPCeeScheduleForShuya_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {947E91AE-2996-4323-95B4-87F06DC0794C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {98546EAE-3DCF-41C9-B6B9-398E0DB5DC2A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1DAB06F-D95D-47D6-AEA5-A8B80FEE4522} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-11-14] (Microsoft Corporation)
Task: {A5EFC48F-1A9C-411A-9B31-00A3F91056E1} - \CreateChoiceProcessTask No Task File
Task: {A9F15426-3D64-4881-A185-76E2AACF5ED5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {AB406DED-4F1F-459D-B20D-6A2F18C91434} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {AC4CB6DD-13E8-48B4-9B6C-656794F7ED76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D6771B32-2492-4CF4-8867-4D2C7A0BE9E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {D7B790D4-8E76-4D70-8508-094EBD6E0596} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC5B5DC3-1624-4F71-8439-7DB31D28885D} - System32\Tasks\UpdaterEX => C:\Users\SHUYA_~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E5DD842B-2108-4DAB-902A-FEB73674AB8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EF6C5D72-3920-43B1-B613-9531890FD538} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {F80502F3-6F13-46CD-B8D8-69AEBF1C67D0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {F91132A7-27D9-49A7-AF39-43724A4867CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {FD1BDE9F-09D8-4407-88AF-D3CFEDB7C2C9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FoxTab.job => C:\Users\SHUYA_~1\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForShuya_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\MT66 Software Update.job => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\SHUYA_~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-07-26 14:10 - 2012-03-28 14:19 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-07-05 21:54 - 2013-08-23 14:45 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-07-05 21:54 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-07-05 21:54 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-05 08:07 - 2014-02-05 08:07 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-02-28 06:39 - 2014-02-28 06:39 - 00603648 _____ () C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2012-10-12 16:22 - 2012-10-12 16:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 16:22 - 2012-10-12 16:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 16:22 - 2012-10-12 16:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-11-19 14:54 - 2013-11-19 14:54 - 00120224 _____ () C:\Users\Shuya_000\AppData\Local\assembly\dl3\667C0GQ9.55B\ZEJH0420.REL\797586a1\00e39356_8da8cd01\HPItunesModule.DLL
2014-02-05 08:52 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-05 08:11 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-05 08:11 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-05 08:11 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-05 08:11 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-05 08:11 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-28 06:39 - 2014-02-28 06:39 - 36967424 _____ () C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\libcef.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Shuya_000\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-11 17:49 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-02-28 06:39 - 2014-02-28 06:39 - 00887808 _____ () C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-02-28 06:39 - 2014-02-28 06:39 - 00109568 _____ () C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\libegl.dll
2014-02-18 23:00 - 2014-02-18 23:00 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8310d224af54d6cbd9fce767da495350\PSIClient.ni.dll
2013-03-11 17:34 - 2012-06-26 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-02-16 20:45 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-16 20:45 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-16 20:45 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-16 20:45 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-16 20:45 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-16 20:45 - 2014-02-02 00:42 - 13616456 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Shuya_000\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2014 10:14:12 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi

Error: (03/18/2014 10:12:26 AM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.16431 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b18

Startzeit: 01cf428972287e08

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe

Berichts-ID: 692c9ecb-ae7d-11e3-be92-d89d67c70dd3

Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_2.6.0.1000_x86__kzf8qxf38zg5c

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (03/18/2014 09:49:09 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi

Error: (03/18/2014 09:14:00 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi

Error: (03/18/2014 08:49:10 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi

Error: (03/18/2014 08:13:49 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi

Error: (03/18/2014 07:49:11 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi

Error: (03/18/2014 07:14:09 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi

Error: (03/18/2014 07:11:35 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (03/18/2014 07:11:34 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{2107cdb2-2d5e-46a1-814a-d985283cb1b0} - 0000000000000328,0x0053c010,00000084C7814A20,0,00000084C7812A00,4096,[0]).


Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider


System errors:
=============
Error: (03/18/2014 10:02:05 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/18/2014 07:11:33 AM) (Source: volsnap) (User: )
Description: Das Zeitlimit für den Lösch- und Speicherschreibvorgang für Volume "C:" wurde beim Warten auf eine Schreibvorgangfreigabe überschritten.

Error: (03/17/2014 10:01:10 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/16/2014 10:00:01 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/15/2014 11:33:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wpm Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/15/2014 11:30:35 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062

Error: (03/15/2014 11:30:19 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FontCache3.0.0.0 erreicht.

Error: (03/15/2014 11:27:35 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (03/14/2014 10:00:02 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/13/2014 10:00:03 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (03/18/2014 10:14:12 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/18/2014 10:12:26 AM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.16431b1801cf428972287e084294967295C:\WINDOWS\syswow64\wwahost.exe692c9ecb-ae7d-11e3-be92-d89d67c70dd3Microsoft.SkypeApp_2.6.0.1000_x86__kzf8qxf38zg5cApp

Error: (03/18/2014 09:49:09 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/18/2014 09:14:00 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/18/2014 08:49:10 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/18/2014 08:13:49 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/18/2014 07:49:11 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/18/2014 07:14:09 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/18/2014 07:11:35 AM) (Source: VSS)(User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (03/18/2014 07:11:34 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{2107cdb2-2d5e-46a1-814a-d985283cb1b0} - 0000000000000328,0x0053c010,00000084C7814A20,0,00000084C7812A00,4096,[0])

Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider


==================== Memory info =========================== 

Percentage of memory in use: 74%
Total physical RAM: 3983.27 MB
Available physical RAM: 1013.89 MB
Total Pagefile: 11663.27 MB
Available Pagefile: 4613.32 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:683.45 GB) (Free:412.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.08 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (10134-Foto-Paket) (CDROM) (Total:0.29 GB) (Free:0 GB) CDFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:108.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 5DF67981)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7329F7B9)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


Alt 19.03.2014, 08:49   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Browser ist gesperrt durch Virus oder Trojaner - Standard

Browser ist gesperrt durch Virus oder Trojaner



Dacht ich mir dass da noch Arbeit is.

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
  • Starte die sc-cleaner.exe mit einem Doppelclick.
  • Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
  • Eine Logdatei wird sich öffnen (sc-cleaner.txt).
  • Poste den Inhalt mit deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Browser ist gesperrt durch Virus oder Trojaner

Alt 19.03.2014, 11:41   #7
ShuyaX
 
Browser ist gesperrt durch Virus oder Trojaner - Standard

Browser ist gesperrt durch Virus oder Trojaner



wie genau mach ich das alles??
hab echt keinen plan.

so, also das löschen mit revo hab ich nicht hinbekommen. alles andere kommt jetzt.
Code:
ATTFilter
# AdwCleaner v3.022 - Bericht erstellt am 19/03/2014 um 11:28:31
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Shuya_000 - COMMANDCENTRAL
# Gestartet von : C:\Users\Shuya_000\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\FoxTab
Ordner Gelöscht : C:\Program Files (x86)\iMesh Applications
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\WINDOWS\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\WINDOWS\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\Shuya_000\AppData\Local\iMesh
Ordner Gelöscht : C:\Users\Shuya_000\AppData\Roaming\FoxTab
Ordner Gelöscht : C:\Users\Shuya_000\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
Ordner Gelöscht : C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\lightningnewtab@gmail.com
Datei Gelöscht : C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
Datei Gelöscht : C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\invalidprefs.js
Datei Gelöscht : C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\user.js
Datei Gelöscht : C:\WINDOWS\System32\Tasks\DealPlyUpdate
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Desk 365 RunAsStdUser
Datei Gelöscht : C:\WINDOWS\Tasks\FoxTab.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\FoxTab
Datei Gelöscht : C:\WINDOWS\Tasks\UpdaterEX.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\UpdaterEX

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iMesh.Device
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iMesh.file
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
Schlüssel Gelöscht : HKLM\SOFTWARE\f2df8bb63de941
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{969D2C61-9B16-407C-86B7-397BF4579BE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{969D2C61-9B16-407C-86B7-397BF4579BE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKCU\Software\UpdaterEX
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\Imesh
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ Datei : C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\prefs.js ]

Zeile gelöscht : user_pref("accessibility.lightning.homepage", "hxxp://www.awesomehp.com/?type=hp&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "141bd61e47d6529d5c85b950df37d986");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "d41b2150000000000000f4b7e2c60799");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15988");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.618:56:29");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=120524&tt=02102013_ctrl2&tsp=5031");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true);

-\\ Google Chrome v32.0.1700.107

[ Datei : C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [12435 octets] - [19/03/2014 11:27:22]
AdwCleaner[S0].txt - [11614 octets] - [19/03/2014 11:28:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11675 octets] ##########
         




Code:
ATTFilter
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.19.02

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
Shuya_000 :: COMMANDCENTRAL [Administrator]

