Windows 8: "Der Windows-Sicheheitsdienst konnte nicht gestartet werden."

derneuek · 06.04.2014, 23:10

hallo trojaner board

habe folgendes problem: ich kann meinen windows-sicherheitsdienst nicht aktivieren. ich habe die befürchtung, das sich schädlinge auf dem pc befinden. noch letzte woche hatte ich den "FEDPOL BundesKriminalPolizei" entfernt, war ziemlich hartnäckig. scheinbar ist der pc aber noch nicht ganz sauber. virenscanner (avast) und antimalwarebytes haben nichts ausfindig machen können. wie gehe ich nun vor? für eure hilfe bedanke mich schon jetzt!

grüsse

mort · 06.04.2014, 23:40

Hallo, derneuek und

Ich werde dir bei der Bereinigung des Computers helfen.

Arbeite meine Anleitungen nacheinander ab.
Poste deine Logs in Code-Tags: [code]Hier der inhalt des Logs[/code]
Bedenke, dass wir in unserer Freizeit tätig sind. Bekommst du von mir innerhalb von 2 Tagen keine Antwort, schreibe mir eine PM.

Hat ein Antivieren-Programm von dir bisher irgendwas gefunden?

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

derneuek · 07.04.2014, 00:05

danke für die rasche unterstützung!

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by *** (administrator) on *** on 07-04-2014 00:46:40
Running from C:\Users\***\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\WINDOWS\system32\Hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(APN LLC.) C:\Users\***\AppData\Local\VNT\vntldr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\werfault.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-05-31] (Synaptics Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [195536 2014-02-13] (APN LLC.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-01] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-18] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-02-25] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1013122999-180954713-1586507485-1007\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-1013122999-180954713-1586507485-1007\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\S-1-5-21-1013122999-180954713-1586507485-1007\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/12
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/12
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/12
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {CFA3F676-E1CA-4D56-A58B-806E576D9243} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {CFA3F676-E1CA-4D56-A58B-806E576D9243} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {CFA3F676-E1CA-4D56-A58B-806E576D9243} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60

