|
Plagegeister aller Art und deren Bekämpfung: PUP.Optional.OpenCandy gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.02.2014, 09:21 | #1 |
| PUP.Optional.OpenCandy gefunden Hallo, malewarebytes hat PUP.Optional.OpenCandy gefunden (Kategorie Folder, File). Wie sollte ich am besten vorgehen? malewarebytes schlägt mir bspw. vor "entferne Auswahl". Anbei das log File. Als Antivirenprogramm habe ich avast im Einsatz was aber nichts erkannt hat. Beste Grüße und vielen Dank schon mal im voraus! Oliver |
05.02.2014, 09:29 | #2 |
/// the machine /// TB-Ausbilder | PUP.Optional.OpenCandy gefunden Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
06.02.2014, 09:03 | #3 |
| PUP.Optional.OpenCandy gefunden FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014 Ran by oh (administrator) on XMV on 05-02-2014 09:35:15 Running from C:\Users\oh\Downloads Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe ( ) C:\Windows\System32\lxeccoms.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Connectify) C:\Program Files\Connectify\ConnectifyService.exe (Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Connectify) C:\Program Files\Connectify\Connectifyd.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Alcor Micro Corp.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe () C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe () C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe (Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Connectify) C:\Program Files\Connectify\DispatchUI.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Connectify) C:\Program Files\Connectify\Connectify.exe (Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Dropbox, Inc.) C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AVM Berlin) C:\Users\oh\AppData\Local\Apps\2.0\M5XZ7ERZ.PXA\3ARY5QEL.W1V\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [496184 2012-11-18] (Conexant Systems, Inc.) HKLM\...\Run: [AmIcoSinglun] - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [233472 2012-11-18] (Alcor Micro Corp.) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [492952 2010-12-03] (Acer Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [lxecmon.exe] - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe [770728 2011-01-23] () HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe [148280 2011-01-23] () HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [6049096 2012-08-23] (Acronis) HKLM\...\Run: [AcronisTibMounterMonitor] - C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [943856 2012-07-24] (Acronis) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [403888 2012-08-23] (Acronis) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13834856 2010-05-20] (NVIDIA Corporation) HKLM\...\Run: [Lexmark Pro800-Pro900 Series Fax Server] - C:\Program Files\Lexmark Pro800-Pro900 Series\fm3032.exe [316072 2009-10-01] () HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [Connectify Dispatch] - C:\Program Files\Connectify\DispatchUI.exe [1685280 2013-12-23] (Connectify) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-27] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Connectify Hotspot] - C:\Program Files\Connectify\Connectify.exe [3755296 2013-12-23] (Connectify) HKLM\...\Run: [MobileBroadband] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-02-05] (Vodafone) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [AnyDVD] - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [93096 2014-01-16] (SlySoft, Inc.) HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [AVMUSBFernanschluss] - C:\Users\oh\AppData\Local\Apps\2.0\M5XZ7ERZ.PXA\3ARY5QEL.W1V\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-01-16] (AVM Berlin) HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_43_Plugin.exe [840072 2014-01-30] (Adobe Systems Incorporated) HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: F - F:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {018caeb7-7886-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {018cb196-7886-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {018cb2b6-7886-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {1f449296-4069-11e2-976d-60eb698d14b8} - Autoplay.exe -auto HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {276fa41a-6be1-11e2-96fb-001e101f299e} - F:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {2a73de53-84c7-11e2-a0fe-001e101f9e5e} - F:\setup.exe HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {5fbd6d6c-63d4-11e2-a3fd-18f46a77934b} - F:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {5fbd6e32-63d4-11e2-a3fd-60eb698d14b8} - F:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {8cc37f36-31b5-11e2-aeac-edee0ccccdeb} - "G:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {9e68451a-77c3-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {ca20d0c5-dda1-11e2-9c31-60eb698d14b8} - F:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess? Startup: C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC35F2E11422CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.24.dll No File Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.250.40 Tcpip\..\Interfaces\{22DF3645-8170-4D31-9946-DD1134FA13FC}: [NameServer]139.7.30.125,139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\oh\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Firefox OS Simulator - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\r2d2b2g@mozilla.org [2013-07-14] FF Extension: FireShot - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-01-29] FF Extension: ColorZilla - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012-11-18] FF Extension: Page Speed - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2013-12-02] FF Extension: Firebug - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\firebug@software.joehewitt.com.xpi [2012-11-18] FF Extension: HttpFox - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2013-02-18] FF Extension: MeasureIt - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012-11-18] FF Extension: Web Developer - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-11-18] FF Extension: DownThemAll! - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-11-28] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-29] Chrome: ======= CHR HomePage: CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll No File CHR Extension: (Google Wallet) - C:\Users\oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] ========================== Services (Whitelisted) ================= R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [813576 2012-08-23] (Acronis) R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3729400 2012-11-20] (Acronis) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-27] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-27] (AVAST Software) R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [487936 2013-12-23] (Connectify) R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [701824 2010-12-03] (Acer Incorporated) S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe [193192 2010-04-14] (Lexmark International, Inc.) R2 lxec_device; C:\Windows\system32\lxeccoms.exe [598696 2010-04-14] ( ) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [129536 2012-04-06] (Samsung Electronics) R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7027752 2012-08-18] (Acronis) R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-02-05] (Vodafone) ==================== Drivers (Whitelisted) ==================== S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [25600 2012-11-18] (Alcor Micro, Corp.) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [120616 2013-11-26] (SlySoft, Inc.) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2013-10-22] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-27] (AVAST Software) R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [265072 2014-01-27] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-10-22] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-10-22] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-27] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-01-27] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-01-27] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-02] () R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-12-13] (AVM Berlin) R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [29672 2013-09-27] (Connectify) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [29232 2012-11-18] (EgisTec) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2013-01-30] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-01-30] (Huawei Technologies Co., Ltd.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [203264 2013-01-30] (Huawei Technologies Co., Ltd.) S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-05] (Malwarebytes Corporation) R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [806184 2012-11-20] (Acronis) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [689672 2012-11-20] (Acronis) S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv.sys [13824 2013-01-05] (Scott) R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [139336 2012-11-20] (Acronis) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [99720 2012-11-20] (Acronis) S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-05 09:35 - 2014-02-05 09:35 - 00022047 _____ () C:\Users\oh\Downloads\FRST.txt 2014-02-05 09:33 - 2014-02-05 09:35 - 00000000 ____D () C:\FRST 2014-02-05 09:32 - 2014-02-05 09:32 - 01137152 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe 2014-02-05 08:52 - 2014-02-05 08:52 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-02-05 08:06 - 2014-02-05 08:08 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420(1).exe 2014-02-04 17:51 - 2014-02-04 17:55 - 00000000 ____D () C:\Users\oh\Desktop\MNT_STAGE_REGIO 2014-02-04 17:51 - 2014-02-04 17:51 - 02034308 ____N () C:\Users\oh\Desktop\MNT_STAGE_REGIO.zip 2014-02-01 20:34 - 2014-02-01 20:34 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420.exe 2014-02-01 00:25 - 2014-02-01 00:25 - 02418886 _____ () C:\Users\oh\Downloads\shutterstock_173367836.eps 2014-01-31 23:58 - 2014-01-31 23:58 - 00706815 _____ () C:\Users\oh\Downloads\shutterstock_173313854.eps 2014-01-31 23:47 - 2014-01-31 23:47 - 00309014 _____ () C:\Users\oh\Downloads\shutterstock_173929187.eps 2014-01-28 16:44 - 2014-01-28 16:47 - 00000000 ____D () C:\Users\oh\Desktop\VBG 2014-01-27 13:21 - 2014-01-27 13:21 - 01069512 _____ (Solid State Networks) C:\Users\oh\Downloads\install_flashplayer12x32au_mssd_aaa_aih.exe 2014-01-27 08:08 - 2014-01-27 08:08 - 00000000 ____D () C:\Users\oh\Desktop\Whiteboard Animation 2014-01-24 10:26 - 2014-01-24 10:26 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-01-24 10:25 - 2014-01-24 10:26 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-01-24 10:25 - 2014-01-24 10:26 - 00000000 ____D () C:\Program Files\iTunes 2014-01-24 10:25 - 2014-01-24 10:25 - 00000000 ____D () C:\Program Files\iPod 2014-01-24 10:18 - 2014-01-24 10:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf 2014-01-21 08:15 - 2014-01-21 08:32 - 00000139 _____ () C:\Users\oh\Downloads\domainliste.csv 2014-01-20 10:24 - 2014-01-20 10:24 - 31804272 _____ () C:\Users\oh\Desktop\D-GWS-Grafiken.psd 2014-01-20 08:16 - 2014-01-20 08:16 - 00000000 ____D () C:\Users\oh\AppData\Roaming\TuneUp Software 2014-01-20 08:14 - 2014-01-20 08:17 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-01-20 08:14 - 2014-01-20 08:14 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-20 08:09 - 2014-01-20 08:10 - 00000000 ____D () C:\Users\oh\Documents\Freemake 2014-01-20 08:09 - 2014-01-20 08:10 - 00000000 ____D () C:\ProgramData\Freemake 2014-01-20 08:09 - 2014-01-20 08:09 - 00001278 _____ () C:\Users\Public\Desktop\Freemake Audio Converter.lnk 2014-01-20 08:09 - 2014-01-20 08:09 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-01-20 08:08 - 2014-01-20 08:09 - 00000000 ____D () C:\Program Files\Freemake 2014-01-20 08:08 - 2014-01-20 08:08 - 00000000 ____D () C:\Users\oh\AppData\Roaming\OpenCandy 2014-01-20 08:06 - 2014-01-20 08:06 - 01300416 _____ (Ellora Assets Corporation ) C:\Users\oh\Downloads\FreemakeAudioConverterSetup.exe 2014-01-20 08:03 - 2014-01-20 08:03 - 00051134 _____ () C:\Users\oh\Desktop\aufnahme4.m4a 2014-01-19 21:09 - 2014-01-19 21:09 - 00001184 _____ () C:\Users\Public\Desktop\VideoScribe Desktop.lnk 2014-01-19 21:09 - 2014-01-19 21:09 - 00000000 ____D () C:\Program Files\Sparkol 2014-01-19 20:58 - 2014-01-19 21:00 - 27679232 _____ () C:\Users\oh\Downloads\VideoScribe.msi 2014-01-15 13:56 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 13:56 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 13:56 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 13:56 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 13:56 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 13:56 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 13:56 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 13:56 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 13:56 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-14 21:56 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-01-14 21:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-14 21:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-14 21:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-14 21:55 - 2014-01-14 21:56 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-08 19:02 - 2014-01-08 19:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf 2014-01-08 18:58 - 2014-01-08 18:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf 2014-01-08 18:57 - 2013-01-30 11:26 - 00203264 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys 2014-01-08 18:57 - 2013-01-30 11:26 - 00102784 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys 2014-01-08 18:57 - 2013-01-30 11:26 - 00096000 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys 2014-01-08 18:57 - 2013-01-30 11:26 - 00027520 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys 2014-01-08 18:57 - 2013-01-30 11:26 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys 2014-01-08 18:56 - 2014-01-08 18:56 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2014-01-08 18:56 - 2014-01-08 18:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2014-01-08 18:56 - 2013-01-30 11:26 - 00076544 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys 2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations 2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\ProgramData\Macrovision 2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Program Files\Vodafone 2014-01-08 17:11 - 2014-01-08 17:11 - 00000000 ____D () C:\Users\oh\Desktop\Neuer Ordner 2014-01-08 10:50 - 2014-01-08 10:50 - 00001122 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk 2014-01-08 10:33 - 2014-01-08 10:33 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller(5).exe 2014-01-08 07:51 - 2014-02-05 08:41 - 00110040 _____ () C:\ProgramData\lxec.log 2014-01-06 19:25 - 2014-01-06 19:25 - 10582632 _____ () C:\Users\oh\Downloads\SetupAnyDVD7400.exe 2014-01-06 19:25 - 2014-01-06 19:25 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller(4).exe ==================== One Month Modified Files and Folders ======= 2014-02-05 09:35 - 2014-02-05 09:35 - 00022047 _____ () C:\Users\oh\Downloads\FRST.txt 2014-02-05 09:35 - 2014-02-05 09:33 - 00000000 ____D () C:\FRST 2014-02-05 09:33 - 2012-11-18 20:23 - 01561583 _____ () C:\Windows\WindowsUpdate.log 2014-02-05 09:32 - 2014-02-05 09:32 - 01137152 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe 2014-02-05 09:15 - 2013-09-04 10:38 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Dropbox 2014-02-05 08:52 - 2014-02-05 08:52 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-02-05 08:50 - 2012-11-18 21:30 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-05 08:41 - 2014-01-08 07:51 - 00110040 _____ () C:\ProgramData\lxec.log 2014-02-05 08:41 - 2009-07-14 05:39 - 00395396 _____ () C:\Windows\setupact.log 2014-02-05 08:08 - 2014-02-05 08:06 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420(1).exe 2014-02-04 17:55 - 2014-02-04 17:51 - 00000000 ____D () C:\Users\oh\Desktop\MNT_STAGE_REGIO 2014-02-04 17:51 - 2014-02-04 17:51 - 02034308 ____N () C:\Users\oh\Desktop\MNT_STAGE_REGIO.zip 2014-02-04 10:17 - 2012-11-20 11:53 - 00029758 _____ () C:\ProgramData\lxecscan.log 2014-02-04 10:17 - 2012-11-18 21:30 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-04 10:11 - 2009-07-14 05:34 - 00013728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-04 10:11 - 2009-07-14 05:34 - 00013728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-04 10:03 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-03 11:17 - 2013-12-20 17:06 - 00000000 ____D () C:\Users\oh\AppData\Local\CrashDumps 2014-02-03 10:27 - 2012-11-18 20:31 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-01 20:34 - 2014-02-01 20:34 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420.exe 2014-02-01 00:25 - 2014-02-01 00:25 - 02418886 _____ () C:\Users\oh\Downloads\shutterstock_173367836.eps 2014-01-31 23:58 - 2014-01-31 23:58 - 00706815 _____ () C:\Users\oh\Downloads\shutterstock_173313854.eps 2014-01-31 23:47 - 2014-01-31 23:47 - 00309014 _____ () C:\Users\oh\Downloads\shutterstock_173929187.eps 2014-01-30 13:49 - 2013-10-11 13:37 - 00000495 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-01-30 09:33 - 2012-11-18 22:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-01-30 09:33 - 2012-11-18 22:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-01-28 16:47 - 2014-01-28 16:44 - 00000000 ____D () C:\Users\oh\Desktop\VBG 2014-01-27 17:56 - 2012-11-23 13:32 - 00000000 ____D () C:\Users\oh\AppData\Roaming\FileZilla 2014-01-27 13:21 - 2014-01-27 13:21 - 01069512 _____ (Solid State Networks) C:\Users\oh\Downloads\install_flashplayer12x32au_mssd_aaa_aih.exe 2014-01-27 11:24 - 2012-11-22 11:07 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Apple Computer 2014-01-27 11:22 - 2013-10-22 09:09 - 00002113 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk 2014-01-27 11:22 - 2013-08-29 13:34 - 00002053 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-01-27 11:20 - 2014-01-02 22:36 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-01-27 11:20 - 2013-08-29 13:34 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-01-27 11:20 - 2013-08-29 13:33 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-01-27 11:20 - 2013-08-29 13:33 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-01-27 11:20 - 2013-08-29 13:32 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-01-27 11:20 - 2013-08-29 13:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-01-27 11:20 - 2012-11-18 20:46 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-01-27 08:08 - 2014-01-27 08:08 - 00000000 ____D () C:\Users\oh\Desktop\Whiteboard Animation 2014-01-24 10:26 - 2014-01-24 10:26 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-01-24 10:26 - 2014-01-24 10:25 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-01-24 10:26 - 2014-01-24 10:25 - 00000000 ____D () C:\Program Files\iTunes 2014-01-24 10:25 - 2014-01-24 10:25 - 00000000 ____D () C:\Program Files\iPod 2014-01-24 10:25 - 2012-11-21 21:17 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-01-24 10:18 - 2014-01-24 10:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf 2014-01-24 10:16 - 2012-11-21 21:16 - 00000000 ____D () C:\ProgramData\Apple 2014-01-22 17:02 - 2012-12-04 10:21 - 00000000 ____D () C:\Users\oh\AppData\Local\Axure 2014-01-21 08:32 - 2014-01-21 08:15 - 00000139 _____ () C:\Users\oh\Downloads\domainliste.csv 2014-01-20 10:27 - 2012-11-18 21:07 - 00209464 _____ () C:\Windows\PFRO.log 2014-01-20 10:24 - 2014-01-20 10:24 - 31804272 _____ () C:\Users\oh\Desktop\D-GWS-Grafiken.psd 2014-01-20 08:17 - 2014-01-20 08:14 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-01-20 08:16 - 2014-01-20 08:16 - 00000000 ____D () C:\Users\oh\AppData\Roaming\TuneUp Software 2014-01-20 08:14 - 2014-01-20 08:14 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-20 08:10 - 2014-01-20 08:09 - 00000000 ____D () C:\Users\oh\Documents\Freemake 2014-01-20 08:10 - 2014-01-20 08:09 - 00000000 ____D () C:\ProgramData\Freemake 2014-01-20 08:09 - 2014-01-20 08:09 - 00001278 _____ () C:\Users\Public\Desktop\Freemake Audio