19.03.2014 09:07:20
mbam-log-2014-03-19 (09-07-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 411602
Laufzeit: 1 Stunde(n), 51 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\IePluginService\PluginService.exe (PUP.Optional.IePluginService.A) -> 1136 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 10
HKLM\SYSTEM\CurrentControlSet\Services\IePluginService (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINSTALL.EXE (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPM (PUP.Optional.WpManager.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\awesomehpSoftware (PUP.Optional.Awesomehp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|lightningnewtab@gmail.com (PUP.Optional.Lightning.A) -> Daten: C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\extensions\lightningnewtab@gmail.com.xpi -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\Wpm|ImagePath (PUP.Optional.WpManager.A) -> Daten: C:\ProgramData\WPM\wprotectmanager.exe -service -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.Awesomehp.A) -> Bösartig: (hxxp://www.awesomehp.com/?type=hp&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.Awesomehp.A) -> Bösartig: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX) Gut: (iexplore.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.Awesomehp.A) -> Bösartig: (hxxp://www.awesomehp.com/web/?type=ds&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX&q={searchTerms}) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Awesomehp.A) -> Bösartig: (hxxp://www.awesomehp.com/?type=hp&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.Awesomehp.A) -> Bösartig: (hxxp://www.awesomehp.com/?type=hp&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 7
C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IePluginService (PUP.Optional.IePluginService.A) -> Löschen bei Neustart.
C:\ProgramData\IePluginService\update (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 15
C:\ProgramData\IePluginService\PluginService.exe (PUP.Optional.IePluginService.A) -> Löschen bei Neustart.
C:\Program Files (x86)\iMesh Applications\iMesh\Uninstall.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SupTab\SupTab.dll (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Shuya_000\AppData\Roaming\OpenCandy\DA761303AAD14B0686F611DB1E7DBEE9\SearchProtect_p1v1.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Shuya_000\AppData\Roaming\OpenCandy\DA761303AAD14B0686F611DB1E7DBEE9\sp-downloader.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Shuya_000\Downloads\iMeshSetup-r1487-w-bc.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Shuya_000\Downloads\Java.exe (PUP.Optional.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Shuya_000\Downloads\zip.exe (PUP.Optional.Spigot.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Shuya_000\Local Settings\Temp\FreeZipViewer\PIPAskToolbar\Offercast2802_ADAP_.exe (PUP.Optional.Spigot.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsfC739.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nshCB31.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsuAA95.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsy3517.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IePluginService\update\conf (PUP.Optional.IePluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by Shuya_000 on 19.03.2014 at 10:43:50,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\discoveryhelper.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\gifanimator.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\imesh.exe
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\imtrprogress.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\imweb.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\wmhelper.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadealslive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3229117270-2468592357-216523851-1001\Software\sweetim
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadealslive
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\imweb.imwebcontrol
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{753EB1F7-5C97-4D2F-9F12-A3D56F42F16B}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{753EB1F7-5C97-4D2F-9F12-A3D56F42F16B}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{753EB1F7-5C97-4D2F-9F12-A3D56F42F16B}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{753EB1F7-5C97-4D2F-9F12-A3D56F42F16B}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\apn"
Failed to delete: [Folder] "C:\ProgramData\bonanzadealslive"
Failed to delete: [Folder] "C:\ProgramData\dsearchlink"
Failed to delete: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\Shuya_000\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Shuya_000\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Shuya_000\appdata\local\bonanzadealslive"
Failed to delete: [Folder] "C:\Program Files (x86)\bonanzadeals"
Failed to delete: [Folder] "C:\Program Files (x86)\bonanzadealslive"
Failed to delete: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2014 at 10:52:29,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Code:
ATTFilter
Shortcut Cleaner 1.2.9 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 8.1 
Program started at: 03/19/2014 09:00:51 AM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\

  * Shortcut Cleaned: C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Shuya_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

  * Shortcut Cleaned: C:\Users\Shuya_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391541837&from=adks&uid=HitachiXHTS547575A9E384_J2140020E938NAE938NAX

Searching C:\Users\Public\Desktop\

Searching C:\Users\Shuya_000\Desktop


2 bad shortcuts found.

Program finished at: 03/19/2014 09:00:54 AM
Execution time: 0 hours(s), 0 minute(s), and 3 second(s)
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Shuya_000 (administrator) on COMMANDCENTRAL on 19-03-2014 11:38:52
Running from C:\Users\Shuya_000\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Akamai Technologies, Inc.) C:\Users\Shuya_000\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Shuya_000\AppData\Roaming\Spotify\spotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Spotify Ltd) C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Shuya_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
(Akamai Technologies, Inc.) C:\Users\Shuya_000\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\ProgramData\dlprotect.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6839952 2012-08-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-07-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-02-05] ()
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3229117270-2468592357-216523851-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Shuya_000\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3229117270-2468592357-216523851-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3229117270-2468592357-216523851-1001\...\Run: [Spotify] - C:\Users\Shuya_000\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-02-28] (Spotify Ltd)
HKU\S-1-5-21-3229117270-2468592357-216523851-1001\...\Run: [Spotify Web Helper] - C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-28] (Spotify Ltd)
HKU\S-1-5-21-3229117270-2468592357-216523851-1001\...\MountPoints2: {5c114686-8a75-11e2-be72-806e6f6e6963} - "E:\Starter.exe" 
Startup: C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Shuya_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM - {753EB1F7-5C97-4D2F-9F12-A3D56F42F16B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {753EB1F7-5C97-4D2F-9F12-A3D56F42F16B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default
FF NewTab: chrome://lightning/content/newtab.html
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: iMeshPlugin - C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File
FF Extension: Feven 1.5 - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com [2013-12-19]
FF Extension: NetVideoHunter - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\netvideohunter@netvideohunter.com [2013-12-03]
FF Extension: BitTorrent TorqueChrome Plugin - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\TorqueChrome@bittorrenttorque.com [2013-08-19]
FF Extension: BitTorrent Surf (Beta) - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\surf-bare@bittorrent.com.xpi [2013-08-19]
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{FB096B75-2C65-4614-8442-C5701C5B55DF} [2014-02-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{FB096B75-2C65-4614-8442-C5701C5B55DF}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{FB096B75-2C65-4614-8442-C5701C5B55DF}
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{FB096B75-2C65-4614-8442-C5701C5B55DF} [2014-02-09]