Chrome: 
=======
CHR HomePage: hxxp://mystart.incredibar.com/mb133?a=6R8qJopCuK&i=26
CHR Extension: (TransOver) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aggiiclaiamajehmlfpkjmlbadmkledi [2014-03-15]
CHR Extension: (Schalten Sie das Licht) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-03-15]
CHR Extension: (Tampermonkey) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-03-15]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-03-15]
CHR Extension: (AdBlock) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-15]
CHR Extension: (avast! Online Security) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-15]
CHR Extension: (Google Wallet) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-01] (AVAST Software)
S2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-11] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-01] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-01] ()
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-31] (Synaptics Incorporated)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [204568 2013-08-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 00:46 - 2014-04-07 00:46 - 00015707 _____ () C:\Users\***\Downloads\FRST.txt
2014-04-07 00:46 - 2014-04-07 00:46 - 00000000 ____D () C:\FRST
2014-04-07 00:44 - 2014-04-07 00:44 - 02157056 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe
2014-04-07 00:01 - 2014-04-07 00:01 - 05195663 _____ (Swearware) C:\Users\***\Downloads\ComboFix.exe
2014-04-06 23:59 - 2014-04-06 23:59 - 00353101 _____ () C:\Users\***\Downloads\MicrosoftFixit20084.mini.diagcab
2014-04-03 19:53 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-04-03 19:53 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-04-03 18:22 - 2013-12-09 02:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-04-03 18:10 - 2014-01-08 03:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-04-03 18:10 - 2014-01-08 03:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-04-03 18:10 - 2014-01-08 03:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-04-03 18:10 - 2014-01-04 17:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-04-03 18:10 - 2014-01-04 17:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-04-03 18:10 - 2014-01-04 16:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-04-03 18:10 - 2014-01-04 15:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-04-03 18:10 - 2014-01-03 01:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-04-03 18:10 - 2014-01-03 01:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-04-03 18:10 - 2014-01-01 03:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-04-03 18:10 - 2014-01-01 03:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-04-03 18:10 - 2014-01-01 02:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-04-03 18:10 - 2014-01-01 02:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-04-03 18:10 - 2014-01-01 01:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-04-03 18:10 - 2014-01-01 01:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-04-03 18:10 - 2014-01-01 01:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-04-03 18:10 - 2013-12-31 01:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-04-03 18:10 - 2013-12-31 01:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-04-03 18:10 - 2013-12-31 01:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-04-03 18:10 - 2013-12-31 01:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-04-03 18:10 - 2013-12-31 01:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-04-03 18:10 - 2013-12-27 17:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-04-03 18:10 - 2013-12-27 10:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-04-03 18:10 - 2013-12-27 10:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-04-03 18:10 - 2013-12-27 10:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-04-03 18:10 - 2013-12-27 09:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-04-03 18:10 - 2013-12-27 09:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-04-03 18:10 - 2013-12-27 08:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-04-03 18:10 - 2013-12-21 09:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-04-03 18:10 - 2013-12-17 09:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-04-03 18:10 - 2013-12-14 08:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-04-03 18:10 - 2013-12-14 08:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-04-03 18:10 - 2013-12-13 12:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-04-03 18:10 - 2013-12-13 08:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-04-03 18:10 - 2013-12-13 07:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-04-03 18:10 - 2013-12-09 10:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-04-03 18:10 - 2013-12-09 06:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-04-03 18:10 - 2013-11-27 17:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-04-03 18:10 - 2013-11-27 15:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-04-03 18:10 - 2013-11-27 10:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-04-03 18:10 - 2013-11-26 15:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-04-03 18:10 - 2013-11-23 05:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-04-03 18:09 - 2013-12-09 02:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-04-03 18:09 - 2013-12-09 02:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-04-03 18:09 - 2013-12-09 02:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-04-03 18:09 - 2013-12-09 01:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-04-03 18:09 - 2013-11-27 17:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-04-03 18:09 - 2013-11-27 16:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-04-03 18:09 - 2013-11-27 14:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-04-03 18:09 - 2013-11-27 12:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-04-03 18:09 - 2013-11-27 11:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-04-03 18:09 - 2013-11-27 11:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-04-03 18:09 - 2013-11-27 11:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-04-03 18:09 - 2013-11-27 11:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-04-03 18:09 - 2013-11-27 10:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-04-03 18:09 - 2013-11-26 15:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-04-03 18:09 - 2013-11-26 13:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-04-03 18:09 - 2013-11-25 03:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-04-03 18:09 - 2013-11-25 03:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-04-03 18:09 - 2013-11-25 01:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-04-03 18:09 - 2013-11-25 01:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-04-03 18:09 - 2013-11-23 14:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-04-03 18:09 - 2013-11-23 09:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-04-03 18:09 - 2013-11-23 09:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-04-03 18:09 - 2013-11-23 09:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-04-03 18:09 - 2013-11-23 06:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-04-03 18:09 - 2013-11-23 05:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-04-03 18:09 - 2013-11-21 08:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-04-03 18:09 - 2013-11-21 08:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-04-03 18:09 - 2013-11-15 16:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-04-03 18:09 - 2013-11-15 16:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-04-03 18:09 - 2013-11-15 16:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-04-03 18:09 - 2013-11-15 15:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-04-03 18:09 - 2013-10-31 02:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-04-03 18:09 - 2013-10-31 01:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-04-03 18:09 - 2013-10-19 10:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-04-03 18:09 - 2013-10-19 09:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-04-03 17:53 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-03 17:53 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-04-03 17:53 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-04-03 17:53 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-04-03 17:53 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-04-03 17:53 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-04-03 17:53 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-04-03 17:53 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-04-03 17:53 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-04-03 17:53 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-04-03 17:53 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-04-03 17:53 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-04-03 17:53 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-04-03 17:53 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-04-03 17:53 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-04-03 17:53 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-04-03 17:53 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-04-03 17:53 - 2014-02-06 13:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-03 17:53 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-04-03 17:53 - 2014-02-06 13:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-04-03 17:53 - 2014-02-06 13:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-04-03 17:53 - 2014-02-06 12:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-04-03 17:53 - 2014-02-06 12:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-04-03 17:53 - 2014-02-06 12:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-04-03 17:53 - 2014-02-06 12:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-04-03 17:53 - 2014-02-06 12:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-04-03 17:53 - 2014-02-06 12:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-03 17:53 - 2014-02-06 12:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-04-03 17:53 - 2014-02-06 12:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-04-03 17:53 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-04-03 17:53 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-04-03 17:53 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-04-03 17:53 - 2014-02-06 11:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-04-03 17:53 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-04-03 17:53 - 2014-02-06 11:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-04-03 17:53 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-04-03 17:53 - 2014-02-06 11:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-04-03 17:53 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-04-03 17:53 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-04-03 17:53 - 2013-12-09 02:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-04-03 17:53 - 2013-12-09 01:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-04-03 17:52 - 2014-01-07 07:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-04-03 17:52 - 2014-01-07 06:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-04-03 17:52 - 2013-11-27 17:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-04-03 17:52 - 2013-11-27 13:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-04-03 17:52 - 2013-11-27 10:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-03 17:52 - 2013-11-27 10:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-03 17:52 - 2013-11-27 10:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-04-03 17:52 - 2013-11-27 10:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-04-03 17:52 - 2013-11-21 08:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-04-03 17:52 - 2013-11-21 07:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-04-03 17:52 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-04-03 17:52 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-04-03 17:52 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-04-03 17:49 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-04-03 17:49 - 2014-01-31 18:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-04-03 17:49 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-04-03 17:49 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-04-03 17:49 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-04-03 17:49 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-04-03 17:49 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-04-03 17:49 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-04-03 17:49 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-04-03 17:49 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-04-03 17:49 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-04-03 17:49 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-04-03 17:49 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-04-03 17:49 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-04-03 17:49 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-04-03 17:49 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-04-03 17:49 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-04-03 17:49 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-04-03 17:49 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-04-03 17:49 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-04-03 17:49 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-04-03 17:49 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-04-03 17:49 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-04-03 17:49 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-04-03 17:49 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-04-03 17:49 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-04-03 17:49 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-04-03 17:49 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-04-03 17:49 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-04-03 17:49 - 2014-01-27 13:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-04-03 17:49 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-04-03 17:49 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-04-03 17:49 - 2014-01-07 09:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-04-03 17:49 - 2014-01-07 07:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-04-03 17:49 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-04-03 17:49 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-04-03 17:49 - 2013-12-09 04:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-04-03 17:49 - 2013-12-09 03:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-04-03 17:48 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-04-03 17:48 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-04-03 17:48 - 2014-01-09 10:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-04-03 17:48 - 2014-01-09 09:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-04-03 17:48 - 2014-01-09 09:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-04-03 17:48 - 2014-01-09 09:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-04-03 17:48 - 2014-01-09 09:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-04-03 17:48 - 2014-01-09 09:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-04-03 17:48 - 2014-01-09 09:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-04-03 17:48 - 2014-01-09 09:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-04-03 17:48 - 2014-01-09 09:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-04-03 17:48 - 2014-01-09 09:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-04-03 17:46 - 2013-12-20 12:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-04-03 17:46 - 2013-12-20 08:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-04-03 17:46 - 2013-11-23 06:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-04-03 17:46 - 2013-11-23 06:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-04-03 17:45 - 2014-01-04 22:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-04-03 17:45 - 2014-01-04 21:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-04-03 17:45 - 2014-01-04 16:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-04-03 17:45 - 2014-01-04 16:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-04-03 17:45 - 2014-01-04 15:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-04-03 17:45 - 2014-01-04 15:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-04-03 17:45 - 2014-01-04 15:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-04-03 17:45 - 2014-01-04 15:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-04-03 17:45 - 2013-12-21 04:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-04-03 17:45 - 2013-12-21 04:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-04-02 20:06 - 2014-04-03 18:30 - 00001070 _____ () C:\WINDOWS\setupact.log
2014-04-02 20:06 - 2014-04-02 20:06 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-02 12:44 - 2014-04-06 22:51 - 00008914 _____ () C:\WINDOWS\PFRO.log
2014-04-01 22:55 - 2014-04-01 22:55 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-03-30 19:58 - 2014-03-30 19:58 - 00000000 ____D () C:\Users\***\AppData\Roaming\LolClient
2014-03-30 19:03 - 2014-03-30 19:03 - 00001625 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-03-30 19:03 - 2014-03-30 19:03 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-03-30 19:03 - 2014-03-30 19:03 - 00000000 ____D () C:\Riot Games
2014-03-30 19:03 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2014-03-30 19:03 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2014-03-30 19:03 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2014-03-30 19:01 - 2014-04-06 22:43 - 00000000 ____D () C:\Users\***\AppData\Local\PMB Files
2014-03-30 19:01 - 2014-04-06 22:43 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-30 19:01 - 2014-03-30 19:01 - 34888568 _____ (Riot Games) C:\Users\***\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-03-30 19:01 - 2014-03-30 19:01 - 00000000 ____D () C:\Users\***\AppData\Roaming\Riot Games
2014-03-30 19:01 - 2014-03-30 19:01 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-03-26 12:21 - 2014-03-26 12:21 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-26 12:21 - 2012-08-21 14:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-03-26 12:20 - 2014-03-26 12:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-26 12:20 - 2014-03-26 12:21 - 00000000 ____D () C:\Program Files\iTunes
2014-03-26 12:20 - 2014-03-26 12:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-26 12:20 - 2014-03-26 12:20 - 00000000 ____D () C:\Program Files\iPod
2014-03-22 19:59 - 2014-03-22 19:59 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-03-22 19:53 - 2014-03-22 19:53 - 00046387 _____ () C:\WINDOWS\DirectX.log
2014-03-22 19:53 - 2005-05-26 16:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2014-03-22 19:53 - 2005-05-26 16:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2014-03-22 19:53 - 2005-03-18 18:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2014-03-22 19:53 - 2005-03-18 18:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2014-03-22 19:48 - 2014-03-22 19:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-03-22 19:16 - 2014-03-22 19:45 - 00000000 ____D () C:\WINDOWS\WindowsUpdate.log
2014-03-11 00:54 - 2014-03-11 00:54 - 44617980 _____ () C:\Users\***\Downloads\fourhour.zip