Converter.lnk 2014-01-20 08:09 - 2014-01-20 08:09 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-01-20 08:09 - 2014-01-20 08:08 - 00000000 ____D () C:\Program Files\Freemake 2014-01-20 08:08 - 2014-01-20 08:08 - 00000000 ____D () C:\Users\oh\AppData\Roaming\OpenCandy 2014-01-20 08:06 - 2014-01-20 08:06 - 01300416 _____ (Ellora Assets Corporation ) C:\Users\oh\Downloads\FreemakeAudioConverterSetup.exe 2014-01-20 08:03 - 2014-01-20 08:03 - 00051134 _____ () C:\Users\oh\Desktop\aufnahme4.m4a 2014-01-19 21:09 - 2014-01-19 21:09 - 00001184 _____ () C:\Users\Public\Desktop\VideoScribe Desktop.lnk 2014-01-19 21:09 - 2014-01-19 21:09 - 00000000 ____D () C:\Program Files\Sparkol 2014-01-19 21:00 - 2014-01-19 20:58 - 27679232 _____ () C:\Users\oh\Downloads\VideoScribe.msi 2014-01-18 23:18 - 2012-11-20 12:04 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Skype 2014-01-18 20:34 - 2012-11-20 12:03 - 00000000 ____D () C:\ProgramData\Skype 2014-01-18 20:33 - 2013-03-29 19:51 - 00000000 ___RD () C:\Program Files\Skype 2014-01-16 17:36 - 2013-12-18 11:25 - 00001003 _____ () C:\Users\oh\Desktop\Dropbox.lnk 2014-01-16 17:36 - 2013-12-18 11:21 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-16 17:16 - 2013-12-13 20:33 - 00004727 _____ () C:\Windows\avmacc.log 2014-01-16 17:15 - 2012-11-18 21:24 - 00000000 ____D () C:\Users\oh\AppData\Local\Deployment 2014-01-16 17:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-01-16 17:00 - 2009-07-14 05:33 - 02572872 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-16 16:41 - 2012-11-18 22:41 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-01-16 16:41 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini 2014-01-16 16:32 - 2013-08-16 07:21 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-16 16:29 - 2012-11-21 13:14 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-14 21:56 - 2014-01-14 21:55 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-14 21:56 - 2013-10-24 11:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-14 21:56 - 2012-11-18 22:07 - 00000000 ____D () C:\Program Files\Java 2014-01-10 09:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2014-01-08 19:02 - 2014-01-08 19:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf 2014-01-08 18:58 - 2014-01-08 18:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf 2014-01-08 18:58 - 2013-01-21 16:12 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Vodafone 2014-01-08 18:58 - 2012-11-18 21:10 - 00117960 _____ () C:\Users\oh\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-08 18:57 - 2013-01-21 16:12 - 00000000 ____D () C:\ProgramData\Vodafone 2014-01-08 18:56 - 2014-01-08 18:56 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2014-01-08 18:56 - 2014-01-08 18:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations 2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\ProgramData\Macrovision 2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Program Files\Vodafone 2014-01-08 18:55 - 2012-11-20 11:44 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2014-01-08 17:11 - 2014-01-08 17:11 - 00000000 ____D () C:\Users\oh\Desktop\Neuer Ordner 2014-01-08 10:51 - 2013-09-27 15:24 - 00000000 ____D () C:\Program Files\Connectify 2014-01-08 10:50 - 2014-01-08 10:50 - 00001122 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk 2014-01-08 10:50 - 2013-09-27 15:26 - 00001138 _____ () C:\Users\Public\Desktop\Connectify Dispatch.lnk 2014-01-08 10:33 - 2014-01-08 10:33 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller(5).exe 2014-01-07 10:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-01-07 09:41 - 2013-02-03 12:12 - 00000000 ____D () C:\Users\oh\AppData\Roaming\XnView 2014-01-06 19:25 - 2014-01-06 19:25 - 10582632 _____ () C:\Users\oh\Downloads\SetupAnyDVD7400.exe 2014-01-06 19:25 - 2014-01-06 19:25 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller(4).exe Some content of TEMP: ==================== C:\Users\oh\AppData\Local\Temp\FreemakeAudioConverter_1.1.0.49.exe C:\Users\oh\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\oh\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\oh\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\oh\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\oh\AppData\Local\Temp\ose00000.exe C:\Users\oh\AppData\Local\Temp\pdf24-creator-update.exe C:\Users\oh\AppData\Local\Temp\proxy_vole914123878496386481.dll C:\Users\oh\AppData\Local\Temp\SkypeSetup.exe C:\Users\oh\AppData\Local\Temp\SpOrder.dll C:\Users\oh\AppData\Local\Temp\ydetect.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-29 16:03 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-02-2014 Ran by oh at 2014-02-05 09:36:17 Running from C:\Users\oh\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== 7-Zip 9.20 (Version: - ) Acer Crystal Eye webcam (Version: 1.0.3.0 - Liteon) Acer PowerSmart Manager (Version: 5.02.3006 - Acer Incorporated) Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated) Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Encore CS4 Codecs (Version: 4 - Adobe Systems Incorporated) Hidden Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (Version: 12.0.0.38 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated) Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Illustrator CS4 (Version: 14.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 (Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Common Base Files (Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Icon Handler (Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe Media Player (Version: 1.1 - Adobe Systems Incorporated) Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.06) - Deutsch (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe SGM CS4 (Version: 3.0 - Adobe Systems Incorporated) Hidden Adobe SING CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Soundbooth CS4 Codecs (Version: 2 - Adobe Systems Incorporated) Hidden Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden Alcor Micro USB Card Reader (Version: 1.7.17.06011 - Alcor Micro Corp.) Alcor Micro USB Card Reader (Version: 1.7.17.06011 - Alcor Micro Corp.) Hidden AnyDVD (Version: 7.4.1.0 - SlySoft) Apple Application Support (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (Version: 2.1.3.127 - Apple Inc.) ARIS EXPRESS (Version: 2.4 - Software AG) Ashampoo Burning Studio 2012 CBE v.11.0.4 (Version: 11.0.4 - Ashampoo GmbH & Co. KG) avast! Internet Security (Version: 9.0.2013 - Avast Software) Axure RP Pro 6.5 (Version: 6.5.0.3047 - Axure Software Solutions, Inc.) Axure RP Pro 6.5 (Version: 6.5.0.3047 - Axure Software Solutions, Inc.) Hidden Axure RP Pro 7.0 Beta (Version: 7.0.0.3126 - Axure Software Solutions, Inc.) Axure RP Pro 7.0 Beta (Version: 7.0.0.3126 - Axure Software Solutions, Inc.) Hidden BitNami WordPress-Modul (Version: 3.6-0 - BitNami) Bonjour (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Network Adapter (Version: 5.100.249.2 - Broadcom Corporation) Brother HL-5270DN (Version: 1.00 - Brother) CDBurnerXP (Version: 4.4.2.3442 - CDBurnerXP) Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) CloneDVD2 (Version: 2.9.3.0 - Elaborate Bytes) CloneDVDmobile (Version: 1.9.0.1 - SlySoft) Conexant HD Audio (Version: 4.121.0.50 - Conexant) Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden Connectify (Version: 7.2.1.29658 - Connectify) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft) Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.) FaxRedist (Version: 1.0.0 - ) FileZilla Client 3.7.3 (Version: 3.7.3 - Tim Kosse) Freemake Audio Converter Version 1.1.0 (Version: 1.1.0 - Ellora Assets Corporation) FRITZ!Box USB-Fernanschluss (HKCU Version: 2.3.2.0 - AVM Berlin) GanttProject (Version: - ) GMX ProfiFax (Version: 2.00.222 - GMX GmbH) Google Chrome (Version: 32.0.1700.107 - Google Inc.) Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259 - CitrixOnline) iCloud (Version: 3.1.0.40 - Apple Inc.) iTunes (Version: 11.1.4.62 - Apple Inc.) Java 7 Update 51 (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden Lexmark Pro800-Pro900 Series (Version: - Lexmark International, Inc.) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (Version: 26.0 - Mozilla) MyFonts Order M4010014 (Version: 1.0 - MyFonts.com, Inc.) NVIDIA Drivers (Version: 1.10 - NVIDIA Corporation) OpenProj (Version: 1.4.0 - Serena Software Inc.) PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden PDF24 Creator 5.7.0 (Version: - PDF24.org) Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden ProjectLibre (Version: 1.5.13.0 - ProjectLibre) PSPad editor (Version: - Jan Fiala) QuickTime (Version: 7.74.80.86 - Apple Inc.) Safari (Version: 5.34.57.2 - Apple Inc.) Samsung SCX-4200 Series (Version: - Samsung Electronics CO.,LTD) Samsung Universal Print Driver (Version: 2.03.09.00 - Samsung Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden sipgate Faxdrucker (Version: 1.0.0 - sipgate GmbH) Skype™ 6.9 (Version: 6.9.106 - Skype Technologies S.A.) Snagit 11 (Version: 11.2.1 - TechSmith Corporation) Sparkol VideoScribe (Version: 1.3.26 - Sparkol) Sparkol VideoScribe (Version: 1.3.26 - Sparkol) Hidden Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden TeamViewer 8 (Version: 8.0.16642 - TeamViewer) True Image 2013 (Version: 16.0.5551 - Acronis) Hidden Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1 - Microsoft Corporation) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version: - Microsoft) VirtualCloneDrive (Version: - Elaborate Bytes) VLC media player 2.0.5 (Version: 2.0.5 - VideoLAN) Vodafone Mobile Broadband (Version: 10.3.401.43721 - Vodafone) Wondershare PDF Converter Pro (Build 4.0.1) (Version: 4.0.1 - Wondershare Software) XAMPP (Version: 1.8.2-1 - BitNami) XING Outlook Connector (Version: 2.1.0 - XING) XMind (Version: 3.3.0 - XMind Ltd.) XMind 2012 (v3.3.1) (Version: 3.3.1.201212250029 - XMind Ltd.) XnView 1.99.6 (Version: 1.99.6 - Gougelet Pierre-e) Yahoo! Detect (Version: - ) ==================== Restore Points ========================= 31-01-2014 08:42:25 Windows Update 04-02-2014 07:59:00 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:04 - 2012-12-07 14:29 - 00001758 