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3322288&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F5CBD0E-ABFA-4BC7-ABB1-054C1773F46C&SSPV=
CHR Extension: (Google Docs) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (YouTube) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (Google-Suche) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (Google Wallet) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Download Protect) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpphcdbjjifamflnbfeplcdahmfoklm [2014-02-18]
CHR Extension: (Google Mail) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [277648 2012-09-19] (Realtek Semiconductor Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-07-06] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-19] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-19 11:23 - 2014-03-19 11:23 - 01950720 _____ () C:\Users\Shuya_000\Downloads\adwcleaner (1).exe
2014-03-19 10:52 - 2014-03-19 10:52 - 00004617 _____ () C:\Users\Shuya_000\Desktop\JRT.txt
2014-03-19 10:42 - 2014-03-19 10:42 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-19 09:05 - 2014-03-19 09:05 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Malwarebytes
2014-03-19 09:00 - 2014-03-19 09:00 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Shuya_000\Downloads\sc-cleaner.exe
2014-03-19 09:00 - 2014-03-19 09:00 - 00002922 _____ () C:\sc-cleaner.txt
2014-03-19 08:57 - 2014-03-19 08:57 - 00000000 ____D () C:\Users\Shuya_000\Documents\My Received Files
2014-03-19 08:57 - 2014-03-19 08:57 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\MusicNet
2014-03-19 08:56 - 2014-03-19 11:29 - 00000000 ____D () C:\AdwCleaner
2014-03-19 08:56 - 2014-03-19 08:56 - 00001280 _____ () C:\Users\Shuya_000\Desktop\Revo Uninstaller.lnk
2014-03-19 08:56 - 2014-03-19 08:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-19 08:55 - 2014-03-19 08:55 - 01037734 _____ (Thisisu) C:\Users\Shuya_000\Downloads\JRT.exe
2014-03-19 08:55 - 2014-03-19 08:55 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-19 08:55 - 2014-03-19 08:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-19 08:55 - 2014-03-19 08:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-19 08:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-19 08:54 - 2014-03-19 08:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Shuya_000\Downloads\revosetup95.exe
2014-03-19 08:54 - 2014-03-19 08:54 - 01950720 _____ () C:\Users\Shuya_000\Downloads\adwcleaner.exe
2014-03-19 08:53 - 2014-03-19 08:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shuya_000\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-18 11:24 - 2014-01-08 02:46 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-03-18 11:24 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-03-18 11:24 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-03-18 11:24 - 2014-01-04 16:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-03-18 11:24 - 2014-01-04 16:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-03-18 11:24 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-03-18 11:24 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-03-18 11:24 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-03-18 11:24 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-03-18 11:24 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-03-18 11:24 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-03-18 11:24 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-03-18 11:24 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-03-18 11:24 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-03-18 11:24 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-03-18 11:24 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-03-18 11:24 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-03-18 11:24 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-03-18 11:24 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-03-18 11:24 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-03-18 11:24 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-03-18 11:24 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-03-18 11:24 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-03-18 11:24 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-03-18 11:24 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-03-18 11:24 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-03-18 11:24 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-03-18 11:24 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-03-18 11:24 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-03-18 11:24 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-03-18 11:24 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-03-18 11:24 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-03-18 11:24 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-03-18 11:24 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-03-18 11:24 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-03-18 11:24 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-18 11:24 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-18 11:01 - 2014-03-18 11:01 - 00037894 _____ () C:\Users\Shuya_000\Desktop\most-epic-line-ever_o_2426829.webp
2014-03-18 10:44 - 2014-03-18 10:45 - 00038417 _____ () C:\Users\Shuya_000\Desktop\Addition.txt
2014-03-18 10:42 - 2014-03-19 11:38 - 00021464 _____ () C:\Users\Shuya_000\Desktop\FRST.txt
2014-03-18 10:42 - 2014-03-19 11:38 - 00000000 ____D () C:\FRST
2014-03-18 10:40 - 2014-03-18 10:40 - 02157056 _____ (Farbar) C:\Users\Shuya_000\Desktop\FRST64.exe
2014-03-17 09:31 - 2014-02-05 08:21 - 00450639 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140317-093150.backup
2014-03-14 20:09 - 2014-03-14 20:09 - 00000949 _____ () C:\Users\Shuya_000\Desktop\Bejeweled Twist(TM).lnk
2014-03-14 20:09 - 2014-03-14 20:09 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-03-13 07:48 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-13 07:48 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-13 07:48 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-13 07:48 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-13 07:48 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-13 07:48 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-13 07:48 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-13 07:48 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-13 07:48 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-13 07:48 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-13 07:48 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-13 07:48 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-13 07:48 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-13 07:48 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-13 07:48 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-13 07:48 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-13 07:48 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-13 07:48 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-13 07:48 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-13 07:48 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-13 07:48 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-13 07:48 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-13 07:48 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-13 07:48 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-13 07:48 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-13 07:48 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-13 07:48 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-13 07:48 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-13 07:48 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-13 07:48 - 2014-01-27 12:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-13 07:48 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-13 07:48 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-13 07:48 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-13 07:48 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-13 07:48 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-13 07:48 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-13 07:47 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-13 07:47 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-13 07:47 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-13 07:47 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-13 07:47 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-13 07:47 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-13 07:47 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-13 07:47 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-13 07:47 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-13 07:47 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-13 07:47 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-13 07:47 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-13 07:47 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-13 07:47 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-13 07:47 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-13 07:47 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-13 07:47 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-13 07:47 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-13 07:47 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-13 07:47 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-13 07:47 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-13 07:47 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-12 20:43 - 2014-03-12 20:43 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Gogii Games
2014-03-12 20:41 - 2014-03-12 20:41 - 00001237 _____ () C:\Users\Shuya_000\Desktop\The Mirror Mysteries - Forgotten Kingdoms Deluxe.lnk
2014-03-10 18:57 - 2014-03-10 18:57 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\YoudaGames
2014-03-09 07:05 - 2014-03-09 07:05 - 00000000 ____D () C:\ProgramData\Playrix Entertainment
2014-03-09 07:03 - 2014-03-09 07:03 - 00001011 _____ () C:\Users\Shuya_000\Desktop\Gardenscapes 2 Premium Edition.lnk
2014-03-08 21:20 - 2014-03-08 21:20 - 00000885 _____ () C:\Users\Shuya_000\Desktop\Word Slinger.lnk
2014-03-08 12:54 - 2014-03-08 12:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\AlawarEntertainment
2014-03-08 12:52 - 2014-03-08 12:52 - 00000000 ____D () C:\Program Files (x86)\Online Games Manager
2014-03-08 12:49 - 2014-03-14 20:08 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Zylom Games
2014-03-08 12:49 - 2014-03-08 12:49 - 00000138 _____ () C:\Users\Shuya_000\Desktop\Zylom.url
2014-03-08 12:49 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Neuer Ordner
2014-03-08 12:49 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\WinRAR
2014-03-08 12:48 - 2014-03-14 20:08 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-03-05 11:55 - 2014-03-05 11:55 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\concept design
2014-03-05 11:54 - 2014-03-18 11:54 - 00000352 _____ () C:\WINDOWS\Tasks\MT66 Software Update.job
2014-03-05 11:54 - 2014-03-05 11:54 - 00002946 _____ () C:\WINDOWS\System32\Tasks\MT66 Software Update
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Users\Public\Documents\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\ProgramData\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Program Files (x86)\MedienTeam66
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Program Files (x86)\CollageIt
2014-03-05 11:52 - 2014-03-05 11:52 - 00000000 ____D () C:\Program Files\PhotoZoom Internet 5
2014-03-05 11:49 - 2007-05-25 14:57 - 00061440 _____ () C:\WINDOWS\SysWOW64\CIUtils.dll
2014-03-05 11:47 - 2014-03-05 11:55 - 00000000 ____D () C:\Program Files (x86)\Franzis
2014-03-05 11:46 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Photos
2014-03-05 11:43 - 2014-03-05 11:43 - 00000000 ____D () C:\Program Files\Franzis
2014-02-28 06:39 - 2014-03-19 11:37 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Spotify
2014-02-28 06:39 - 2014-03-18 07:07 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\Spotify
2014-02-28 06:39 - 2014-02-28 06:39 - 00127080 _____ (Spotify Ltd) C:\Users\Shuya_000\Downloads\SpotifySetup.exe
2014-02-28 06:39 - 2014-02-28 06:39 - 00001877 _____ () C:\Users\Shuya_000\Desktop\Spotify.lnk
2014-02-28 06:39 - 2014-02-28 06:39 - 00001863 _____ () C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-19 09:08 - 2014-02-19 09:43 - 1561413632 _____ () C:\Users\Shuya_000\Downloads\Blood - The Last Vampire (DVD-Rip).avi
2014-02-19 08:42 - 2014-02-19 08:58 - 733968384 _____ () C:\Users\Shuya_000\Downloads\Haywire (2012) (BDRip LineDubbed).avi
2014-02-19 08:23 - 2014-02-19 08:41 - 733024256 _____ () C:\Users\Shuya_000\Downloads\Ein Riskanter Plan (2012) (DVD-Rip LineDubbed).avi
2014-02-18 18:00 - 2014-02-18 22:42 - 4246568478 _____ () C:\Users\Shuya_000\Downloads\Die Purpurnen Fluesse 2 - Die Engel der Apokalypse (2004) (Full-HD 1080p DTS).mkv
2014-02-18 16:23 - 2014-02-18 16:40 - 732450816 _____ () C:\Users\Shuya_000\Downloads\Minis first time.avi
2014-02-18 11:28 - 2014-02-18 16:05 - 904038086 _____ () C:\Users\Shuya_000\Downloads\Die purpurnen Fluesse (2000) (Full-HD 1080p DTS).mkv
2014-02-18 07:13 - 2014-02-18 07:13 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-02-18 06:10 - 2014-02-18 08:00 - 666303764 _____ () C:\Users\Shuya_000\Downloads\Ghost Rider 2 (2012) - Spirit of Vengeance (HD 720p AC3-Dubbed) (1).mkv
2014-02-17 08:23 - 2014-02-17 08:23 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-17 08:23 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2014-02-17 08:23 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2014-02-17 08:23 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2014-02-17 08:02 - 2014-02-17 08:02 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\TuneUp Software
2014-02-17 08:01 - 2014-02-18 12:53 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-17 08:01 - 2014-02-17 08:01 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-17 08:00 - 2014-02-17 08:01 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Nero
2014-02-17 07:49 - 2014-02-18 07:11 - 00000000 ____D () C:\ProgramData\Nero
2014-02-17 07:43 - 2014-02-17 07:45 - 82702176 _____ (Nero AG) C:\Users\Shuya_000\Downloads\Nero_BurningROM2014-15.0.04200_trial.exe
2014-02-17 07:09 - 2014-02-05 08:21 - 00450639 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140217-070950.backup
2014-02-17 07:09 - 2014-02-05 08:21 - 00450639 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140217-070915.backup