==================== One Month Modified Files and Folders =======

2014-04-07 00:46 - 2014-04-07 00:46 - 00015707 _____ () C:\Users\***\Downloads\FRST.txt
2014-04-07 00:46 - 2014-04-07 00:46 - 00000000 ____D () C:\FRST
2014-04-07 00:44 - 2014-04-07 00:44 - 02157056 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe
2014-04-07 00:02 - 2013-03-26 13:28 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 00:01 - 2014-04-07 00:01 - 05195663 _____ (Swearware) C:\Users\***\Downloads\ComboFix.exe
2014-04-06 23:59 - 2014-04-06 23:59 - 00353101 _____ () C:\Users\***\Downloads\MicrosoftFixit20084.mini.diagcab
2014-04-06 23:35 - 2014-03-15 00:58 - 01691765 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-06 23:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-06 22:59 - 2013-04-27 20:59 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1013122999-180954713-1586507485-1007
2014-04-06 22:54 - 2013-06-17 19:46 - 00000000 ____D () C:\Users\***\Documents\Youcam
2014-04-06 22:53 - 2013-11-11 23:19 - 00000000 __RDO () C:\Users\***\SkyDrive
2014-04-06 22:53 - 2013-07-31 09:43 - 00000000 ___RD () C:\Users\***\Dropbox
2014-04-06 22:53 - 2013-07-31 09:38 - 00000000 ____D () C:\Users\***\AppData\Roaming\Dropbox
2014-04-06 22:53 - 2013-03-26 13:28 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-06 22:51 - 2014-04-02 12:44 - 00008914 _____ () C:\WINDOWS\PFRO.log
2014-04-06 22:51 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-06 22:50 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-06 22:43 - 2014-03-30 19:01 - 00000000 ____D () C:\Users\***\AppData\Local\PMB Files
2014-04-06 22:43 - 2014-03-30 19:01 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-06 21:37 - 2013-11-11 22:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-06 21:35 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-04-06 21:35 - 2013-03-28 09:37 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-06 19:10 - 2013-11-11 23:24 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B93E54A1-50BD-4D7B-9620-893AC0F32B8D}
2014-04-05 22:23 - 2013-08-12 20:46 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForPhong_2
2014-04-05 22:23 - 2013-08-12 20:46 - 00000352 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForPhong_2.job
2014-04-05 16:36 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-04-04 23:10 - 2013-07-23 17:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-04 23:10 - 2012-07-26 07:26 - 00000167 _____ () C:\WINDOWS\win.ini
2014-04-04 13:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-03 20:28 - 2013-08-22 16:44 - 00490680 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-03 19:48 - 2013-04-27 20:51 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-03 19:48 - 2013-04-27 20:51 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-03 19:39 - 2013-11-20 16:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-03 19:39 - 2013-11-20 16:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-03 19:38 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-03 19:38 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-03 19:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-04-03 19:38 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-03 19:38 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-03 19:37 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-04-03 19:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-04-03 19:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-04-03 19:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-04-03 19:37 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-04-03 19:37 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-04-03 18:31 - 2013-05-06 22:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-03 18:31 - 2013-04-24 14:50 - 00000000 ____D () C:\ProgramData\Skype
2014-04-03 18:30 - 2014-04-02 20:06 - 00001070 _____ () C:\WINDOWS\setupact.log
2014-04-03 18:25 - 2012-12-28 20:05 - 00005639 _____ () C:\WINDOWS\system32\RaCoInst.log
2014-04-03 17:56 - 2013-12-17 00:56 - 00000000 ____D () C:\Users\***\Desktop\Krafttraining
2014-04-03 17:55 - 2014-03-05 14:28 - 00001433 _____ () C:\Users\***\Desktop\South Park - The Stick of Truth.lnk
2014-04-03 17:51 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-03 17:51 - 2013-07-23 17:29 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-04-03 17:48 - 2013-11-11 22:40 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-04-03 17:48 - 2013-09-30 05:59 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-04-03 17:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-03 17:41 - 2013-05-06 19:06 - 00000000 ____D () C:\Users\***\Desktop\Schule
2014-04-02 20:08 - 2014-02-07 01:33 - 00000000 ____D () C:\Users\***\Desktop\Neuer Ordner
2014-04-02 20:06 - 2014-04-02 20:06 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-02 12:44 - 2013-04-27 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 22:55 - 2014-04-01 22:55 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-04-01 22:55 - 2014-01-20 20:25 - 00084816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-04-01 22:55 - 2013-10-22 17:43 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-04-01 22:55 - 2013-05-27 17:28 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-04-01 22:55 - 2013-05-27 17:28 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-04-01 22:55 - 2013-05-27 17:28 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-04-01 22:55 - 2013-05-27 17:28 - 00208928 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-04-01 22:55 - 2013-05-27 17:28 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-04-01 22:55 - 2013-05-27 17:28 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-04-01 22:55 - 2013-05-27 17:28 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-04-01 01:01 - 2013-05-16 17:47 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc
2014-03-30 19:58 - 2014-03-30 19:58 - 00000000 ____D () C:\Users\***\AppData\Roaming\LolClient
2014-03-30 19:03 - 2014-03-30 19:03 - 00001625 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-03-30 19:03 - 2014-03-30 19:03 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-03-30 19:03 - 2014-03-30 19:03 - 00000000 ____D () C:\Riot Games
2014-03-30 19:01 - 2014-03-30 19:01 - 34888568 _____ (Riot Games) C:\Users\***\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-03-30 19:01 - 2014-03-30 19:01 - 00000000 ____D () C:\Users\***\AppData\Roaming\Riot Games
2014-03-30 19:01 - 2014-03-30 19:01 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-03-28 16:57 - 2013-03-26 13:28 - 00004114 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 16:57 - 2013-03-26 13:28 - 00003878 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-26 12:22 - 2013-10-18 22:55 - 00000000 ____D () C:\Users\***\AppData\Local\Apple Computer
2014-03-26 12:22 - 2013-05-16 11:49 - 00000000 ____D () C:\Users\***\AppData\Roaming\Apple Computer
2014-03-26 12:21 - 2014-03-26 12:21 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-26 12:21 - 2014-03-26 12:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-26 12:21 - 2014-03-26 12:20 - 00000000 ____D () C:\Program Files\iTunes
2014-03-26 12:21 - 2014-03-26 12:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-26 12:20 - 2014-03-26 12:20 - 00000000 ____D () C:\Program Files\iPod
2014-03-26 12:20 - 2013-05-29 20:22 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-23 21:42 - 2013-05-18 10:14 - 00320512 ___SH () C:\Users\***\Desktop\Thumbs.db
2014-03-22 19:59 - 2014-03-22 19:59 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-03-22 19:59 - 2013-04-27 22:01 - 00000000 ____D () C:\Users\***\Documents\My Games
2014-03-22 19:57 - 2012-11-03 21:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-22 19:53 - 2014-03-22 19:53 - 00046387 _____ () C:\WINDOWS\DirectX.log
2014-03-22 19:48 - 2014-03-22 19:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-03-20 23:14 - 2013-04-27 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 21:18 - 2013-06-29 15:20 - 00796672 ___SH () C:\Users\***\Downloads\Thumbs.db
2014-03-11 00:54 - 2014-03-11 00:54 - 44617980 _____ () C:\Users\***\Downloads\fourhour.zip
2014-03-08 02:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

Files to move or delete:
====================
C:\ProgramData\lci7lceb.fee


Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\i4jdel0.exe
C:\Users\***\AppData\Local\Temp\swt-win32-3349.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-04-03 17:49] - [2014-01-31 18:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-04-04 23:08