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {1CB7A8C5-FDC5-4805-8AA0-41651B4EB0BE} - System32\Tasks\xingoscupdate => C:\Program Files\XING\XING Outlook Connector\xingoscupdate.exe [2013-07-01] (XING) Task: {31C92E68-D275-433D-874C-10C4F8C4E50B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {90B1856F-F4CA-4A83-B663-6CE77F5B99CA} - System32\Tasks\Xing Social Recommendations => C:\Program Files\XING\XING Outlook Connector\XingSocial.exe [2013-07-01] (XING AG) Task: {CD3586D1-B684-4D8A-86F4-919758B0E2A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-27] (AVAST Software) Task: {EE6875CB-8805-4EF6-9576-CEF87AA480EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-18] (Google Inc.) Task: {EE8FEDBA-C68D-43FF-9E77-6EE29C977BB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-18] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-07 20:25 - 2013-08-07 20:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2012-08-23 01:12 - 2012-08-23 01:12 - 00019840 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll 2012-11-26 16:00 - 2009-11-16 20:31 - 00069632 _____ () C:\Program Files\PSPad editor\PSPadShell.dll 2012-11-20 11:51 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\lxecscw.dll 2012-11-20 11:52 - 2009-05-27 07:16 - 00192512 _____ () C:\Windows\system32\spool\drivers\w32x86\3\lxecdatr.dll 2012-11-20 11:51 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\lxecDRS.dll 2012-11-20 11:51 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\lxeccaps.dll 2012-11-20 11:50 - 2009-02-20 03:48 - 00299008 _____ () C:\Windows\system32\lxecsm.dll 2012-11-20 11:50 - 2009-04-28 02:56 - 00024064 _____ () C:\Windows\system32\lxecsmr.dll 2012-11-20 11:51 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\Epwizard.DLL 2012-11-20 11:51 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\customui.dll 2012-11-20 11:51 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\Eputil.DLL 2012-11-20 11:51 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\Imagutil.DLL 2012-11-20 11:51 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\Epfunct.DLL 2012-11-20 11:51 - 2009-06-23 06:09 - 02203648 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\EPWizRes.dll 2012-11-20 11:51 - 2009-06-23 06:10 - 00045056 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\epstring.dll 2012-11-20 11:51 - 2009-06-23 06:11 - 00102400 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\EPOEMDll.dll 2012-11-20 11:51 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\iptk.dll 2012-11-20 11:51 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\lxecptp.dll 2012-08-23 03:35 - 2012-08-23 03:35 - 13873200 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers.dll 2012-08-23 03:31 - 2012-08-23 03:31 - 01590656 _____ () C:\Program Files\Common Files\Acronis\Home\icudt38.dll 2012-07-24 14:48 - 2012-07-24 14:48 - 00012160 _____ () C:\Program Files\Common Files\Acronis\TibMounter\icudt38.dll 2014-01-08 10:49 - 2013-12-23 19:59 - 00376608 _____ () C:\Program Files\Connectify\NativeLibrary.dll 2013-10-22 09:09 - 2013-10-22 09:09 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\oh\AppData\Roaming\Dropbox\bin\libcef.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf 2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2013-12-20 10:23 - 2013-12-20 10:23 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: USB Device(VID_1f3a_PID_efe8) Description: USB Device(VID_1f3a_PID_efe8) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: USB Devices Service: usbUDisc Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Apple Mobile Device Ethernet Description: Apple Mobile Device Ethernet Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Apple Service: Netaapl Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (02/05/2014 07:38:35 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 45401595 Error: (02/05/2014 07:38:35 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 45401595 Error: (02/05/2014 07:38:35 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2014 07:38:34 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 45400347 Error: (02/05/2014 07:38:34 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 45400347 Error: (02/05/2014 07:38:34 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2014 07:38:32 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 45399224 Error: (02/05/2014 07:38:32 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 45399224 Error: (02/05/2014 07:38:32 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2014 07:38:31 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 45397913 System errors: ============= Error: (02/04/2014 06:36:32 PM) (Source: ipnathlp) (User: ) Description: 192.168.185.1192.168.173.0255.255.255.0 Error: (02/04/2014 10:03:36 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (02/04/2014 10:03:36 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxecCATSCustConnectService erreicht. Error: (02/04/2014 10:03:34 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/04/2014 08:05:51 AM) (Source: ipnathlp) (User: ) Description: 192.168.185.1192.168.173.0255.255.255.0 Error: (02/03/2014 10:50:12 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (02/03/2014 10:50:12 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxecCATSCustConnectService erreicht. Error: (02/03/2014 10:50:12 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/03/2014 10:24:14 AM) (Source: ipnathlp) (User: ) Description: 192.168.185.1192.168.173.0255.255.255.0 Error: (02/03/2014 10:24:04 AM) (Source: BTHUSB) (User: ) Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Microsoft Office Sessions: ========================= Error: (02/05/2014 07:38:35 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 45401595 Error: (02/05/2014 07:38:35 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 45401595 Error: (02/05/2014 07:38:35 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2014 07:38:34 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 45400347 Error: (02/05/2014 07:38:34 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 45400347 Error: (02/05/2014 07:38:34 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2014 07:38:32 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 45399224 Error: (02/05/2014 07:38:32 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 45399224 Error: (02/05/2014 07:38:32 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2014 07:38:31 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 45397913 ==================== Memory info =========================== Percentage of memory in use: 77% Total physical RAM: 2356.4 MB Available physical RAM: 519.04 MB Total Pagefile: 4711.09 MB Available Pagefile: 2070.98 MB Total Virtual: 2047.88 MB Available Virtual: 1883.9 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.66 GB) (Free:10.92 GB) NTFS Drive d: () (Fixed) (Total:187.33 GB) (Free:24.71 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: AABD5AB5) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=187 GB) - (Type=07 NTFS) ==================== End Of Log ============================ ich wollte nachfragen ob ich mit "Farbar" die Aktion "Fix" durchführen oder noch auf Feedback von dir warten soll. Danke schön und beste Grüße, Oliver |
07.02.2014, 07:58 | #4 |
/// the machine /// TB-Ausbilder | PUP.Optional.OpenCandy gefunden Da wird nur gefixt wenn ich es sage Funde von MBAM löschen lassen. Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.02.2014, 12:43 | #5 |
| PUP.Optional.OpenCandy gefunden Hallo Schrauber, hier die logfiles. Ich hab nix anderes gemacht als du gesagt hast ;-) VG, Oliver Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.1 (02.04.2014:1) OS: Windows 7 Ultimate x86 Ran by oh on 07.02.2014 at 11:23:03,40 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\oh\AppData\Roaming\mozilla\firefox\profiles\buoobwx4.default\minidumps [82 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07.02.2014 at 11:31:07,28 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.05.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16476 oh :: XMV [Administrator] Schutz: Aktiviert 05.02.2014 08:53:17 MBAM-log-2014-02-05 (09-19-34).txt Art des Suchlaufs: Flash-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P Durchsuchte Objekte: 168188 Laufzeit: 5 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\oh\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Roaming\OpenCandy\A41F32C5886B4FD5A89B964F56DDB085 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. Infizierte Dateien: 1 C:\Users\oh\AppData\Roaming\OpenCandy\A41F32C5886B4FD5A89B964F56DDB085\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. (Ende) FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2014 Ran by oh (administrator) on XMV on 07-02-2014 12:41:14 Running from C:\Users\oh\Downloads Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe ( ) C:\Windows\System32\lxeccoms.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Connectify) C:\Program Files\Connectify\ConnectifyService.exe (Connectify) C:\Program Files\Connectify\Connectifyd.exe (Connectify) C:\Program Files\Connectify\ConnectifyNetServices.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Alcor Micro Corp.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe () C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe () C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe (Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Connectify) C:\Program Files\Connectify\DispatchUI.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Connectify) C:\Program Files\Connectify\Connectify.exe (Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dropbox, Inc.) C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe (AVM Berlin) C:\Users\oh\AppData\Local\Apps\2.0\M5XZ7ERZ.PXA\3ARY5QEL.W1V\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Prog-Soft s.r.o.) C:\Program Files\PSPad editor\PSPad.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [496184 2012-11-18] (Conexant Systems, Inc.) HKLM\...\Run: [AmIcoSinglun] - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [233472 2012-11-18] (Alcor Micro Corp.) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [492952 2010-12-03] (Acer Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [lxecmon.exe] - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe [770728 2011-01-23] () HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe [148280 2011-01-23] () HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [6049096 2012-08-23] (Acronis) HKLM\...\Run: [AcronisTibMounterMonitor] - C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [943856 2012-07-24] (Acronis) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [403888 2012-08-23] (Acronis) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13834856 2010-05-20] (NVIDIA Corporation) HKLM\...\Run: [Lexmark Pro800-Pro900 Series Fax Server] - C:\Program Files\Lexmark Pro800-Pro900 Series\fm3032.exe [316072 2009-10-01] () HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [Connectify Dispatch] - C:\Program Files\Connectify\DispatchUI.exe [1685280 2013-12-23] (Connectify) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-27] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Connectify Hotspot] - C:\Program Files\Connectify\Connectify.exe [3755296 2013-12-23] (Connectify) HKLM\...\Run: [MobileBroadband] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-02-05] (Vodafone) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [AnyDVD] - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [93096 2014-01-23] (SlySoft, Inc.) HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [AdobeBridge] - [X] HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [AVMUSBFernanschluss] - C:\Users\oh\AppData\Local\Apps\2.0\M5XZ7ERZ.PXA\3ARY5QEL.W1V\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-01-16] (AVM Berlin) HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: F - F:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {018caeb7-7886-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {018cb196-7886-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {018cb2b6-7886-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {1f449296-4069-11e2-976d-60eb698d14b8} - Autoplay.exe -auto HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {276fa41a-6be1-11e2-96fb-001e101f299e} - F:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {2a73de53-84c7-11e2-a0fe-001e101f9e5e} - F:\setup.exe HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {5fbd6d6c-63d4-11e2-a3fd-18f46a77934b} - F:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {5fbd6e32-63d4-11e2-a3fd-60eb698d14b8} - F:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {8cc37f36-31b5-11e2-aeac-edee0ccccdeb} - "G:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {9e68451a-77c3-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {ca20d0c5-dda1-11e2-9c31-60eb698d14b8} - F:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2801114736-939692857-340290277-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess? Startup: C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC35F2E11422CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM - DefaultScope value is missing. BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.24.dll No File Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.250.40 Tcpip\..\Interfaces\{22DF3645-8170-4D31-9946-DD1134FA13FC}: [NameServer]139.7.30.125,139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\oh\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Firefox OS Simulator - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\r2d2b2g@mozilla.org [2014-02-07] FF Extension: FireShot - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-01-29] FF Extension: ColorZilla - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012-11-18] FF Extension: Page Speed - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2013-12-02] FF Extension: Automatic window resizer - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\autoresize@addiks.de.xpi [2014-02-05] FF Extension: Firebug - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\firebug@software.joehewitt.com.xpi [2012-11-18] FF Extension: HttpFox - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2013-02-18] FF Extension: MeasureIt - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012-11-18] FF Extension: Web Developer - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-11-18] FF Extension: DownThemAll! - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-11-28] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-29] Chrome: ======= CHR HomePage: CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll No File CHR Extension: (Google Wallet) - C:\Users\oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] ========================== Services (Whitelisted) ================= R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [813576 2012-08-23] (Acronis) R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3729400 2012-11-20] (Acronis) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-27] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-27] (AVAST Software) R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [487936 2013-12-23] (Connectify) R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [701824 2010-12-03] (Acer Incorporated) S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe [193192 2010-04-14] (Lexmark International, Inc.) R2 lxec_device; C:\Windows\system32\lxeccoms.exe [598696 2010-04-14] ( ) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [129536 2012-04-06] (Samsung Electronics) R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7027752 2012-08-18] (Acronis) R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-02-05] (Vodafone) ==================== Drivers (Whitelisted) ==================== S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [25600 2012-11-18] (Alcor Micro, Corp.) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [120616 2013-11-26] (SlySoft, Inc.) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2013-10-22] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-27] (AVAST Software) R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [265072 2014-01-27] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-10-22] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-10-22] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-27] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-01-27] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-01-27] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-02] () R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-12-13] (AVM Berlin) R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [29672 2013-09-27] (Connectify) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [29232 2012-11-18] (EgisTec) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2013-01-30] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-01-30] (Huawei Technologies Co., Ltd.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [203264 2013-01-30] (Huawei Technologies Co., Ltd.) S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [806184 2012-11-20] (Acronis) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [689672 2012-11-20] (Acronis) S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv.sys [13824 2013-01-05] (Scott) R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [139336 2012-11-20] (Acronis) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [99720 2012-11-20] (Acronis) S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-07 12:40 - 2014-02-07 12:40 - 00000000 ____D () C:\Users\oh\Downloads\FRST-OlderVersion 2014-02-07 11:31 - 2014-02-07 11:31 - 00000747 _____ () C:\Users\oh\Desktop\JRT.txt 2014-02-07 11:22 - 2014-02-07 11:22 - 00000000 ____D () C:\Windows\ERUNT 2014-02-07 11:10 - 2014-02-07 11:10 - 01037530 _____ (Thisisu) C:\Users\oh\Desktop\JRT.exe 2014-02-07 10:45 - 2014-02-07 10:45 - 00000355 _____ () C:\Users\oh\Desktop\todlebo-businessplan.txt 2014-02-07 10:44 - 2014-02-07 11:11 - 00000000 ____D () C:\AdwCleaner 2014-02-07 10:43 - 2014-02-07 10:43 - 01166132 _____ () C:\Users\oh\Desktop\adwcleaner.exe 2014-02-06 11:00 - 2014-02-06 11:00 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420(2).exe 2014-02-05 09:36 - 2014-02-05 09:37 - 00025973 _____ () C:\Users\oh\Downloads\Addition.txt 2014-02-05 09:35 - 2014-02-07 12:41 - 00022025 _____ () C:\Users\oh\Downloads\FRST.txt 2014-02-05 09:33 - 2014-02-07 12:41 - 00000000 ____D () C:\FRST 2014-02-05 09:32 - 2014-02-07 12:40 - 01136640 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe 2014-02-05 08:06 - 2014-02-05 08:08 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420(1).exe 2014-02-01 20:34 - 2014-02-01 20:34 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420.exe 2014-02-01 00:25 - 2014-02-01 00:25 - 02418886 _____ () C:\Users\oh\Downloads\shutterstock_173367836.eps 2014-01-31 23:58 - 2014-01-31 23:58 - 00706815 _____ () C:\Users\oh\Downloads\shutterstock_173313854.eps 2014-01-31 23:47 - 2014-01-31 23:47 - 00309014 _____ () C:\Users\oh\Downloads\shutterstock_173929187.eps 2014-01-28 16:44 - 2014-01-28 16:47 - 00000000 ____D () C:\Users\oh\Desktop\VBG 2014-01-27 13:21 - 2014-01-27 13:21 - 01069512 _____ (Solid State Networks) C:\Users\oh\Downloads\install_flashplayer12x32au_mssd_aaa_aih.exe 2014-01-27 08:08 - 2014-01-27 08:08 - 00000000 ____D () C:\Users\oh\Desktop\Whiteboard Animation 2014-01-24 10:26 - 2014-01-24 10:26 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-01-24 10:25 - 2014-01-24 10:26 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-01-24 10:25 - 2014-01-24 10:26 - 00000000 ____D () C:\Program Files\iTunes 2014-01-24 10:25 - 2014-01-24 10:25 - 00000000 ____D () C:\Program Files\iPod 2014-01-24 10:18 - 2014-01-24 10:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf 2014-01-21 08:15 - 2014-01-21 08:32 - 00000139 _____ () C:\Users\oh\Downloads\domainliste.csv 2014-01-20 10:24 - 2014-01-20 10:24 - 31804272 _____ () C:\Users\oh\Desktop\D-GWS-Grafiken.psd 2014-01-20 08:16 - 2014-01-20 08:16 - 00000000 ____D () C:\Users\oh\AppData\Roaming\TuneUp Software 2014-01-20 08:14 - 2014-01-20 08:17 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-01-20 08:14 - 2014-01-20 08:14 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-20 08:09 - 2014-01-20 08:10 - 00000000 ____D () C:\Users\oh\Documents\Freemake 2014-01-20 08:09 - 2014-01-20 08:10 - 00000000 ____D () C:\ProgramData\Freemake 2014-01-20 08:09 - 2014-01-20 08:09 - 00001278 _____ () C:\Users\Public\Desktop\Freemake Audio Converter.lnk 2014-01-20 08:09 - 2014-01-20 08:09 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-01-20 08:08 - 2014-01-20 08:09 - 00000000 ____D () C:\Program Files\Freemake 2014-01-20 08:06 - 2014-01-20 08:06 - 01300416 _____ (Ellora Assets Corporation ) C:\Users\oh\Downloads\FreemakeAudioConverterSetup.exe 2014-01-20 08:03 - 2014-01-20 08:03 - 00051134 _____ () C:\Users\oh\Desktop\aufnahme4.m4a 2014-01-19 21:09 - 2014-01-19 21:09 - 00001184 _____ () C:\Users\Public\Desktop\VideoScribe Desktop.lnk 2014-01-19 21:09 - 2014-01-19 21:09 - 00000000 ____D () C:\Program Files\Sparkol 2014-01-19 20:58 - 2014-01-19 21:00 - 27679232 _____ () C:\Users\oh\Downloads\VideoScribe.msi 2014-01-15 13:56 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 13:56 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 13:56 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 13:56 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 13:56 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 13:56 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 13:56 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 13:56 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 13:56 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-14 21:56 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-01-14 21:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-14 21:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-14 21:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-14 21:55 - 2014-01-14 21:56 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-08 19:02 - 2014-01-08 19:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf 2014-01-08 18:58 - 2014-01-08 18:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf 2014-01-08 18:57 - 2013-01-30 11:26 - 00203264 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys 2014-01-08 18:57 - 2013-01-30 11:26 - 00102784 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys 2014-01-08 18:57 - 2013-01-30 11:26 - 00096000 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys 2014-01-08 18:57 - 2013-01-30 11:26 - 00027520 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys 2014-01-08 18:57 - 2013-01-30 11:26 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys 2014-01-08 18:56 - 2014-01-08 18:56 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2014-01-08 18:56 - 2014-01-08 18:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2014-01-08 18:56 - 2013-01-30 11:26 - 00076544 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys 2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations 2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\ProgramData\Macrovision 2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Program Files\Vodafone 2014-01-08 17:11 - 2014-01-08 17:11 - 00000000 ____D () C:\Users\oh\Desktop\Neuer Ordner 2014-01-08 10:50 - 2014-01-08 10:50 - 00001122 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk 2014-01-08 10:33 - 2014-01-08 10:33 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller(5).exe 2014-01-08 07:51 - 2014-02-05 08:41 - 00110040 _____ () C:\ProgramData\lxec.log ==================== One Month Modified Files and Folders ======= 2014-02-07 12:41 - 2014-02-05 09:35 - 00022025 _____ () C:\Users\oh\Downloads\FRST.txt 2014-02-07 12:41 - 2014-02-05 09:33 - 00000000 ____D () C:\FRST 2014-02-07 12:40 - 2014-02-07 12:40 - 00000000 ____D () C:\Users\oh\Downloads\FRST-OlderVersion 2014-02-07 12:40 - 2014-02-05 09:32 - 01136640 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe 2014-02-07 11:56 - 2012-11-18 20:23 - 01711261 _____ () C:\Windows\WindowsUpdate.log 2014-02-07 11:50 - 2012-11-18 21:30 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-07 11:40 - 2013-09-04 10:38 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Dropbox 2014-02-07 11:32 - 2012-11-18 20:31 - 01648454 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-07 11:31 - 2014-02-07 11:31 - 00000747 _____ () C:\Users\oh\Desktop\JRT.txt 2014-02-07 11:22 - 2014-02-07 11:22 - 00000000 ____D () C:\Windows\ERUNT 2014-02-07 11:21 - 2009-07-14 05:34 - 00013728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-07 11:21 - 2009-07-14 05:34 - 00013728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-07 11:15 - 2012-11-20 11:53 - 00029868 _____ () C:\ProgramData\lxecscan.log 2014-02-07 11:15 - 2012-11-18 21:30 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-07 11:13 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-07 11:13 - 2009-07-14 05:39 - 00397916 _____ () C:\Windows\setupact.log 2014-02-07 11:11 - 2014-02-07 10:44 - 00000000 ____D () C:\AdwCleaner 2014-02-07 11:10 - 2014-02-07 11:10 - 01037530 _____ (Thisisu) C:\Users\oh\Desktop\JRT.exe 2014-02-07 10:45 - 2014-02-07 10:45 - 00000355 _____ () C:\Users\oh\Desktop\todlebo-businessplan.txt 2014-02-07 10:43 - 2014-02-07 10:43 - 01166132 _____ () C:\Users\oh\Desktop\adwcleaner.exe 2014-02-06 11:00 - 2014-02-06 11:00 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420(2).exe 2014-02-05 09:37 - 2014-02-05 09:36 - 00025973 _____ () C:\Users\oh\Downloads\Addition.txt 2014-02-05 08:41 - 2014-01-08 07:51 - 00110040 _____ () C:\ProgramData\lxec.log 2014-02-05 08:08 - 2014-02-05 08:06 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420(1).exe 2014-02-03 11:17 - 2013-12-20 17:06 - 00000000 ____D () C:\Users\oh\AppData\Local\CrashDumps 2014-02-01 20:34 - 2014-02-01 20:34 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420.exe 2014-02-01 00:25 - 2014-02-01 00:25 - 02418886 _____ () C:\Users\oh\Downloads\shutterstock_173367836.eps 2014-01-31 23:58 - 2014-01-31 23:58 - 00706815 _____ () C:\Users\oh\Downloads\shutterstock_173313854.eps 2014-01-31 23:47 - 2014-01-31 23:47 - 00309014 _____ () C:\Users\oh\Downloads\shutterstock_173929187.eps 2014-01-30 13:49 - 2013-10-11 13:37 - 00000495 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-01-30 09:33 - 2012-11-18 22:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-01-30 09:33 - 2012-11-18 22:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-01-28 16:47 - 2014-01-28 16:44 - 00000000 ____D () C:\Users\oh\Desktop\VBG 2014-01-27 17:56 - 2012-11-23 13:32 - 00000000 ____D () C:\Users\oh\AppData\Roaming\FileZilla 2014-01-27 13:21 - 2014-01-27 13:21 - 01069512 _____ (Solid State Networks) C:\Users\oh\Downloads\install_flashplayer12x32au_mssd_aaa_aih.exe 2014-01-27 11:24 - 2012-11-22 11:07 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Apple Computer 2014-01-27 11:22 - 2013-10-22 09:09 - 00002113 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk 2014-01-27 11:22 - 2013-08-29 13:34 - 00002053 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-01-27 11:20 - 2014-01-02 22:36 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-01-27 11:20 - 2013-08-29 13:34 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-01-27 11:20 - 2013-08-29 13:33 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-01-27 11:20 - 2013-08-29 13:33 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-01-27 11:20 - 2013-08-29 13:32 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-01-27 11:20 - 2013-08-29 13:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-01-27 11:20 - 2012-11-18 20:46 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-01-27 08:08 - 2014-01-27 08:08 - 00000000 ____D () C:\Users\oh\Desktop\Whiteboard Animation 2014-01-24 10:26 - 2014-01-24 10:26 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-01-24 10:26 - 2014-01-24 10:25 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-01-24 10:26 - 2014-01-24 10:25 - 00000000 ____D () C:\Program Files\iTunes 2014-01-24 10:25 - 2014-01-24 10:25 - 00000000 ____D () C:\Program Files\iPod 2014-01-24 10:25 - 2012-11-21 21:17 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-01-24 10:18 - 2014-01-24 10:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf 2014-01-24 10:16 - 2012-11-21 21:16 - 00000000 ____D () C:\ProgramData\Apple 2014-01-22 17:02 - 2012-12-04 10:21 - 00000000 ____D () C:\Users\oh\AppData\Local\Axure 2014-01-21 08:32 - 2014-01-21 08:15 - 00000139 _____ () C:\Users\oh\Downloads\domainliste.csv 2014-01-20 10:27 - 2012-11-18 21:07 - 00209464 _____ () C:\Windows\PFRO.log 2014-01-20 10:24 - 2014-01-20 10:24 - 31804272 _____ () C:\Users\oh\Desktop\D-GWS-Grafiken.psd 2014-01-20 08:17 - 2014-01-20 08:14 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-01-20 08:16 - 2014-01-20 08:16 - 00000000 ____D () C:\Users\oh\AppData\Roaming\TuneUp Software 2014-01-20 08:14 - 2014-01-20 08:14 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-01-20 08:10 - 2014-01-20 08:09 - 00000000 ____D () C:\Users\oh\Documents\Freemake 2014-01-20 08:10 - 2014-01-20 08:09 - 00000000 ____D () C:\ProgramData\Freemake 2014-01-20 08:09 - 2014-01-20 08:09 - 00001278 _____ () C:\Users\Public\Desktop\Freemake Audio Converter.lnk 2014-01-20 08:09 - 2014-01-20 08:09 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-01-20 08:09 - 2014-01-20 08:08 - 00000000 ____D () C:\Program Files\Freemake 2014-01-20 08:06 - 2014-01-20 08:06 - 01300416 _____ (Ellora Assets Corporation ) C:\Users\oh\Downloads\FreemakeAudioConverterSetup.exe 2014-01-20 08:03 - 2014-01-20 08:03 - 00051134 _____ () C:\Users\oh\Desktop\aufnahme4.m4a 2014-01-19 21:09 - 2014-01-19 21:09 - 00001184 _____ () C:\Users\Public\Desktop\VideoScribe Desktop.lnk 2014-01-19 21:09 - 2014-01-19 21:09 - 00000000 ____D () C:\Program Files\Sparkol 2014-01-19 21:00 - 2014-01-19 20:58 - 27679232 _____ () C:\Users\oh\Downloads\VideoScribe.msi 2014-01-18 23:18 - 2012-11-20 12:04 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Skype 2014-01-18 20:34 - 2012-11-20 12:03 - 00000000 ____D () C:\ProgramData\Skype 2014-01-18 20:33 - 2013-03-29 19:51 - 00000000 ___RD () C:\Program Files\Skype 2014-01-16 17:36 - 2013-12-18 11:25 - 00001003 _____ () C:\Users\oh\Desktop\Dropbox.lnk 2014-01-16 17:36 - 2013-12-18 11:21 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-16 17:16 - 2013-12-13 20:33 - 