==================== One Month Modified Files and Folders =======

2014-03-19 11:39 - 2014-03-18 10:42 - 00021464 _____ () C:\Users\Shuya_000\Desktop\FRST.txt
2014-03-19 11:38 - 2014-03-18 10:42 - 00000000 ____D () C:\FRST
2014-03-19 11:37 - 2014-02-28 06:39 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Spotify
2014-03-19 11:36 - 2013-08-17 20:49 - 00003200 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForShuya_000
2014-03-19 11:36 - 2013-08-17 20:49 - 00000378 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForShuya_000.job
2014-03-19 11:36 - 2013-07-04 12:49 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3229117270-2468592357-216523851-1001
2014-03-19 11:34 - 2013-11-19 14:58 - 00000000 __RDO () C:\Users\Shuya_000\SkyDrive
2014-03-19 11:33 - 2013-09-13 12:43 - 00000000 ___RD () C:\Users\Shuya_000\Dropbox
2014-03-19 11:33 - 2013-09-13 12:41 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Dropbox
2014-03-19 11:31 - 2014-02-16 20:44 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 11:30 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-19 11:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-19 11:29 - 2014-03-19 08:56 - 00000000 ____D () C:\AdwCleaner
2014-03-19 11:29 - 2013-11-19 14:49 - 01779900 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-19 11:23 - 2014-03-19 11:23 - 01950720 _____ () C:\Users\Shuya_000\Downloads\adwcleaner (1).exe
2014-03-19 11:15 - 2014-02-05 08:27 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87AE96E8-9741-4E48-8084-73A45027B149}
2014-03-19 11:12 - 2013-08-09 08:34 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-19 11:12 - 2013-07-04 12:43 - 00000000 ___RD () C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-19 11:12 - 2013-07-04 12:43 - 00000000 ___RD () C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-19 11:11 - 2013-09-29 20:04 - 00248060 _____ () C:\WINDOWS\PFRO.log
2014-03-19 11:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-19 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-19 10:53 - 2014-02-16 20:44 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-19 10:52 - 2014-03-19 10:52 - 00004617 _____ () C:\Users\Shuya_000\Desktop\JRT.txt
2014-03-19 10:42 - 2014-03-19 10:42 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-19 10:41 - 2013-08-05 18:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\vlc
2014-03-19 09:05 - 2014-03-19 09:05 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Malwarebytes
2014-03-19 09:00 - 2014-03-19 09:00 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Shuya_000\Downloads\sc-cleaner.exe
2014-03-19 09:00 - 2014-03-19 09:00 - 00002922 _____ () C:\sc-cleaner.txt
2014-03-19 09:00 - 2013-11-19 14:53 - 00001450 _____ () C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-19 08:57 - 2014-03-19 08:57 - 00000000 ____D () C:\Users\Shuya_000\Documents\My Received Files
2014-03-19 08:57 - 2014-03-19 08:57 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\MusicNet
2014-03-19 08:56 - 2014-03-19 08:56 - 00001280 _____ () C:\Users\Shuya_000\Desktop\Revo Uninstaller.lnk
2014-03-19 08:56 - 2014-03-19 08:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-19 08:55 - 2014-03-19 08:55 - 01037734 _____ (Thisisu) C:\Users\Shuya_000\Downloads\JRT.exe
2014-03-19 08:55 - 2014-03-19 08:55 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-19 08:55 - 2014-03-19 08:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-19 08:55 - 2014-03-19 08:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-19 08:54 - 2014-03-19 08:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Shuya_000\Downloads\revosetup95.exe
2014-03-19 08:54 - 2014-03-19 08:54 - 01950720 _____ () C:\Users\Shuya_000\Downloads\adwcleaner.exe
2014-03-19 08:53 - 2014-03-19 08:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shuya_000\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-18 18:41 - 2013-08-05 20:13 - 06141440 ___SH () C:\Users\Shuya_000\Desktop\Thumbs.db
2014-03-18 12:08 - 2013-08-05 21:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 12:05 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-18 12:05 - 2013-07-05 21:10 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-18 11:54 - 2014-03-05 11:54 - 00000352 _____ () C:\WINDOWS\Tasks\MT66 Software Update.job
2014-03-18 11:01 - 2014-03-18 11:01 - 00037894 _____ () C:\Users\Shuya_000\Desktop\most-epic-line-ever_o_2426829.webp
2014-03-18 10:45 - 2014-03-18 10:44 - 00038417 _____ () C:\Users\Shuya_000\Desktop\Addition.txt
2014-03-18 10:40 - 2014-03-18 10:40 - 02157056 _____ (Farbar) C:\Users\Shuya_000\Desktop\FRST64.exe
2014-03-18 07:07 - 2014-02-28 06:39 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\Spotify
2014-03-17 08:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-16 01:13 - 2013-07-06 21:13 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-03-16 01:13 - 2013-07-06 21:13 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-15 12:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-15 11:33 - 2013-08-22 15:44 - 00478872 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-15 11:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 11:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 11:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 11:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-15 11:26 - 2013-11-19 14:29 - 00000000 ____D () C:\Users\Shuya_000
2014-03-14 20:09 - 2014-03-14 20:09 - 00000949 _____ () C:\Users\Shuya_000\Desktop\Bejeweled Twist(TM).lnk
2014-03-14 20:09 - 2014-03-14 20:09 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-03-14 20:08 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Zylom Games
2014-03-14 20:08 - 2014-03-08 12:48 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-03-12 20:43 - 2014-03-12 20:43 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Gogii Games
2014-03-12 20:41 - 2014-03-12 20:41 - 00001237 _____ () C:\Users\Shuya_000\Desktop\The Mirror Mysteries - Forgotten Kingdoms Deluxe.lnk
2014-03-12 16:24 - 2013-08-19 20:02 - 00000000 ____D () C:\Users\Shuya_000\Desktop\dokumente
2014-03-12 16:24 - 2013-07-26 14:10 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-11 19:12 - 2013-08-09 08:34 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-10 18:57 - 2014-03-10 18:57 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\YoudaGames
2014-03-10 18:14 - 2013-07-05 19:22 - 00000000 ____D () C:\Users\Shuya_000\Documents\Youcam
2014-03-10 06:34 - 2013-09-30 05:14 - 01984420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-10 06:34 - 2013-09-30 04:56 - 00843606 _____ () C:\WINDOWS\system32\perfh007.dat
2014-03-10 06:34 - 2013-09-30 04:56 - 00192300 _____ () C:\WINDOWS\system32\perfc007.dat
2014-03-10 06:32 - 2013-08-22 15:46 - 00300280 _____ () C:\WINDOWS\setupact.log
2014-03-09 07:05 - 2014-03-09 07:05 - 00000000 ____D () C:\ProgramData\Playrix Entertainment
2014-03-09 07:03 - 2014-03-09 07:03 - 00001011 _____ () C:\Users\Shuya_000\Desktop\Gardenscapes 2 Premium Edition.lnk
2014-03-08 21:20 - 2014-03-08 21:20 - 00000885 _____ () C:\Users\Shuya_000\Desktop\Word Slinger.lnk
2014-03-08 12:54 - 2014-03-08 12:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\AlawarEntertainment
2014-03-08 12:52 - 2014-03-08 12:52 - 00000000 ____D () C:\Program Files (x86)\Online Games Manager
2014-03-08 12:49 - 2014-03-08 12:49 - 00000138 _____ () C:\Users\Shuya_000\Desktop\Zylom.url
2014-03-08 12:49 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Neuer Ordner
2014-03-08 12:49 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\WinRAR
2014-03-08 12:49 - 2014-03-05 11:46 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Photos
2014-03-07 18:34 - 2013-09-13 18:02 - 00000000 ____D () C:\Users\Shuya_000\Desktop\bilder
2014-03-05 20:49 - 2013-07-04 12:40 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\VirtualStore
2014-03-05 11:55 - 2014-03-05 11:55 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\concept design
2014-03-05 11:55 - 2014-03-05 11:47 - 00000000 ____D () C:\Program Files (x86)\Franzis
2014-03-05 11:54 - 2014-03-05 11:54 - 00002946 _____ () C:\WINDOWS\System32\Tasks\MT66 Software Update
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Users\Public\Documents\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\ProgramData\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Program Files (x86)\MedienTeam66
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Program Files (x86)\CollageIt
2014-03-05 11:52 - 2014-03-05 11:52 - 00000000 ____D () C:\Program Files\PhotoZoom Internet 5
2014-03-05 11:43 - 2014-03-05 11:43 - 00000000 ____D () C:\Program Files\Franzis
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-02 13:42 - 2013-03-11 17:30 - 00006911 _____ () C:\WINDOWS\system32\RaCoInst.log
2014-03-02 13:42 - 2012-08-04 01:02 - 00000000 ____D () C:\SWSetup
2014-03-01 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-03-01 19:41 - 2013-07-04 12:40 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\Packages
2014-03-01 07:05 - 2014-03-13 07:48 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-13 07:47 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-13 07:47 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-13 07:47 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-13 07:47 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-13 07:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-13 07:47 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-13 07:47 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-13 07:47 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 07:47 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 07:47 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-13 07:47 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 07:47 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 07:47 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 07:47 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 07:47 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 07:47 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-28 07:08 - 2013-12-19 07:07 - 00000070 _____ () C:\Users\Shuya_000\AppData\Roaming\WB.CFG
2014-02-28 06:39 - 2014-02-28 06:39 - 00127080 _____ (Spotify Ltd) C:\Users\Shuya_000\Downloads\SpotifySetup.exe
2014-02-28 06:39 - 2014-02-28 06:39 - 00001877 _____ () C:\Users\Shuya_000\Desktop\Spotify.lnk
2014-02-28 06:39 - 2014-02-28 06:39 - 00001863 _____ () C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-20 08:57 - 2013-08-20 20:02 - 00323072 ___SH () C:\Users\Shuya_000\Downloads\Thumbs.db
2014-02-19 09:43 - 2014-02-19 09:08 - 1561413632 _____ () C:\Users\Shuya_000\Downloads\Blood - The Last Vampire (DVD-Rip).avi
2014-02-19 08:58 - 2014-02-19 08:42 - 733968384 _____ () C:\Users\Shuya_000\Downloads\Haywire (2012) (BDRip LineDubbed).avi
2014-02-19 08:41 - 2014-02-19 08:23 - 733024256 _____ () C:\Users\Shuya_000\Downloads\Ein Riskanter Plan (2012) (DVD-Rip LineDubbed).avi
2014-02-18 22:42 - 2014-02-18 18:00 - 4246568478 _____ () C:\Users\Shuya_000\Downloads\Die Purpurnen Fluesse 2 - Die Engel der Apokalypse (2004) (Full-HD 1080p DTS).mkv
2014-02-18 16:40 - 2014-02-18 16:23 - 732450816 _____ () C:\Users\Shuya_000\Downloads\Minis first time.avi
2014-02-18 16:05 - 2014-02-18 11:28 - 904038086 _____ () C:\Users\Shuya_000\Downloads\Die purpurnen Fluesse (2000) (Full-HD 1080p DTS).mkv
2014-02-18 12:53 - 2014-02-17 08:01 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-18 08:00 - 2014-02-18 06:10 - 666303764 _____ () C:\Users\Shuya_000\Downloads\Ghost Rider 2 (2012) - Spirit of Vengeance (HD 720p AC3-Dubbed) (1).mkv
2014-02-18 07:14 - 2013-03-11 17:53 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-18 07:13 - 2014-02-18 07:13 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-02-18 07:11 - 2014-02-17 07:49 - 00000000 ____D () C:\ProgramData\Nero
2014-02-17 08:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Cursors
2014-02-17 08:23 - 2014-02-17 08:23 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-17 08:02 - 2014-02-17 08:02 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\TuneUp Software
2014-02-17 08:01 - 2014-02-17 08:01 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-17 08:01 - 2014-02-17 08:00 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Nero
2014-02-17 07:45 - 2014-02-17 07:43 - 82702176 _____ (Nero AG) C:\Users\Shuya_000\Downloads\Nero_BurningROM2014-15.0.04200_trial.exe
2014-02-17 06:52 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-17 06:52 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-17 06:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-17 06:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-17 06:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-17 06:49 - 2013-08-19 11:48 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Torque