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by *** at 2014-04-07 00:47:50
Running from C:\Users\***\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Ableton Live 9 Suite (HKLM\...\{F6238EAB-3AD7-4B0E-B0AD-E533A93A5C32}) (Version: 9.0.0.0 - Ableton)
AD_Install (x32 Version: 1.00.0000 - HP) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2016 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3.6326 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.2.2126 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.3202 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.1.3202 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Enterprise (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
GForce - Minimonsta (HKLM-x32\...\Minimonsta) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{A2E95309-79F3-41E5-94C7-6D7FD6D7BBC3}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4500 G510a-f Series Corporate Edition 14.0 (HKLM\...\{B584612D-3743-495A-AB28-98C44C1E2648}) (Version: 14.0 - HP)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 8.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
iZotope Trash 2 (HKLM-x32\...\iZotope Trash 2_is1) (Version: 2.00 - iZotope, Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
Max 6.1.2 (x64) (HKLM\...\{22068B63-CB71-4117-A603-2FD6C87A0331}) (Version: 136.1.2 - Cycling '74)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MyTomTom 3.2.0.1220 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.1220 - TomTom)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.0 - Tracker Software Products Ltd)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Sopcast Toolbar (HKLM-x32\...\{53504356-3700-A76A-76A7-A758B70C0A03}) (Version: 12.10.3.4641 - APN, LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
TubeOhm Alpha-Ray (HKLM-x32\...\TUBEOHM Alpha-Ray-4free_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0E653B40-10CD-4A8A-B82C-E850BD70310F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-26] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {27E8CA88-D8AF-4970-89B1-221431C06B2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {289B5151-1069-45AC-914D-9DC1AF3B1C18} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2FB3B5A9-9AD5-40E9-B0C5-26FD14CB18CE} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6C8C2968-3467-44A1-BBC7-D7BB51B3B225} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6FE5A24A-8391-460E-B282-D8680CBFFB6E} - System32\Tasks\HPCeeScheduleForPhong_2 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {772197C3-8601-4E35-8E2D-D85750E201C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {8092AA62-D7D5-474B-A038-65F39DA85DEF} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1013122999-180954713-1586507485-1007
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {928CCDAA-BDFD-4D39-8A58-56172E636A25} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {94C27C97-4982-4444-A7BD-BD5F4D5516A4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A7B4ECDE-3BDB-4891-899B-67D8C65E6D97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-26] (Google Inc.)
Task: {BFD1E0E0-0F7C-4D25-A45A-C3D5BFC52925} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {CD4489BF-41F5-4896-8BC0-8B62EDE68BDB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E4611975-9E05-43A8-9022-65F4D6031FAD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-01] (AVAST Software)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EBB6D911-7360-4CC0-97AE-6EE2DBC81822} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-04-06] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPhong_2.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-09-24 09:13 - 2012-09-24 09:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-06 11:06 - 2014-04-06 11:06 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040600\algo.dll
2013-08-01 12:47 - 2013-08-01 12:47 - 00026040 _____ () C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll
2013-08-01 12:47 - 2013-08-01 12:47 - 00074680 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
2013-08-01 12:47 - 2013-08-01 12:47 - 00317880 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\***\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-15 23:58 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 23:58 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 23:58 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2013-11-15 20:46 - 2013-11-15 20:46 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-05-30 18:17 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-15 23:58 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 23:58 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 23:58 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2012-12-28 20:01 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-04-27 19:51 - 2014-03-20 23:14 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-04-27 19:51 - 2014-03-20 23:14 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-04-27 19:51 - 2014-03-20 23:14 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-03-15 23:58 - 2014-03-15 02:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\***\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\***\AppData\Local\8tEKFkcdps:hOgwxUUuZssaOnT2rqNQpEaPP

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2014 11:35:35 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/06/2014 10:53:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPWMISVC.exe, Version: 3.0.1.0, Zeitstempel: 0x5049996b
Name des fehlerhaften Moduls: HPWMISVC.exe, Version: 3.0.1.0, Zeitstempel: 0x5049996b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000018ae
ID des fehlerhaften Prozesses: 0x744
Startzeit der fehlerhaften Anwendung: 0xHPWMISVC.exe0
Pfad der fehlerhaften Anwendung: HPWMISVC.exe1
Pfad des fehlerhaften Moduls: HPWMISVC.exe2
Berichtskennung: HPWMISVC.exe3
Vollständiger Name des fehlerhaften Pakets: HPWMISVC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HPWMISVC.exe5

Error: (04/06/2014 07:07:39 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/06/2014 06:32:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1735

Error: (04/06/2014 06:32:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1735

Error: (04/06/2014 06:32:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2014 06:27:50 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.16431 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1264

Startzeit: 01cf51b470fecfeb

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe

Berichts-ID: 648af239-bda8-11e3-beb7-38eaa7ef1836

Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_2.4.0.1007_x86__kzf8qxf38zg5c

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (04/06/2014 04:41:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 250484

Error: (04/06/2014 04:41:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 250484

Error: (04/06/2014 04:41:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/07/2014 00:48:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (04/07/2014 00:05:39 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (04/07/2014 00:00:33 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (04/07/2014 00:00:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (04/06/2014 11:58:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (04/06/2014 11:58:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (04/06/2014 11:25:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (04/06/2014 11:24:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (04/06/2014 11:24:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist möglicherweise nicht installiert.

Error: (04/06/2014 10:54:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig: Winmgmt. Dieser Dienst ist möglicherweise nicht installiert.


Microsoft Office Sessions:
=========================
Error: (04/06/2014 11:35:35 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/06/2014 10:53:10 PM) (Source: Application Error)(User: )
Description: HPWMISVC.exe3.0.1.05049996bHPWMISVC.exe3.0.1.05049996bc0000005000018ae74401cf51d9fef689a9C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe75d629e8-bdcd-11e3-beb8-38eaa7ef1836

Error: (04/06/2014 07:07:39 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/06/2014 06:32:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1735

Error: (04/06/2014 06:32:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1735

Error: (04/06/2014 06:32:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2014 06:27:50 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.16431126401cf51b470fecfeb4294967295C:\WINDOWS\syswow64\wwahost.exe648af239-bda8-11e3-beb7-38eaa7ef1836Microsoft.SkypeApp_2.4.0.1007_x86__kzf8qxf38zg5cApp

Error: (04/06/2014 04:41:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 250484

Error: (04/06/2014 04:41:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 250484

Error: (04/06/2014 04:41:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2013-11-15 19:52:13.254
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Definition Updates\{60FA0638-114E-4D37-B52E-4ABF42D22AB6}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-11-15 19:47:20.249
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8CF6CA9-5676-439A-A780-07F7B4E9115B}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-11-15 19:47:18.471
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Definition Updates\{1897646C-E23A-4E0D-B682-5BB82D4BB3BE}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Code:

ATTFilter

Farbar Service Scanner Version: 25-02-2014
Ran by *** (administrator) on 07-04-2014 at 01:08:53
Running from "C:\Users\***\Downloads"
Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2014-04-03 17:49] - [2014-01-29 10:47] - 2543960 ____A (Microsoft Corporation) ECC68BD5347BDE9631EE68274858A41F

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2014-04-03 17:52] - [2013-10-25 08:48] - 1571328 ____A (Microsoft Corporation) 8077537B1600AF493E7EE1A7A5C90799

C:\Program Files\Windows Defender\MsMpEng.exe
[2014-04-03 17:52] - [2013-10-31 02:29] - 0023824 ____A (Microsoft Corporation) 7CE5405B192AC912B9405F72386C7D4B

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

mort · 07.04.2014, 08:42

Du hast beim eigenen Handeln einen "winmgmt" gelöscht. Den müssen wir jetzt wieder herstellen.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\ProgramData\lci7lceb.fee
AlternateDataStreams: C:\Users\***\AppData\Local\8tEKFkcdps:hOgwxUUuZssaOnT2rqNQpEaPP

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Bitte lade dir Winmgmt.reg von Bleeping Computers runter und speichere sie auf dem Desktop. Starte diese Datei mit einem Doppelklick und bestätige folgendes Fenster mit Ja.

Wie läuft der Computer? Ist das Problem nun behoben?

derneuek · 07.04.2014, 09:50

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by *** at 2014-04-07 10:47:44 Run:1
Running from C:\Users\***\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\lci7lceb.fee
AlternateDataStreams: C:\Users\***\AppData\Local\8tEKFkcdps:hOgwxUUuZssaOnT2rqNQpEaPP
*****************

"C:\ProgramData\lci7lceb.fee" => File/Directory not found.
"C:\Users\***\AppData\Local\8tEKFkcdps" => ":hOgwxUUuZssaOnT2rqNQpEaPP" ADS not found.