00004727 _____ () C:\Windows\avmacc.log 2014-01-16 17:15 - 2012-11-18 21:24 - 00000000 ____D () C:\Users\oh\AppData\Local\Deployment 2014-01-16 17:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-01-16 17:00 - 2009-07-14 05:33 - 02572872 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-01-16 16:41 - 2012-11-18 22:41 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-01-16 16:41 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini 2014-01-16 16:32 - 2013-08-16 07:21 - 00000000 ____D () C:\Windows\system32\MRT 2014-01-16 16:29 - 2012-11-21 13:14 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-14 21:56 - 2014-01-14 21:55 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-14 21:56 - 2013-10-24 11:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-14 21:56 - 2012-11-18 22:07 - 00000000 ____D () C:\Program Files\Java 2014-01-10 09:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2014-01-08 19:02 - 2014-01-08 19:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf 2014-01-08 18:58 - 2014-01-08 18:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf 2014-01-08 18:58 - 2013-01-21 16:12 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Vodafone 2014-01-08 18:58 - 2012-11-18 21:10 - 00117960 _____ () C:\Users\oh\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-08 18:57 - 2013-01-21 16:12 - 00000000 ____D () C:\ProgramData\Vodafone 2014-01-08 18:56 - 2014-01-08 18:56 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2014-01-08 18:56 - 2014-01-08 18:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations 2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\ProgramData\Macrovision 2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Program Files\Vodafone 2014-01-08 18:55 - 2012-11-20 11:44 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2014-01-08 17:11 - 2014-01-08 17:11 - 00000000 ____D () C:\Users\oh\Desktop\Neuer Ordner 2014-01-08 10:51 - 2013-09-27 15:24 - 00000000 ____D () C:\Program Files\Connectify 2014-01-08 10:50 - 2014-01-08 10:50 - 00001122 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk 2014-01-08 10:50 - 2013-09-27 15:26 - 00001138 _____ () C:\Users\Public\Desktop\Connectify Dispatch.lnk 2014-01-08 10:33 - 2014-01-08 10:33 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller(5).exe Some content of TEMP: ==================== C:\Users\oh\AppData\Local\Temp\FreemakeAudioConverter_1.1.0.49.exe C:\Users\oh\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\oh\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\oh\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\oh\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\oh\AppData\Local\Temp\ose00000.exe C:\Users\oh\AppData\Local\Temp\pdf24-creator-update.exe C:\Users\oh\AppData\Local\Temp\proxy_vole914123878496386481.dll C:\Users\oh\AppData\Local\Temp\Quarantine.exe C:\Users\oh\AppData\Local\Temp\SkypeSetup.exe C:\Users\oh\AppData\Local\Temp\SpOrder.dll C:\Users\oh\AppData\Local\Temp\ydetect.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-29 16:03 ==================== End Of Log ============================ --- --- --- |
08.02.2014, 11:20 | #6 |
/// the machine /// TB-Ausbilder | PUP.Optional.OpenCandy gefundenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> PUP.Optional.OpenCandy gefunden |
11.02.2014, 12:39 | #7 |
| PUP.Optional.OpenCandy gefunden Hier das Log von ESET Nach 8 Stunden war der Scan dann endlich durch, deshalb erst jetzt meine Rückmeldung. Code:
ATTFilter ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=1b5ef3e3c756b940a72b72df5cf17b2d # engine=17006 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-02-11 06:50:10 # local_time=2014-02-11 07:50:10 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=772 16777213 83 82 1286129 10328949 0 0 # compatibility_mode=5893 16776573 100 94 331761 143732601 0 0 # scanned=671103 # found=5 # cleaned=0 # scan_time=81710 sh=0F927FD51398B383A3062A6C674AC1900416015F ft=1 fh=704fb21e31548381 vn="multiple threats" ac=I fn="I:\DESKTOP\Dokumente\_Desktop Ablage\Ablage\Software\Audio\setupwavtomp3.exe" sh=0F927FD51398B383A3062A6C674AC1900416015F ft=1 fh=704fb21e31548381 vn="multiple threats" ac=I fn="I:\Software\Audio\setupwavtomp3.exe" sh=2CFBF8FB41D546C03315F44DA247C3258F51E710 ft=1 fh=eda055c0cb1a7ceb vn="multiple threats" ac=I fn="I:\Software\Office\MS Access\software\internet\BEARINST.EXE" sh=C45CF2276623F7209D70E110F324B631CB8FE45C ft=1 fh=bb2b5eb820d64118 vn="Win32/Adware.Aureate application" ac=I fn="I:\Software\Office\MS Access\software\mm\WMP3Loc.exe" sh=82BD70B9B0A697863E9F861F8A4E6B972D24E7DC ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB trojan" ac=I fn="I:\Software\Themes - Wordpress etc\magasin-dos.zip" Habe Security Check heruntergeladen und gestartet. Dabei kam folgende Fehlermeldung Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED! Habe meinen Rechner neu gestarte bzw. versucht, jedoch startet er nicht mehr richtig/vollständig. Auch der abgesicherte Modus zeigt mir nach dem Bootvorgang nur einen schwarzen Bildschirm an. In den Taskmanager komme ich, aber mehr ist dann auch nicht anzufangen. What can I do? Windows7 neu drüberinstallieren? |
11.02.2014, 19:17 | #8 |
/// the machine /// TB-Ausbilder | PUP.Optional.OpenCandy gefunden Seit wann genau ist das so? Drück mal F8 beim Booten und wähle nicht Safe Mode, sondern Computer reparieren > Systemstartreparatur.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.02.2014, 12:34 | #9 |
| PUP.Optional.OpenCandy gefunden Nach der Deinstallation von ESET und dem anschließenden Versuch den Rechner neunte starten. reparieren war das Erste was ich probiert hatte, aber auch ohne Ergebnis. vielleicht macht es das Ganze einfacher, wenn ich den Rechner platt mache. Allerdings würde ich gerne die Daten, wenn möglich noch auf einer externen Festplatte sichern. In DOS komme ich ja rein, bin allerdings da nicht wirklich fit was die Befehle anbelangt - irgendwie an xCopy erinnere ich mich noch vage. Ich habe mich nun in die DOS Umgebung begeben. Ich kann so woe es aussieht alle Dateien sehen und auch einzelne Dateien aufrufen. Wenn ich bspw eine Textdatei öffne und über das Menü Datei>öffnen den Explorer öffnen möchte geht das nicht. Das war auch der Fall nachdem ich den ESET Scan durch hatte. Da könnte ich den Dateimanager auch nicht mehr öffnen. Was mir beim Booten noch auffällt: kurz bevor der Login Screen kommt ist der Bildschirm woe gewohnt erstmal schwarz, zeigt dann kurz den Login, wird dann wieder schwarz und zeigt dann den Login an. Mehr kann ich glaube ich erstmal nicht sagen. Hoffe Du kannst mir helfen... 13.02.2014 Neuer Tag, neues Glück. Musste Partition C nun doch formatieren und Windows7 Ultimate neu aufspielen da ich meinen Notebook dringend gebraucht habe. So bin ich vorgegangen: 1. Habe wichtige Ordner und Dateien von mir von Partition C auf D per xcopy /kr/e/i/s/c/h kopiert. 2. Habe Partition C formatiert und Windows 7 neu installiert. --> Rechner läuft wieder und kann auf Partition D zugreifen, nur die per xcopy verschobenen Ordner werden nicht angezeigt. Unter DOS sind sie aber da und einzelne Files auch aufrufbar. Ich weiß noch nicht woran das liegt. 3. Der Rechner bläst nur leider ständig. Hier nun die neuen logs zu den Scans wie du sie mir zuanfangs angeraten hast: FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01 Ran by oh (administrator) on XMP on 13-02-2014 12:26:39 Running from C:\Users\oh\Downloads Microsoft Windows 7 Ultimate (X86) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [714120 2011-01-05] (Acer Incorporated) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13834856 2010-05-20] (NVIDIA Corporation) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [496184 2012-11-18] (Conexant Systems, Inc.) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-12] (AVAST Software) HKLM\...\Run: [MobileBroadband] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-02-05] (Vodafone) Startup: C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Tcpip\Parameters: [DhcpNameServer] 192.168.250.40 FireFox: ======== FF ProfilePath: C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\ep2r4gcc.default FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-12] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-12] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-12] (AVAST Software) R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [734592 2011-01-05] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-02-05] (Vodafone) ==================== Drivers (Whitelisted) ==================== R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-02-12] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-12] (AVAST Software) R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [265072 2014-02-12] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2014-02-12] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-02-12] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-12] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-12] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-12] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-02-12] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [14808 2009-11-02] () R3 vodafone_K3805-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [61952 2010-09-01] (Vodafone) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [204800 2010-04-07] (Huawei Technologies Co., Ltd.) U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [101504 2010-03-20] (Huawei Technologies Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-13 12:26 - 2014-02-13 12:27 - 00007505 _____ () C:\Users\oh\Downloads\FRST.txt 2014-02-13 12:26 - 2014-02-13 12:26 - 01141248 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe 2014-02-13 12:26 - 2014-02-13 12:26 - 00000000 ____D () C:\FRST 2014-02-13 09:20 - 2014-02-13 09:20 - 00000000 ____D () C:\Users\oh\AppData\Roaming\FLEXnet 2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Windows\PCHEALTH 2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Microsoft.NET 2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-02-13 07:49 - 2014-02-13 07:49 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services 