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe


Some content of TEMP:
====================
C:\Users\Shuya_000\AppData\Local\Temp\avgnt.exe
C:\Users\Shuya_000\AppData\Local\Temp\Extract.exe
C:\Users\Shuya_000\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-13 07:48] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-03-18 11:37

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 20.03.2014, 09:46   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Browser ist gesperrt durch Virus oder Trojaner - Standard

Browser ist gesperrt durch Virus oder Trojaner




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.03.2014, 07:28   #9
ShuyaX
 
Browser ist gesperrt durch Virus oder Trojaner - Standard

Browser ist gesperrt durch Virus oder Trojaner



so, hier die neuen dateien.
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=53938c45ea927841abbbbfa92c63fd10
# engine=17525
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-20 10:59:21
# local_time=2014-03-20 11:59:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=1799 16775165 100 94 14961 8731323 7690 0
# compatibility_mode=5893 16776574 100 94 433847 12629458 0 0
# scanned=200473
# found=0
# cleaned=0
# scan_time=7370
         
Code:
ATTFilter
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.80  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop      
Windows Defender   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 	12.0.0.77  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Online Games Manager ogmservice.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Shuya_000 (administrator) on COMMANDCENTRAL on 20-03-2014 13:18:21
Running from C:\Users\Shuya_000\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Akamai Technologies, Inc.) C:\Users\Shuya_000\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Shuya_000\AppData\Roaming\Spotify\spotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Spotify Ltd) C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Shuya_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\Shuya_000\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\ProgramData\dlprotect.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Microsoft Corporation) C:\WINDOWS\syswow64\wwahost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
(Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6839952 2012-08-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-07-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-02-05] ()
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3229117270-2468592357-216523851-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Shuya_000\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3229117270-2468592357-216523851-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3229117270-2468592357-216523851-1001\...\Run: [Spotify] - C:\Users\Shuya_000\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-02-28] (Spotify Ltd)
HKU\S-1-5-21-3229117270-2468592357-216523851-1001\...\Run: [Spotify Web Helper] - C:\Users\Shuya_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-28] (Spotify Ltd)
Startup: C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Shuya_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM - {753EB1F7-5C97-4D2F-9F12-A3D56F42F16B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {753EB1F7-5C97-4D2F-9F12-A3D56F42F16B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default
FF NewTab: chrome://lightning/content/newtab.html
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: iMeshPlugin - C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File
FF Extension: Feven 1.5 - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com [2013-12-19]
FF Extension: NetVideoHunter - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\netvideohunter@netvideohunter.com [2013-12-03]
FF Extension: BitTorrent TorqueChrome Plugin - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\TorqueChrome@bittorrenttorque.com [2013-08-19]
FF Extension: BitTorrent Surf (Beta) - C:\Users\Shuya_000\AppData\Roaming\Mozilla\Firefox\Profiles\2sa1vj4d.default\Extensions\surf-bare@bittorrent.com.xpi [2013-08-19]
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{FB096B75-2C65-4614-8442-C5701C5B55DF} [2014-02-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{FB096B75-2C65-4614-8442-C5701C5B55DF}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{FB096B75-2C65-4614-8442-C5701C5B55DF}
FF Extension: Download Protect - C:\Program Files (x86)\Mozilla Firefox\extensions\{FB096B75-2C65-4614-8442-C5701C5B55DF} [2014-02-09]