==== End of Fixlog ====

habe diese datei heruntergeladen und ausgeführt. das problem bleibt aber weiterhin bestehen.

edit: nachden ich den pc neugestartet habe, scheint dieses problem behoben zu sein. danke vielmal!

ps: ist der computer nun vollständig clean?

mort · 07.04.2014, 12:10

Wir machen nur noch ein paar Kontrolscans.

Schritt 1

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

derneuek · 07.04.2014, 19:49

AdwCleaner

Code:

ATTFilter

# AdwCleaner v3.023 - Bericht erstellt am 07/04/2014 um 15:10:01
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : *** - ***
# Gestartet von : C:\Users\***\Desktop\adwcleaner (1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\iSafe
Ordner Gelöscht : C:\WINDOWS\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\Users\***\AppData\Roaming\iSafe

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [3519 octets] - [06/03/2014 01:14:03]
AdwCleaner[R1].txt - [1094 octets] - [07/04/2014 15:08:56]
AdwCleaner[S0].txt - [3544 octets] - [06/03/2014 01:15:07]
AdwCleaner[S1].txt - [1001 octets] - [07/04/2014 15:10:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1061 octets] ##########

Malwarebytes Anti-Malware

Code:

ATTFilter

www.malwarebytes.org

Suchlauf Datum: 07.04.2014
Suchlauf-Zeit: 16:23:54
Logdatei: malware.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.07.06
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: ***

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 335147
Verstrichene Zeit: 1 Std, 6 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2c9b529dcaf0bc49b257833ec33989df
# engine=17784
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-07 05:47:12
# local_time=2014-04-07 07:47:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=774 16777213 85 76 457349 507143 0 0
# compatibility_mode=5893 16776574 66 85 346147 14209129 0 0
# scanned=257092
# found=1
# cleaned=0
# scan_time=11236
sh=6A59627E461F417ABB8A7062587275958E0B6411 ft=1 fh=6e4c94e46a4bd284 vn="Win32/Adware.Lollipop.D application" ac=I fn="C:\Users\***\AppData\Local\Temp\Rar$EXa0.279\Project64_2.0.exe"

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by **** (administrator) on *** on 07-04-2014 20:51:02
Running from C:\Users\***\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\WINDOWS\system32\Hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(APN LLC.) C:\Users\***\AppData\Local\VNT\vntldr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.79\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-05-31] (Synaptics Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [195536 2014-02-13] (APN LLC.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-01] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-18] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-02-25] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1013122999-180954713-1586507485-1007\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-1013122999-180954713-1586507485-1007\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\S-1-5-21-1013122999-180954713-1586507485-1007\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/12
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/12
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/12
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {CFA3F676-E1CA-4D56-A58B-806E576D9243} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {CFA3F676-E1CA-4D56-A58B-806E576D9243} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {CFA3F676-E1CA-4D56-A58B-806E576D9243} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60

Chrome: 
=======
CHR HomePage: hxxp://mystart.incredibar.com/mb133?a=6R8qJopCuK&i=26
CHR Extension: (TransOver) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aggiiclaiamajehmlfpkjmlbadmkledi [2014-03-15]
CHR Extension: (Schalten Sie das Licht) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-03-15]
CHR Extension: (Tampermonkey) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-03-15]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-03-15]
CHR Extension: (AdBlock) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-15]
CHR Extension: (avast! Online Security) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-15]
CHR Extension: (Google Wallet) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-01] (AVAST Software)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-11] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-01] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-01] ()
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-31] (Synaptics Incorporated)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [204568 2013-08-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 16:35 - 2014-04-07 16:35 - 02347384 _____ (ESET) C:\Users\***\Downloads\esetsmartinstaller_enu.exe
2014-04-07 16:35 - 2014-04-07 16:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-07 15:15 - 2014-04-07 20:32 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 15:15 - 2014-04-07 15:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-07 15:15 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-07 15:15 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-07 15:14 - 2014-04-07 15:14 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-07 15:08 - 2014-04-07 15:08 - 01426178 _____ () C:\Users\***\Downloads\adwcleaner (1).exe
2014-04-07 10:46 - 2014-04-07 10:46 - 02157056 _____ (Farbar) C:\Users\***\Downloads\FRST64 (1).exe
2014-04-07 01:08 - 2014-04-07 01:09 - 00003288 _____ () C:\Users\***\Downloads\FSS.txt
2014-04-07 01:08 - 2014-04-07 01:08 - 00409600 _____ (Farbar) C:\Users\***\Downloads\FSS.exe
2014-04-07 00:47 - 2014-04-07 00:48 - 00034022 _____ () C:\Users\***\Downloads\Addition.txt
2014-04-07 00:46 - 2014-04-07 20:51 - 00017568 _____ () C:\Users\***\Downloads\FRST.txt
2014-04-07 00:46 - 2014-04-07 20:51 - 00000000 ____D () C:\FRST
2014-04-07 00:44 - 2014-04-07 00:44 - 02157056 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe
2014-04-07 00:01 - 2014-04-07 00:01 - 05195663 _____ (Swearware) C:\Users\***\Downloads\ComboFix.exe
2014-04-06 23:59 - 2014-04-06 23:59 - 00353101 _____ () C:\Users\***\Downloads\MicrosoftFixit20084.mini.diagcab
2014-04-03 19:53 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-04-03 19:53 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-04-03 18:22 - 2013-12-09 02:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-04-03 18:10 - 2014-01-08 03:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-04-03 18:10 - 2014-01-08 03:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-04-03 18:10 - 2014-01-08 03:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-04-03 18:10 - 2014-01-04 17:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-04-03 18:10 - 2014-01-04 17:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-04-03 18:10 - 2014-01-04 16:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-04-03 18:10 - 2014-01-04 15:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-04-03 18:10 - 2014-01-03 01:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-04-03 18:10 - 2014-01-03 01:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-04-03 18:10 - 2014-01-01 03:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-04-03 18:10 - 2014-01-01 03:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-04-03 18:10 - 2014-01-01 02:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-04-03 18:10 - 2014-01-01 02:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-04-03 18:10 - 2014-01-01 01:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-04-03 18:10 - 2014-01-01 01:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-04-03 18:10 - 2014-01-01 01:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-04-03 18:10 - 2013-12-31 01:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-04-03 18:10 - 2013-12-31 01:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-04-03 18:10 - 2013-12-31 01:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-04-03 18:10 - 2013-12-31 01:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-04-03 18:10 - 2013-12-31 01:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-04-03 18:10 - 2013-12-27 17:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-04-03 18:10 - 2013-12-27 10:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-04-03 18:10 - 2013-12-27 10:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-04-03 18:10 - 2013-12-27 10:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-04-03 18:10 - 2013-12-27 09:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-04-03 18:10 - 2013-12-27 09:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-04-03 18:10 - 2013-12-27 08:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-04-03 18:10 - 2013-12-21 09:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-04-03 18:10 - 2013-12-17 09:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-04-03 18:10 - 2013-12-14 08:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-04-03 18:10 - 2013-12-14 08:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-04-03 18:10 - 2013-12-13 12:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-04-03 18:10 - 2013-12-13 08:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-04-03 18:10 - 2013-12-13 07:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-04-03 18:10 - 2013-12-09 10:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-04-03 18:10 - 2013-12-09 06:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-04-03 18:10 - 2013-11-27 17:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-04-03 18:10 - 2013-11-27 15:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-04-03 18:10 - 2013-11-27 10:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-04-03 18:10 - 2013-11-26 15:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-04-03 18:10 - 2013-11-23 05:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-04-03 18:09 - 2013-12-09 02:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-04-03 18:09 - 2013-12-09 02:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-04-03 18:09 - 2013-12-09 02:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-04-03 18:09 - 2013-12-09 01:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-04-03 18:09 - 2013-11-27 17:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-04-03 18:09 - 2013-11-27 16:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-04-03 18:09 - 2013-11-27 14:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-04-03 18:09 - 2013-11-27 12:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-04-03 18:09 - 2013-11-27 11:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-04-03 18:09 - 2013-11-27 11:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-04-03 18:09 - 2013-11-27 11:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-04-03 18:09 - 2013-11-27 11:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-04-03 18:09 - 2013-11-27 10:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-04-03 18:09 - 2013-11-26 15:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-04-03 18:09 - 2013-11-26 13:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-04-03 18:09 - 2013-11-25 03:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-04-03 18:09 - 2013-11-25 03:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-04-03 18:09 - 2013-11-25 01:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-04-03 18:09 - 2013-11-25 01:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-04-03 18:09 - 2013-11-23 14:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-04-03 18:09 - 2013-11-23 09:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-04-03 18:09 - 2013-11-23 09:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-04-03 18:09 - 2013-11-23 09:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-04-03 18:09 - 2013-11-23 06:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-04-03 18:09 - 2013-11-23 05:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-04-03 18:09 - 2013-11-21 08:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-04-03 18:09 - 2013-11-21 08:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-04-03 18:09 - 2013-11-15 16:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-04-03 18:09 - 2013-11-15 16:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-04-03 18:09 - 2013-11-15 16:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-04-03 18:09 - 2013-11-15 15:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-04-03 18:09 - 2013-10-31 02:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-04-03 18:09 - 2013-10-31 01:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-04-03 18:09 - 2013-10-19 10:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-04-03 18:09 - 2013-10-19 09:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-04-03 17:53 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-03 17:53 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-04-03 17:53 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-04-03 17:53 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-04-03 17:53 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-04-03 17:53 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-04-03 17:53 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-04-03 17:53 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-04-03 17:53 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-04-03 17:53 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-04-03 17:53 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-04-03 17:53 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-04-03 17:53 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-04-03 17:53 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-04-03 17:53 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-04-03 17:53 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-04-03 17:53 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-04-03 17:53 - 2014-02-06 13:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-03 17:53 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-04-03 17:53 - 2014-02-06 13:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-04-03 17:53 - 2014-02-06 13:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-04-03 17:53 - 2014-02-06 12:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-04-03 17:53 - 2014-02-06 12:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-04-03 17:53 - 2014-02-06 12:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-04-03 17:53 - 2014-02-06 12:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-04-03 17:53 - 2014-02-06 12:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-04-03 17:53 - 2014-02-06 12:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-03 17:53 - 2014-02-06 12:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-04-03 17:53 - 2014-02-06 12:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-04-03 17:53 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-04-03 17:53 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-04-03 17:53 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-04-03 17:53 - 2014-02-06 11:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-04-03 17:53 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-04-03 17:53 - 2014-02-06 11:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-04-03 17:53 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-04-03 17:53 - 2014-02-06 11:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-04-03 17:53 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-04-03 17:53 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-04-03 17:53 - 2013-12-09 02:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-04-03 17:53 - 2013-12-09 01:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-04-03 17:52 - 2014-01-07 07:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-04-03 17:52 - 2014-01-07 06:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-04-03 17:52 - 2013-11-27 17:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-04-03 17:52 - 2013-11-27 13:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-04-03 17:52 - 2013-11-27 10:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-03 17:52 - 2013-11-27 10:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-03 17:52 - 2013-11-27 10:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-04-03 17:52 - 2013-11-27 10:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-04-03 17:52 - 2013-11-21 08:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-04-03 17:52 - 2013-11-21 07:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-04-03 17:52 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-04-03 17:52 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-04-03 17:52 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-04-03 17:49 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-04-03 17:49 - 2014-01-31 18:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-04-03 17:49 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-04-03 17:49 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-04-03 17:49 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-04-03 17:49 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-04-03 17:49 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-04-03 17:49 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-04-03 17:49 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-04-03 17:49 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-04-03 17:49 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-04-03 17:49 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-04-03 17:49 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-04-03 17:49 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-04-03 17:49 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-04-03 17:49 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-04-03 17:49 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-04-03 17:49 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-04-03 17:49 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-04-03 17:49 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-04-03 17:49 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-04-03 17:49 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-04-03 17:49 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-04-03 17:49 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-04-03 17:49 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-04-03 17:49 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-04-03 17:49 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-04-03 17:49 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-04-03 17:49 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-04-03 17:49 - 2014-01-27 13:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-04-03 17:49 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-04-03 17:49 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-04-03 17:49 - 2014-01-07 09:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-04-03 17:49 - 2014-01-07 07:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-04-03 17:49 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-04-03 17:49 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-04-03 17:49 - 2013-12-09 04:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-04-03 17:49 - 2013-12-09 03:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-04-03 17:48 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-04-03 17:48 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-04-03 17:48 - 2014-01-09 10:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-04-03 17:48 - 2014-01-09 09:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-04-03 17:48 - 2014-01-09 09:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-04-03 17:48 - 2014-01-09 09:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-04-03 17:48 - 2014-01-09 09:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-04-03 17:48 - 2014-01-09 09:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-04-03 17:48 - 2014-01-09 09:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-04-03 17:48 - 2014-01-09 09:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-04-03 17:48 - 2014-01-09 09:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-04-03 17:48 - 2014-01-09 09:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-04-03 17:46 - 2013-12-20 12:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-04-03 17:46 - 2013-12-20 08:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-04-03 17:46 - 2013-11-23 06:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-04-03 17:46 - 2013-11-23 06:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-04-03 17:45 - 2014-01-04 22:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-04-03 17:45 - 2014-01-04 21:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-04-03 17:45 - 2014-01-04 16:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-04-03 17:45 - 2014-01-04 16:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-04-03 17:45 - 2014-01-04 15:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-04-03 17:45 - 2014-01-04 15:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-04-03 17:45 - 2014-01-04 15:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-04-03 17:45 - 2014-01-04 15:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-04-03 17:45 - 2013-12-21 04:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-04-03 17:45 - 2013-12-21 04:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-04-02 20:06 - 2014-04-03 18:30 - 00001070 _____ () C:\WINDOWS\setupact.log
2014-04-02 20:06 - 2014-04-02 20:06 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-02 12:44 - 2014-04-06 22:51 - 00008914 _____ () C:\WINDOWS\PFRO.log
2014-04-01 22:55 - 2014-04-01 22:55 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-03-30 19:58 - 2014-03-30 19:58 - 00000000 ____D () C:\Users\***\AppData\Roaming\LolClient
2014-03-30 19:03 - 2014-03-30 19:03 - 00001625 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-03-30 19:03 - 2014-03-30 19:03 - 00000000 ____D () C:\Riot Games
2014-03-30 19:03 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2014-03-30 19:03 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2014-03-30 19:03 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2014-03-30 19:01 - 2014-04-07 20:51 - 00000000 ____D () C:\Users\***\AppData\Local\PMB Files
2014-03-30 19:01 - 2014-04-07 19:35 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-30 19:01 - 2014-03-30 19:01 - 34888568 _____ (Riot Games) C:\Users\***\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-03-30 19:01 - 2014-03-30 19:01 - 00000000 ____D () C:\Users\***\AppData\Roaming\Riot Games
2014-03-30 19:01 - 2014-03-30 19:01 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-03-26 12:21 - 2014-03-26 12:21 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-26 12:21 - 2012-08-21 14:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-03-26 12:20 - 2014-03-26 12:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-26 12:20 - 2014-03-26 12:21 - 00000000 ____D () C:\Program Files\iTunes
2014-03-26 12:20 - 2014-03-26 12:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-26 12:20 - 2014-03-26 12:20 - 00000000 ____D () C:\Program Files\iPod
2014-03-22 19:59 - 2014-03-22 19:59 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-03-22 19:53 - 2014-03-22 19:53 - 00046387 _____ () C:\WINDOWS\DirectX.log
2014-03-22 19:53 - 2005-05-26 16:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2014-03-22 19:53 - 2005-05-26 16:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2014-03-22 19:53 - 2005-03-18 18:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2014-03-22 19:53 - 2005-03-18 18:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2014-03-15 00:58 - 2014-04-07 20:49 - 02096052 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-11 00:54 - 2014-03-11 00:54 - 44617980 _____ () C:\Users\***\Downloads\fourhour.zip