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3322288&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F5CBD0E-ABFA-4BC7-ABB1-054C1773F46C&SSPV=
CHR Extension: (Google Docs) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (YouTube) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (Google-Suche) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (Google Wallet) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Download Protect) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpphcdbjjifamflnbfeplcdahmfoklm [2014-02-18]
CHR Extension: (Google Mail) - C:\Users\Shuya_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [277648 2012-09-19] (Realtek Semiconductor Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-07-06] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-19] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-20 12:50 - 2014-03-20 12:50 - 00987442 _____ () C:\Users\Shuya_000\Desktop\SecurityCheck.exe
2014-03-20 09:52 - 2014-03-20 09:52 - 02347384 _____ (ESET) C:\Users\Shuya_000\Downloads\esetsmartinstaller_enu.exe
2014-03-20 07:15 - 2014-03-20 07:15 - 279703552 _____ () C:\Users\Shuya_000\Downloads\The Big Bang Theory - S04E03 - Zazzy Substitution (HD 720p).mkv.crdownload
2014-03-20 07:15 - 2014-03-20 07:15 - 279576576 _____ () C:\Users\Shuya_000\Downloads\The Big Bang Theory - S04E04 - Hot Troll Deviation (HD 720p).mkv.crdownload
2014-03-20 07:14 - 2014-03-20 12:34 - 280350720 _____ () C:\Users\Shuya_000\Downloads\The Big Bang Theory - S04E02 - The Cruciferous Vegetable Amplification.mkv.crdownload
2014-03-20 07:14 - 2014-03-20 07:14 - 280948736 _____ () C:\Users\Shuya_000\Downloads\The Big Bang Theory - S04E01 - The Robotic Manupulation.mkv.crdownload
2014-03-19 18:08 - 2014-03-19 18:08 - 00011812 _____ () C:\Users\Shuya_000\Desktop\AdwCleaner[S0].txt
2014-03-19 11:23 - 2014-03-19 11:23 - 01950720 _____ () C:\Users\Shuya_000\Downloads\adwcleaner (1).exe
2014-03-19 10:52 - 2014-03-19 10:52 - 00004617 _____ () C:\Users\Shuya_000\Desktop\JRT.txt
2014-03-19 10:42 - 2014-03-19 10:42 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-19 09:05 - 2014-03-19 09:05 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Malwarebytes
2014-03-19 09:00 - 2014-03-19 09:00 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Shuya_000\Downloads\sc-cleaner.exe
2014-03-19 09:00 - 2014-03-19 09:00 - 00002922 _____ () C:\sc-cleaner.txt
2014-03-19 08:57 - 2014-03-19 08:57 - 00000000 ____D () C:\Users\Shuya_000\Documents\My Received Files
2014-03-19 08:57 - 2014-03-19 08:57 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\MusicNet
2014-03-19 08:56 - 2014-03-19 11:29 - 00000000 ____D () C:\AdwCleaner
2014-03-19 08:56 - 2014-03-19 08:56 - 00001280 _____ () C:\Users\Shuya_000\Desktop\Revo Uninstaller.lnk
2014-03-19 08:56 - 2014-03-19 08:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-19 08:55 - 2014-03-19 08:55 - 01037734 _____ (Thisisu) C:\Users\Shuya_000\Downloads\JRT.exe
2014-03-19 08:55 - 2014-03-19 08:55 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-19 08:55 - 2014-03-19 08:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-19 08:55 - 2014-03-19 08:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-19 08:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-19 08:54 - 2014-03-19 08:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Shuya_000\Downloads\revosetup95.exe
2014-03-19 08:54 - 2014-03-19 08:54 - 01950720 _____ () C:\Users\Shuya_000\Downloads\adwcleaner.exe
2014-03-19 08:53 - 2014-03-19 08:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shuya_000\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-18 11:24 - 2014-01-08 02:46 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-03-18 11:24 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-03-18 11:24 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-03-18 11:24 - 2014-01-04 16:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-03-18 11:24 - 2014-01-04 16:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-03-18 11:24 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-03-18 11:24 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-03-18 11:24 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-03-18 11:24 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-03-18 11:24 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-03-18 11:24 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-03-18 11:24 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-03-18 11:24 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-03-18 11:24 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-03-18 11:24 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-03-18 11:24 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-03-18 11:24 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-03-18 11:24 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-03-18 11:24 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-03-18 11:24 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-03-18 11:24 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-03-18 11:24 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-03-18 11:24 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-03-18 11:24 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-03-18 11:24 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-03-18 11:24 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-03-18 11:24 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-03-18 11:24 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-03-18 11:24 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-03-18 11:24 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-03-18 11:24 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-03-18 11:24 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-03-18 11:24 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-03-18 11:24 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-03-18 11:24 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-03-18 11:24 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-18 11:24 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-18 11:01 - 2014-03-18 11:01 - 00037894 _____ () C:\Users\Shuya_000\Desktop\most-epic-line-ever_o_2426829.webp
2014-03-18 10:44 - 2014-03-18 10:45 - 00038417 _____ () C:\Users\Shuya_000\Desktop\Addition.txt
2014-03-18 10:42 - 2014-03-20 13:18 - 00021861 _____ () C:\Users\Shuya_000\Desktop\FRST.txt
2014-03-18 10:42 - 2014-03-20 13:18 - 00000000 ____D () C:\FRST
2014-03-18 10:40 - 2014-03-18 10:40 - 02157056 _____ (Farbar) C:\Users\Shuya_000\Desktop\FRST64.exe
2014-03-17 09:31 - 2014-02-05 08:21 - 00450639 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140317-093150.backup
2014-03-14 20:09 - 2014-03-14 20:09 - 00000949 _____ () C:\Users\Shuya_000\Desktop\Bejeweled Twist(TM).lnk
2014-03-14 20:09 - 2014-03-14 20:09 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-03-13 07:48 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-13 07:48 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-13 07:48 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-13 07:48 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-13 07:48 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-13 07:48 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-13 07:48 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-13 07:48 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-13 07:48 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-13 07:48 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-13 07:48 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-13 07:48 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-13 07:48 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-13 07:48 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-13 07:48 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-13 07:48 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-13 07:48 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-13 07:48 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-13 07:48 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-13 07:48 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-13 07:48 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-13 07:48 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-13 07:48 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-13 07:48 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-13 07:48 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-13 07:48 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-13 07:48 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-13 07:48 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-13 07:48 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-13 07:48 - 2014-01-27 12:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-13 07:48 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-13 07:48 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-13 07:48 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-13 07:48 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-13 07:48 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-13 07:48 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-13 07:47 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-13 07:47 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-13 07:47 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-13 07:47 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-13 07:47 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-13 07:47 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-13 07:47 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-13 07:47 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-13 07:47 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-13 07:47 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-13 07:47 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-13 07:47 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-13 07:47 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-13 07:47 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-13 07:47 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-13 07:47 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-13 07:47 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-13 07:47 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-13 07:47 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-13 07:47 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-13 07:47 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-13 07:47 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-12 20:43 - 2014-03-12 20:43 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Gogii Games
2014-03-12 20:41 - 2014-03-12 20:41 - 00001237 _____ () C:\Users\Shuya_000\Desktop\The Mirror Mysteries - Forgotten Kingdoms Deluxe.lnk
2014-03-10 18:57 - 2014-03-10 18:57 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\YoudaGames
2014-03-09 07:05 - 2014-03-09 07:05 - 00000000 ____D () C:\ProgramData\Playrix Entertainment
2014-03-09 07:03 - 2014-03-09 07:03 - 00001011 _____ () C:\Users\Shuya_000\Desktop\Gardenscapes 2 Premium Edition.lnk
2014-03-08 21:20 - 2014-03-08 21:20 - 00000885 _____ () C:\Users\Shuya_000\Desktop\Word Slinger.lnk
2014-03-08 12:54 - 2014-03-08 12:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\AlawarEntertainment
2014-03-08 12:52 - 2014-03-08 12:52 - 00000000 ____D () C:\Program Files (x86)\Online Games Manager
2014-03-08 12:49 - 2014-03-14 20:08 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Zylom Games
2014-03-08 12:49 - 2014-03-08 12:49 - 00000138 _____ () C:\Users\Shuya_000\Desktop\Zylom.url
2014-03-08 12:49 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Neuer Ordner
2014-03-08 12:49 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\WinRAR
2014-03-08 12:48 - 2014-03-14 20:08 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-03-05 11:55 - 2014-03-05 11:55 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\concept design
2014-03-05 11:54 - 2014-03-20 11:54 - 00000352 _____ () C:\WINDOWS\Tasks\MT66 Software Update.job
2014-03-05 11:54 - 2014-03-05 11:54 - 00002946 _____ () C:\WINDOWS\System32\Tasks\MT66 Software Update
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Users\Public\Documents\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\ProgramData\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Program Files (x86)\MedienTeam66
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Program Files (x86)\CollageIt
2014-03-05 11:52 - 2014-03-05 11:52 - 00000000 ____D () C:\Program Files\PhotoZoom Internet 5
2014-03-05 11:49 - 2007-05-25 14:57 - 00061440 _____ () C:\WINDOWS\SysWOW64\CIUtils.dll
2014-03-05 11:47 - 2014-03-05 11:55 - 00000000 ____D () C:\Program Files (x86)\Franzis
2014-03-05 11:46 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Photos
2014-03-05 11:43 - 2014-03-05 11:43 - 00000000 ____D () C:\Program Files\Franzis
2014-02-28 06:39 - 2014-03-20 11:36 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Spotify
2014-02-28 06:39 - 2014-03-18 07:07 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\Spotify
2014-02-28 06:39 - 2014-02-28 06:39 - 00127080 _____ (Spotify Ltd) C:\Users\Shuya_000\Downloads\SpotifySetup.exe
2014-02-28 06:39 - 2014-02-28 06:39 - 00001877 _____ () C:\Users\Shuya_000\Desktop\Spotify.lnk
2014-02-28 06:39 - 2014-02-28 06:39 - 00001863 _____ () C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-19 09:08 - 2014-02-19 09:43 - 1561413632 _____ () C:\Users\Shuya_000\Downloads\Blood - The Last Vampire (DVD-Rip).avi
2014-02-19 08:42 - 2014-02-19 08:58 - 733968384 _____ () C:\Users\Shuya_000\Downloads\Haywire (2012) (BDRip LineDubbed).avi
2014-02-19 08:23 - 2014-02-19 08:41 - 733024256 _____ () C:\Users\Shuya_000\Downloads\Ein Riskanter Plan (2012) (DVD-Rip LineDubbed).avi
2014-02-18 18:00 - 2014-02-18 22:42 - 4246568478 _____ () C:\Users\Shuya_000\Downloads\Die Purpurnen Fluesse 2 - Die Engel der Apokalypse (2004) (Full-HD 1080p DTS).mkv
2014-02-18 16:23 - 2014-02-18 16:40 - 732450816 _____ () C:\Users\Shuya_000\Downloads\Minis first time.avi
2014-02-18 11:28 - 2014-02-18 16:05 - 904038086 _____ () C:\Users\Shuya_000\Downloads\Die purpurnen Fluesse (2000) (Full-HD 1080p DTS).mkv
2014-02-18 07:13 - 2014-02-18 07:13 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-02-18 06:10 - 2014-02-18 08:00 - 666303764 _____ () C:\Users\Shuya_000\Downloads\Ghost Rider 2 (2012) - Spirit of Vengeance (HD 720p AC3-Dubbed) (1).mkv