==================== One Month Modified Files and Folders =======

2014-04-07 20:51 - 2014-04-07 00:46 - 00017568 _____ () C:\Users\***\Downloads\FRST.txt
2014-04-07 20:51 - 2014-04-07 00:46 - 00000000 ____D () C:\FRST
2014-04-07 20:51 - 2014-03-30 19:01 - 00000000 ____D () C:\Users\***\AppData\Local\PMB Files
2014-04-07 20:49 - 2014-03-15 00:58 - 02096052 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-07 20:32 - 2014-04-07 15:15 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 20:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-07 20:02 - 2013-03-26 13:28 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 19:35 - 2014-03-30 19:01 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-07 19:18 - 2013-09-30 06:14 - 01984420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-07 19:18 - 2013-09-30 05:56 - 00843606 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-07 19:18 - 2013-09-30 05:56 - 00192300 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-07 16:55 - 2013-11-11 23:24 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B93E54A1-50BD-4D7B-9620-893AC0F32B8D}
2014-04-07 16:35 - 2014-04-07 16:35 - 02347384 _____ (ESET) C:\Users\***\Downloads\esetsmartinstaller_enu.exe
2014-04-07 16:35 - 2014-04-07 16:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-07 16:24 - 2013-04-27 20:59 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1013122999-180954713-1586507485-1007
2014-04-07 16:02 - 2013-03-26 13:28 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 15:16 - 2014-04-07 15:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-07 15:16 - 2014-03-05 23:51 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-07 15:15 - 2014-03-05 23:51 - 00000000 ____D () C:\Users\***\AppData\Roaming\Malwarebytes
2014-04-07 15:15 - 2014-03-05 23:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 15:15 - 2014-03-05 23:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-07 15:14 - 2014-04-07 15:14 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-07 15:13 - 2013-06-17 19:46 - 00000000 ____D () C:\Users\***\Documents\Youcam
2014-04-07 15:12 - 2013-11-11 23:19 - 00000000 __RDO () C:\Users\***\SkyDrive
2014-04-07 15:12 - 2013-07-31 09:43 - 00000000 ___RD () C:\Users\***\Dropbox
2014-04-07 15:12 - 2013-07-31 09:38 - 00000000 ____D () C:\Users\***\AppData\Roaming\Dropbox
2014-04-07 15:11 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-07 15:10 - 2014-03-06 01:13 - 00000000 ____D () C:\AdwCleaner
2014-04-07 15:10 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-07 15:08 - 2014-04-07 15:08 - 01426178 _____ () C:\Users\***\Downloads\adwcleaner (1).exe
2014-04-07 10:46 - 2014-04-07 10:46 - 02157056 _____ (Farbar) C:\Users\***\Downloads\FRST64 (1).exe
2014-04-07 01:09 - 2014-04-07 01:08 - 00003288 _____ () C:\Users\***\Downloads\FSS.txt
2014-04-07 01:08 - 2014-04-07 01:08 - 00409600 _____ (Farbar) C:\Users\***\Downloads\FSS.exe
2014-04-07 00:48 - 2014-04-07 00:47 - 00034022 _____ () C:\Users\***\Downloads\Addition.txt
2014-04-07 00:44 - 2014-04-07 00:44 - 02157056 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe
2014-04-07 00:01 - 2014-04-07 00:01 - 05195663 _____ (Swearware) C:\Users\***\Downloads\ComboFix.exe
2014-04-06 23:59 - 2014-04-06 23:59 - 00353101 _____ () C:\Users\***\Downloads\MicrosoftFixit20084.mini.diagcab
2014-04-06 22:51 - 2014-04-02 12:44 - 00008914 _____ () C:\WINDOWS\PFRO.log
2014-04-06 21:37 - 2013-11-11 22:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-06 21:35 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-04-06 21:35 - 2013-03-28 09:37 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-05 22:23 - 2013-08-12 20:46 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFor***
2014-04-05 22:23 - 2013-08-12 20:46 - 00000352 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFor***.job
2014-04-05 16:36 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-04-04 23:10 - 2013-07-23 17:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-04 23:10 - 2012-07-26 07:26 - 00000167 _____ () C:\WINDOWS\win.ini
2014-04-04 13:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-03 20:28 - 2013-08-22 16:44 - 00490680 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-03 19:48 - 2013-04-27 20:51 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-03 19:48 - 2013-04-27 20:51 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-03 19:39 - 2013-11-20 16:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-03 19:39 - 2013-11-20 16:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-03 19:38 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-03 19:38 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-03 19:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-04-03 19:38 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-03 19:38 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-03 19:37 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-04-03 19:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-04-03 19:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-04-03 19:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-04-03 19:37 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-04-03 19:37 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-04-03 18:31 - 2013-05-06 22:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-03 18:31 - 2013-04-24 14:50 - 00000000 ____D () C:\ProgramData\Skype
2014-04-03 18:30 - 2014-04-02 20:06 - 00001070 _____ () C:\WINDOWS\setupact.log
2014-04-03 18:25 - 2012-12-28 20:05 - 00005639 _____ () C:\WINDOWS\system32\RaCoInst.log
2014-04-03 17:56 - 2013-12-17 00:56 - 00000000 ____D () C:\Users\***\Desktop\Krafttraining
2014-04-03 17:55 - 2014-03-05 14:28 - 00001433 _____ () C:\Users\***\Desktop\South Park - The Stick of Truth.lnk
2014-04-03 17:51 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-03 17:51 - 2013-07-23 17:29 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-04-03 17:48 - 2013-11-11 22:40 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-04-03 17:48 - 2013-09-30 05:59 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-04-03 17:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-03 17:41 - 2013-05-06 19:06 - 00000000 ____D () C:\Users\***\Desktop\Schule
2014-04-03 09:51 - 2014-04-07 15:15 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-07 15:15 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-03-05 23:51 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-02 20:08 - 2014-02-07 01:33 - 00000000 ____D () C:\Users\***\Desktop\Neuer Ordner
2014-04-02 20:06 - 2014-04-02 20:06 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-02 12:44 - 2013-04-27 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 22:55 - 2014-04-01 22:55 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-04-01 22:55 - 2014-01-20 20:25 - 00084816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-04-01 22:55 - 2013-10-22 17:43 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-04-01 22:55 - 2013-05-27 17:28 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-04-01 22:55 - 2013-05-27 17:28 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-04-01 22:55 - 2013-05-27 17:28 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-04-01 22:55 - 2013-05-27 17:28 - 00208928 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-04-01 22:55 - 2013-05-27 17:28 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-04-01 22:55 - 2013-05-27 17:28 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-04-01 22:55 - 2013-05-27 17:28 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-04-01 01:01 - 2013-05-16 17:47 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc
2014-03-30 19:58 - 2014-03-30 19:58 - 00000000 ____D () C:\Users\***\AppData\Roaming\LolClient
2014-03-30 19:03 - 2014-03-30 19:03 - 00001625 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-03-30 19:03 - 2014-03-30 19:03 - 00000000 ____D () C:\Riot Games
2014-03-30 19:01 - 2014-03-30 19:01 - 34888568 _____ (Riot Games) C:\Users\***\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-03-30 19:01 - 2014-03-30 19:01 - 00000000 ____D () C:\Users\***\AppData\Roaming\Riot Games
2014-03-30 19:01 - 2014-03-30 19:01 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-03-28 16:57 - 2013-03-26 13:28 - 00004114 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 16:57 - 2013-03-26 13:28 - 00003878 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-26 12:22 - 2013-10-18 22:55 - 00000000 ____D () C:\Users\***\AppData\Local\Apple Computer
2014-03-26 12:22 - 2013-05-16 11:49 - 00000000 ____D () C:\Users\***\AppData\Roaming\Apple Computer
2014-03-26 12:21 - 2014-03-26 12:21 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-26 12:21 - 2014-03-26 12:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-26 12:21 - 2014-03-26 12:20 - 00000000 ____D () C:\Program Files\iTunes
2014-03-26 12:21 - 2014-03-26 12:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-26 12:20 - 2014-03-26 12:20 - 00000000 ____D () C:\Program Files\iPod
2014-03-26 12:20 - 2013-05-29 20:22 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-23 21:42 - 2013-05-18 10:14 - 00320512 ___SH () C:\Users\***\Desktop\Thumbs.db
2014-03-22 19:59 - 2014-03-22 19:59 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-03-22 19:59 - 2013-04-27 22:01 - 00000000 ____D () C:\Users\***\Documents\My Games
2014-03-22 19:57 - 2012-11-03 21:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-22 19:53 - 2014-03-22 19:53 - 00046387 _____ () C:\WINDOWS\DirectX.log
2014-03-22 19:45 - 2014-03-22 19:16 - 00000000 ____D () C:\Users\***\Downloads\AGE OF EMPIRES III + SERIAL
2014-03-20 23:14 - 2013-04-27 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 21:19 - 2013-07-25 17:22 - 00000000 ____D () C:\Users\***\Downloads\Microsoft.office 2010
2014-03-19 21:18 - 2013-06-29 15:20 - 00796672 ___SH () C:\Users\***\Downloads\Thumbs.db
2014-03-11 00:54 - 2014-03-11 00:54 - 44617980 _____ () C:\Users\***\Downloads\fourhour.zip
2014-03-08 02:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\i4jdel0.exe
C:\Users\***\AppData\Local\Temp\Quarantine.exe
C:\Users\***\AppData\Local\Temp\swt-win32-3349.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-04-03 17:49] - [2014-01-31 18:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-04-07 16:24

==================== End Of Log ============================

--- --- ---

mort · 08.04.2014, 08:53

Wenn es keine Probleme mehr gibt, dann wären wir fertig.

Updates

Klicke nun auf den Windowsbutton in der Taskleiste und dort auf "Systemsteuerung". Wenn du dort bist, gehe auf "Programme deinstallieren" unter "Programme". Deinstalliere hier alle alten Java-Versionen.

Falls du Java brauchst kannst du es wieder herunter laden:

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version (Java 7 Update 51) herunter laden.
Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.

Wenn du zufrieden bist, kannst du mir hier gerne danken.

Ich sehe in deinen Logs nichts gefährliches mehr.

Cleanup

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Tipps

Welches Antiviren-Programm soll ich nehmen?

Es gibt kein Antiviren-Programm, dass alle Schädlinge findet. Du kannst dich nicht 100%-ig auf das Programm verlassen, es hängt immer noch von deinem Verhalten ab. Mit dem richtigen Verhalten schützt du dich am besten davor, dass du überhaupt infiziert wirst.

Klicke nicht auf alles blinkende oder das dich auffordert etwas herunterzuladen.
Lasse die Finger weg von illegalen Programmen. Sie sind der Hauptgrund für infizierte Computer.
Öffne Email-Anhänge nur von bekannten Absendern.
Halte Java, Adobe Flash Player und andere Programme immer aktuell.

Nutze immer nur ein Antiviren Programm, da mehrere sich gegenseitig blockieren werden und es somit mehr schadet, als es nutzt. Falls du mehr als einen installiert hast, entscheide dich für einen von denen und deinstalliere die anderen. Halte außerdem dein Antiviren-Programm immer aktuell, denn durch eine veraltete Datenbank kann das das Programm die neuen Infektionen nicht finden.

Als gutes und kostenloses Antivieren Programm empfehle ich dir avast! free antivirus.
Alternativ kannst du auch Microsoft Security Essentials nutzen.
Wenn es auch etwas kosten darf, empfehle ich dir Emsisoft Anti-Malware.

Du kannst auch regelmäßig einen On-Demand Scanner laufen lassen um dir eine zweite Meinung zu holen. Ein On-Demand Scanner läuft im Gegensatz zu einem normalem Antiviren-Programm nicht ständig mit sondern nur wenn du ihm sagst, dass er das System scannen soll.

Malwarebytes Anti-Malware
ESET Online Scanner
Falls ESET Bedrohungen findet, erstelle hier einen neuen Thread und Poste uns das Log von ESET.

Was sollte ich vor dem Runterladen beachten?

Lade dir Programme direkt vom Hersteller runter. Bei Programmen aus einer anderen Quelle wie Softonic und anderen Seiten die dir einen Downloader anbieten, werden unerwünschte Toolbars und anderer Müll mit installiert. Führe außerdem immer eine benutzerdefinierte Installation durch und entferne die Haken optionalen Programmen.
Lass die Finger von Registry-Cleanern. Sie versprechen dir eine große Beschleunigung deines Systems obwohl das entfernen von verwaisten Registry-Schlüsseln nur wenig Perfomancegewinng bringt, wenn überhaupt etwas. Falls das Programm aber mal etwas wichtiges löscht, kannst du damit die Registry zerstören. Zerstörst du die Registry, zerstörst du Windows!

Sonstige Tipps

Halte dein System und die Programme darauf immer aktuell. Alte Software enthält Sicherheitslücken, die dein System angreifbar machen.
Nutze mehrere Passwörter. Falls jemand das Passwort eines Accounts von dir herausfindet hätte er Zugriff auf alle anderen Accounts.
Öffne keine Emails von dir unbekannten Absendern. Diese Emails sind meistens Spammails die dich unter anderem auch dazu bringen wollen bestimmt Seiten zu besuchen oder Dateien bzw. Anhänge herunterzuladen.
Achte auf die Dateiendung. In den Anhängen von Spammails wird gerne der Trick genutzt, ausführbare Dateien als harmlose Datei darzustellen, in dem sie eine Datei z.B. Rechnung.pdf.exe nennen. (Dateiendungen anzeigen lassen)
Deaktiviere die Autorun Funktion. Damit kann Malware sich automatisch von einem USB-Stick starten, wenn man einen infizierten USB-Stick einsteckt hat. (Autorun deaktivieren)

Wenn du das Trojaner-Board unterstützten willst, kannst du gerne Spenden.
Ich wünsche dir noch eine schöne Zeit.

Windows 8: "Der Windows-Sicheheitsdienst konnte nicht gestartet werden."

Plagegeister aller Art und deren Bekämpfung: Windows 8: "Der Windows-Sicheheitsdienst konnte nicht gestartet werden."