==================== One Month Modified Files and Folders =======

2014-03-20 13:19 - 2014-03-20 07:14 - 280350720 _____ () C:\Users\Shuya_000\Downloads\The Big Bang Theory - S04E02 - The Cruciferous Vegetable Amplification.mkv.crdownload
2014-03-20 13:19 - 2014-03-18 10:42 - 00021861 _____ () C:\Users\Shuya_000\Desktop\FRST.txt
2014-03-20 13:18 - 2014-03-18 10:42 - 00000000 ____D () C:\FRST
2014-03-20 13:12 - 2013-08-09 08:34 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-20 13:06 - 2014-02-05 08:27 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87AE96E8-9741-4E48-8084-73A45027B149}
2014-03-20 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-20 12:55 - 2013-11-19 14:49 - 01929798 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-20 12:50 - 2014-03-20 12:50 - 00987442 _____ () C:\Users\Shuya_000\Desktop\SecurityCheck.exe
2014-03-20 12:49 - 2014-02-16 20:44 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 12:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-20 12:34 - 2013-07-04 12:49 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3229117270-2468592357-216523851-1001
2014-03-20 11:54 - 2014-03-05 11:54 - 00000352 _____ () C:\WINDOWS\Tasks\MT66 Software Update.job
2014-03-20 11:36 - 2014-02-28 06:39 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Spotify
2014-03-20 09:52 - 2014-03-20 09:52 - 02347384 _____ (ESET) C:\Users\Shuya_000\Downloads\esetsmartinstaller_enu.exe
2014-03-20 07:57 - 2013-08-05 18:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\vlc
2014-03-20 07:34 - 2013-09-30 05:14 - 01984420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-20 07:34 - 2013-09-30 04:56 - 00843606 _____ () C:\WINDOWS\system32\perfh007.dat
2014-03-20 07:34 - 2013-09-30 04:56 - 00192300 _____ () C:\WINDOWS\system32\perfc007.dat
2014-03-20 07:22 - 2013-08-22 15:46 - 00301075 _____ () C:\WINDOWS\setupact.log
2014-03-20 07:15 - 2014-03-20 07:15 - 279703552 _____ () C:\Users\Shuya_000\Downloads\The Big Bang Theory - S04E03 - Zazzy Substitution (HD 720p).mkv.crdownload
2014-03-20 07:15 - 2014-03-20 07:15 - 279576576 _____ () C:\Users\Shuya_000\Downloads\The Big Bang Theory - S04E04 - Hot Troll Deviation (HD 720p).mkv.crdownload
2014-03-20 07:14 - 2014-03-20 07:14 - 280948736 _____ () C:\Users\Shuya_000\Downloads\The Big Bang Theory - S04E01 - The Robotic Manupulation.mkv.crdownload
2014-03-20 07:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-19 20:49 - 2014-02-16 20:44 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 18:08 - 2014-03-19 18:08 - 00011812 _____ () C:\Users\Shuya_000\Desktop\AdwCleaner[S0].txt
2014-03-19 11:55 - 2013-07-05 21:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-19 11:36 - 2013-08-17 20:49 - 00003200 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForShuya_000
2014-03-19 11:36 - 2013-08-17 20:49 - 00000378 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForShuya_000.job
2014-03-19 11:34 - 2013-11-19 14:58 - 00000000 __RDO () C:\Users\Shuya_000\SkyDrive
2014-03-19 11:33 - 2013-09-13 12:43 - 00000000 ___RD () C:\Users\Shuya_000\Dropbox
2014-03-19 11:33 - 2013-09-13 12:41 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Dropbox
2014-03-19 11:30 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-19 11:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-19 11:29 - 2014-03-19 08:56 - 00000000 ____D () C:\AdwCleaner
2014-03-19 11:23 - 2014-03-19 11:23 - 01950720 _____ () C:\Users\Shuya_000\Downloads\adwcleaner (1).exe
2014-03-19 11:12 - 2013-07-04 12:43 - 00000000 ___RD () C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-19 11:12 - 2013-07-04 12:43 - 00000000 ___RD () C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-19 11:11 - 2013-09-29 20:04 - 00248060 _____ () C:\WINDOWS\PFRO.log
2014-03-19 11:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-19 10:52 - 2014-03-19 10:52 - 00004617 _____ () C:\Users\Shuya_000\Desktop\JRT.txt
2014-03-19 10:42 - 2014-03-19 10:42 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-19 09:05 - 2014-03-19 09:05 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Malwarebytes
2014-03-19 09:00 - 2014-03-19 09:00 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Shuya_000\Downloads\sc-cleaner.exe
2014-03-19 09:00 - 2014-03-19 09:00 - 00002922 _____ () C:\sc-cleaner.txt
2014-03-19 09:00 - 2013-11-19 14:53 - 00001450 _____ () C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-19 08:57 - 2014-03-19 08:57 - 00000000 ____D () C:\Users\Shuya_000\Documents\My Received Files
2014-03-19 08:57 - 2014-03-19 08:57 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\MusicNet
2014-03-19 08:56 - 2014-03-19 08:56 - 00001280 _____ () C:\Users\Shuya_000\Desktop\Revo Uninstaller.lnk
2014-03-19 08:56 - 2014-03-19 08:56 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-19 08:55 - 2014-03-19 08:55 - 01037734 _____ (Thisisu) C:\Users\Shuya_000\Downloads\JRT.exe
2014-03-19 08:55 - 2014-03-19 08:55 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-19 08:55 - 2014-03-19 08:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-19 08:55 - 2014-03-19 08:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-19 08:54 - 2014-03-19 08:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Shuya_000\Downloads\revosetup95.exe
2014-03-19 08:54 - 2014-03-19 08:54 - 01950720 _____ () C:\Users\Shuya_000\Downloads\adwcleaner.exe
2014-03-19 08:53 - 2014-03-19 08:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Shuya_000\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-18 18:41 - 2013-08-05 20:13 - 06141440 ___SH () C:\Users\Shuya_000\Desktop\Thumbs.db
2014-03-18 12:08 - 2013-08-05 21:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 12:05 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-18 12:05 - 2013-07-05 21:10 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-18 11:01 - 2014-03-18 11:01 - 00037894 _____ () C:\Users\Shuya_000\Desktop\most-epic-line-ever_o_2426829.webp
2014-03-18 10:45 - 2014-03-18 10:44 - 00038417 _____ () C:\Users\Shuya_000\Desktop\Addition.txt
2014-03-18 10:40 - 2014-03-18 10:40 - 02157056 _____ (Farbar) C:\Users\Shuya_000\Desktop\FRST64.exe
2014-03-18 07:07 - 2014-02-28 06:39 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\Spotify
2014-03-16 01:13 - 2013-07-06 21:13 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-03-16 01:13 - 2013-07-06 21:13 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-15 11:33 - 2013-08-22 15:44 - 00478872 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-15 11:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 11:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 11:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 11:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-15 11:26 - 2013-11-19 14:29 - 00000000 ____D () C:\Users\Shuya_000
2014-03-14 20:09 - 2014-03-14 20:09 - 00000949 _____ () C:\Users\Shuya_000\Desktop\Bejeweled Twist(TM).lnk
2014-03-14 20:09 - 2014-03-14 20:09 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-03-14 20:08 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Zylom Games
2014-03-14 20:08 - 2014-03-08 12:48 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-03-12 20:43 - 2014-03-12 20:43 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\Gogii Games
2014-03-12 20:41 - 2014-03-12 20:41 - 00001237 _____ () C:\Users\Shuya_000\Desktop\The Mirror Mysteries - Forgotten Kingdoms Deluxe.lnk
2014-03-12 16:24 - 2013-08-19 20:02 - 00000000 ____D () C:\Users\Shuya_000\Desktop\dokumente
2014-03-12 16:24 - 2013-07-26 14:10 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-11 19:12 - 2013-08-09 08:34 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-10 18:57 - 2014-03-10 18:57 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\YoudaGames
2014-03-10 18:14 - 2013-07-05 19:22 - 00000000 ____D () C:\Users\Shuya_000\Documents\Youcam
2014-03-09 07:05 - 2014-03-09 07:05 - 00000000 ____D () C:\ProgramData\Playrix Entertainment
2014-03-09 07:03 - 2014-03-09 07:03 - 00001011 _____ () C:\Users\Shuya_000\Desktop\Gardenscapes 2 Premium Edition.lnk
2014-03-08 21:20 - 2014-03-08 21:20 - 00000885 _____ () C:\Users\Shuya_000\Desktop\Word Slinger.lnk
2014-03-08 12:54 - 2014-03-08 12:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\AlawarEntertainment
2014-03-08 12:52 - 2014-03-08 12:52 - 00000000 ____D () C:\Program Files (x86)\Online Games Manager
2014-03-08 12:49 - 2014-03-08 12:49 - 00000138 _____ () C:\Users\Shuya_000\Desktop\Zylom.url
2014-03-08 12:49 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Neuer Ordner
2014-03-08 12:49 - 2014-03-08 12:49 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\WinRAR
2014-03-08 12:49 - 2014-03-05 11:46 - 00000000 ____D () C:\Users\Shuya_000\Desktop\Photos
2014-03-07 18:34 - 2013-09-13 18:02 - 00000000 ____D () C:\Users\Shuya_000\Desktop\bilder
2014-03-05 20:49 - 2013-07-04 12:40 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\VirtualStore
2014-03-05 11:55 - 2014-03-05 11:55 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\concept design
2014-03-05 11:55 - 2014-03-05 11:47 - 00000000 ____D () C:\Program Files (x86)\Franzis
2014-03-05 11:54 - 2014-03-05 11:54 - 00002946 _____ () C:\WINDOWS\System32\Tasks\MT66 Software Update
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Users\Shuya_000\AppData\Roaming\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Users\Public\Documents\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\ProgramData\PearlMountain
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Program Files (x86)\MedienTeam66
2014-03-05 11:54 - 2014-03-05 11:54 - 00000000 ____D () C:\Program Files (x86)\CollageIt
2014-03-05 11:52 - 2014-03-05 11:52 - 00000000 ____D () C:\Program Files\PhotoZoom Internet 5
2014-03-05 11:43 - 2014-03-05 11:43 - 00000000 ____D () C:\Program Files\Franzis
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-02 13:42 - 2013-03-11 17:30 - 00006911 _____ () C:\WINDOWS\system32\RaCoInst.log
2014-03-02 13:42 - 2012-08-04 01:02 - 00000000 ____D () C:\SWSetup
2014-03-01 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-03-01 19:41 - 2013-07-04 12:40 - 00000000 ____D () C:\Users\Shuya_000\AppData\Local\Packages
2014-03-01 07:05 - 2014-03-13 07:48 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-13 07:47 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-13 07:47 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-13 07:47 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-13 07:47 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-13 07:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-13 07:47 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-13 07:47 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-13 07:47 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 07:47 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 07:47 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-13 07:47 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 07:47 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 07:47 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 07:47 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 07:47 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 07:47 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-28 07:08 - 2013-12-19 07:07 - 00000070 _____ () C:\Users\Shuya_000\AppData\Roaming\WB.CFG
2014-02-28 06:39 - 2014-02-28 06:39 - 00127080 _____ (Spotify Ltd) C:\Users\Shuya_000\Downloads\SpotifySetup.exe
2014-02-28 06:39 - 2014-02-28 06:39 - 00001877 _____ () C:\Users\Shuya_000\Desktop\Spotify.lnk
2014-02-28 06:39 - 2014-02-28 06:39 - 00001863 _____ () C:\Users\Shuya_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-20 08:57 - 2013-08-20 20:02 - 00323072 ___SH () C:\Users\Shuya_000\Downloads\Thumbs.db
2014-02-19 09:43 - 2014-02-19 09:08 - 1561413632 _____ () C:\Users\Shuya_000\Downloads\Blood - The Last Vampire (DVD-Rip).avi
2014-02-19 08:58 - 2014-02-19 08:42 - 733968384 _____ () C:\Users\Shuya_000\Downloads\Haywire (2012) (BDRip LineDubbed).avi
2014-02-19 08:41 - 2014-02-19 08:23 - 733024256 _____ () C:\Users\Shuya_000\Downloads\Ein Riskanter Plan (2012) (DVD-Rip LineDubbed).avi
2014-02-18 22:42 - 2014-02-18 18:00 - 4246568478 _____ () C:\Users\Shuya_000\Downloads\Die Purpurnen Fluesse 2 - Die Engel der Apokalypse (2004) (Full-HD 1080p DTS).mkv
2014-02-18 16:40 - 2014-02-18 16:23 - 732450816 _____ () C:\Users\Shuya_000\Downloads\Minis first time.avi
2014-02-18 16:05 - 2014-02-18 11:28 - 904038086 _____ () C:\Users\Shuya_000\Downloads\Die purpurnen Fluesse (2000) (Full-HD 1080p DTS).mkv
2014-02-18 12:53 - 2014-02-17 08:01 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-18 08:00 - 2014-02-18 06:10 - 666303764 _____ () C:\Users\Shuya_000\Downloads\Ghost Rider 2 (2012) - Spirit of Vengeance (HD 720p AC3-Dubbed) (1).mkv
2014-02-18 07:14 - 2013-03-11 17:53 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-18 07:13 - 2014-02-18 07:13 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-02-18 07:11 - 2014-02-17 07:49 - 00000000 ____D () C:\ProgramData\Nero

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe


Some content of TEMP:
====================
C:\Users\Shuya_000\AppData\Local\Temp\avgnt.exe
C:\Users\Shuya_000\AppData\Local\Temp\Extract.exe
C:\Users\Shuya_000\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-13 07:48] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-03-20 07:03

==================== End Of Log ============================
         
--- --- ---

Alt 22.03.2014, 07:43   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Browser ist gesperrt durch Virus oder Trojaner - Standard

Browser ist gesperrt durch Virus oder Trojaner



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\dlprotect.exe
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.03.2014, 07:15   #11
ShuyaX
 
Browser ist gesperrt durch Virus oder Trojaner - Standard

Browser ist gesperrt durch Virus oder Trojaner



ielen dank für alles.
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Shuya_000 at 2014-03-24 07:12:40 Run:1
Running from C:\Users\Shuya_000\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\dlprotect.exe
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group
         
*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\ProgramData\dlprotect.exe => Moved successfully.
esgiguard => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.

==== End of Fixlog ====
         

Alt 24.03.2014, 16:59   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Browser ist gesperrt durch Virus oder Trojaner - Standard

Browser ist gesperrt durch Virus oder Trojaner



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Browser ist gesperrt durch Virus oder Trojaner
awesomehp, awesomehp entfernen, bundestrojaner, erkennen, gesperrt, internetseite geöffnet, pup.optional.awesomehp.a, pup.optional.bandoo.a, pup.optional.bonanzadeals.a, pup.optional.conduit.a, pup.optional.delta.a, pup.optional.domaiq, pup.optional.iepluginservice.a, pup.optional.lightning.a, pup.optional.qone8, pup.optional.searchprotect.a, pup.optional.spigot.a, pup.optional.suptab.a, pup.optional.wpmanager.a, schaltet, seite, spyhunter, spyhunter entfernen, urheberrecht




Ähnliche Themen: Browser ist gesperrt durch Virus oder Trojaner


  1. Macbook ist sehr langsam geworden durch Virus oder Trojaner?
    Alles rund um Mac OSX & Linux - 12.07.2015 (13)
  2. Neues Acer-Notebook - Stimmen im Hintergrund durch Virus oder Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 10.04.2015 (9)
  3. Trojaner oder anderer Virus wahrscheinlich durch download
    Plagegeister aller Art und deren Bekämpfung - 02.01.2015 (17)
  4. Wahrscheinlich Trojaner oder Virus durch JAVA Update
    Plagegeister aller Art und deren Bekämpfung - 17.04.2014 (15)
  5. Browser gesperrt durch Österreichische Landespolizeidirektion...
    Alles rund um Windows - 31.03.2014 (3)
  6. Trojaner/Virus, Firefoxfenster lässt sich nicht Schliessen "Ihr Browser hat gesperrt", Bundespolizei, Paysafe Card
    Log-Analyse und Auswertung - 07.01.2014 (10)
  7. Win 8 Browser durch Bundespolizei(Trojaner?) gesperrt, was tun ?
    Plagegeister aller Art und deren Bekämpfung - 21.12.2013 (1)
  8. Bundespolizei Browser gesperrt - Virus
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (10)
  9. Hilfe,Virus oder Trojaner eingefangen. Nur halber Erfolg durch Eigenreparatur.
    Log-Analyse und Auswertung - 27.08.2012 (19)
  10. Gesperrt durch virus ( 100euro ukash)
    Log-Analyse und Auswertung - 04.04.2012 (9)
  11. Laptop gesperrt durch Virus gesperrt. Zahlung von 50 Euro etc.
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (7)
  12. Virus oder Trojaner? Browser reagieren nicht oder verzögert.
    Log-Analyse und Auswertung - 20.10.2010 (26)
  13. HILFE!! internet wird langsamer durch virus, trojaner oder programm ?
    Log-Analyse und Auswertung - 31.08.2009 (11)
  14. Virus oder Trojaner durch Internet Explorer was tun?
    Plagegeister aller Art und deren Bekämpfung - 24.12.2008 (0)
  15. Ports durch virus gesperrt?
    Mülltonne - 13.12.2008 (0)
  16. Alles durch Admin(Virus) gesperrt? Oo
    Plagegeister aller Art und deren Bekämpfung - 14.07.2008 (7)
  17. google gesperrt? trojaner oder virus??
    Plagegeister aller Art und deren Bekämpfung - 17.03.2004 (4)

Zum Thema Browser ist gesperrt durch Virus oder Trojaner - Bei mir hat sich heute eine Internetseite geöffnet, die behauptet ich hätte gegen Urheberrecht verstoßen oder Kinderpornographie konsumiert. Nun soll ich 100 Euro zahlen um das zu beheben. Ich bekomme - Browser ist gesperrt durch Virus oder Trojaner...
Archiv
Du betrachtest: Browser ist gesperrt durch Virus oder Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.