2014-02-13 07:48 - 2014-02-13 07:53 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-13 07:48 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 __RHD () C:\MSOCache 2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 ____D () C:\Users\oh\AppData\Local\Microsoft Help 2014-02-13 07:42 - 2014-02-13 07:42 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Vodafone 2014-02-13 00:01 - 2014-02-13 00:01 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller.exe 2014-02-12 23:56 - 2014-02-12 23:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-02-12 23:56 - 2014-02-12 23:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\DropboxMaster 2014-02-12 23:54 - 2014-02-13 09:22 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Dropbox 2014-02-12 23:54 - 2014-02-12 23:54 - 37660568 _____ (Dropbox, Inc.) C:\Users\oh\Downloads\Dropbox 2.6.2.exe 2014-02-12 23:54 - 2014-02-12 23:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2014-02-12 23:54 - 2013-01-30 11:26 - 00076544 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys 2014-02-12 23:53 - 2014-02-13 07:44 - 00000000 ____D () C:\ProgramData\Vodafone 2014-02-12 23:53 - 2014-02-12 23:53 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2014-02-12 23:53 - 2014-02-12 23:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\Macrovision 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Vodafone 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2014-02-12 23:51 - 2014-02-12 23:51 - 93522288 _____ () C:\Users\oh\Downloads\vmc_10.3.401.43721_RC1_setup.exe 2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\ProgramData\eDocPrintPro 2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\GS 2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\Common Files\SipgateFaxdrucker 2014-02-12 23:50 - 2013-12-18 06:13 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-02-12 23:48 - 2014-02-12 23:48 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Malwarebytes 2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-12 23:48 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-12 23:47 - 2014-02-12 23:47 - 00614792 _____ (Chip Digital GmbH) C:\Users\oh\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe 2014-02-12 23:46 - 2014-02-12 23:46 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Mozilla 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Local\Mozilla 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\ProgramData\Mozilla 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-12 23:44 - 2014-02-12 23:44 - 00002185 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk 2014-02-12 23:44 - 2014-02-12 23:44 - 00002125 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-02-12 23:44 - 2014-02-12 23:44 - 00000000 ____D () C:\Users\oh\AppData\Roaming\AVAST Software 2014-02-12 23:43 - 2014-02-12 23:43 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-02-12 23:43 - 2014-02-12 23:43 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-02-12 23:43 - 2014-02-12 23:43 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-02-12 23:42 - 2014-02-12 23:42 - 00000000 ____D () C:\Program Files\AVAST Software 2014-02-12 23:41 - 2014-02-13 07:54 - 00085768 _____ () C:\Users\oh\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-12 23:41 - 2014-02-12 23:41 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-02-12 23:41 - 2012-02-15 06:44 - 00826368 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2014-02-12 23:41 - 2012-02-15 05:22 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-02-12 23:41 - 2012-02-15 05:22 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys 2014-02-12 23:41 - 2010-01-09 07:52 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll 2014-02-12 23:37 - 2012-06-02 23:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-02-12 23:37 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-02-12 23:37 - 2012-06-02 23:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-02-12 23:37 - 2012-06-02 23:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-02-12 23:37 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-02-12 23:37 - 2012-06-02 23:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-02-12 23:37 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-02-12 23:37 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-02-12 23:37 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-02-12 23:35 - 2014-02-12 23:35 - 00000000 ____D () C:\Program Files\CONEXANT 2014-02-12 23:35 - 2012-11-18 21:40 - 00001096 ____N () C:\Windows\system32\Drivers\SamSfPa.dat 2014-02-12 23:35 - 2009-12-16 10:26 - 00168648 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\EED32A.dll 2014-02-12 23:35 - 2009-12-16 10:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\EEL32A.dll 2014-02-12 23:35 - 2009-12-16 10:26 - 00062664 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\EEG32A.dll 2014-02-12 23:31 - 2014-02-13 09:12 - 00006656 _____ () C:\Windows\system32\bcmwlrc.dll 2014-02-12 23:31 - 2014-02-12 23:31 - 03872056 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll 2014-02-12 23:31 - 2014-02-12 23:31 - 03764800 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL6.SYS 2014-02-12 23:31 - 2014-02-12 23:31 - 03560760 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll 2014-02-12 23:31 - 2014-02-12 23:31 - 00091448 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll 2014-02-12 23:31 - 2014-02-12 23:31 - 00000000 ____D () C:\Program Files\Broadcom 2014-02-12 23:29 - 2014-02-13 08:59 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Intel 2014-02-12 23:28 - 2014-02-13 08:59 - 00012768 _____ () C:\Windows\DPINST.LOG 2014-02-12 23:28 - 2014-02-12 23:28 - 00000000 ____D () C:\Program Files\Cisco 2014-02-12 23:25 - 2014-02-12 23:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-02-12 23:02 - 2014-02-13 09:01 - 00006226 _____ () C:\Windows\PFRO.log 2014-02-12 23:02 - 2014-02-12 23:02 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-12 23:00 - 2010-06-10 14:15 - 00600680 _____ (NVIDIA Corporation) C:\Windows\system32\nvuninst.exe 2014-02-12 22:59 - 2014-02-12 22:59 - 00000000 ____D () C:\ProgramData\OEM 2014-02-12 22:59 - 2014-02-12 22:59 - 00000000 ____D () C:\Program Files\Acer 2014-02-12 22:59 - 2010-04-07 10:05 - 00204800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys 2014-02-12 22:59 - 2010-03-25 03:08 - 00105984 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-02-12 22:59 - 2010-03-20 05:06 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys 2014-02-12 22:59 - 2010-03-20 04:56 - 00101504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys 2014-02-12 22:59 - 2010-03-17 07:33 - 00861696 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys 2014-02-12 22:59 - 2010-01-18 11:48 - 00027136 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys 2014-02-12 22:58 - 2014-02-12 22:59 - 00000000 ____D () C:\Program Files\HUAWEI Modem Driver 2014-02-12 22:57 - 2014-02-13 09:19 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-12 22:57 - 2014-02-13 08:59 - 00000000 ____D () C:\Program Files\Intel 2014-02-12 22:56 - 2014-02-12 22:59 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-02-12 22:56 - 2014-02-12 22:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\InstallShield 2014-02-12 22:54 - 2014-02-12 23:53 - 00000000 ____D () C:\Users\oh 2014-02-12 22:54 - 2014-02-12 23:33 - 00000000 ____D () C:\Users\oh\AppData\Local\VirtualStore 2014-02-12 22:54 - 2014-02-12 22:54 - 00001409 _____ () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-12 22:54 - 2014-02-12 22:54 - 00000020 ___SH () C:\Users\oh\ntuser.ini 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Startmenü 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Netzwerkumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Druckumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Local\Verlauf 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 __SHD () C:\Recovery 2014-02-12 22:54 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-12 22:54 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-12 22:50 - 2014-02-13 11:38 - 01120871 _____ () C:\Windows\WindowsUpdate.log 2014-02-12 22:47 - 2014-02-12 22:49 - 00001313 _____ () C:\Windows\TSSysprep.log 2014-02-12 22:44 - 2014-02-12 22:54 - 00000000 ____D () C:\Windows\Panther 2014-02-12 22:09 - 2012-11-18 21:56 - 00325672 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60x.sys 2014-02-12 22:08 - 2012-11-18 21:40 - 01737272 _____ (Conexant Systems Inc.) C:\Windows\system32\CX32HP25.dll 2014-02-12 22:08 - 2012-11-18 21:40 - 00520760 _____ (Conexant Systems Inc.) C:\Windows\system32\Drivers\CHDRT32.sys 2014-02-12 22:08 - 2012-11-18 21:40 - 00428088 _____ (Conexant Systems, Inc.) C:\Windows\system32\CDolbyExt32.dll 2014-02-12 22:08 - 2012-11-18 21:40 - 00308128 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll 2014-02-12 22:08 - 2012-11-18 21:40 - 00301624 _____ (Conexant Systems, Inc.) C:\Windows\system32\UCI32A55.dll 2014-02-12 22:08 - 2012-11-18 21:40 - 00076344 _____ (Conexant Systems, Inc.) C:\Windows\system32\FMPropPageExt.dll ==================== One Month Modified Files and Folders ======= 2014-02-13 12:27 - 2014-02-13 12:26 - 00007505 _____ () C:\Users\oh\Downloads\FRST.txt 2014-02-13 12:26 - 2014-02-13 12:26 - 01141248 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe 2014-02-13 12:26 - 2014-02-13 12:26 - 00000000 ____D () C:\FRST 2014-02-13 11:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2014-02-13 11:38 - 2014-02-12 22:50 - 01120871 _____ () C:\Windows\WindowsUpdate.log 2014-02-13 11:16 - 2009-07-14 05:34 - 00012208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-13 11:16 - 2009-07-14 05:34 - 00012208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-13 09:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-13 09:22 - 2014-02-12 23:54 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Dropbox 2014-02-13 09:20 - 2014-02-13 09:20 - 00000000 ____D () C:\Users\oh\AppData\Roaming\FLEXnet 2014-02-13 09:19 - 2014-02-12 22:57 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-13 09:14 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-13 09:14 - 2009-07-14 05:39 - 00022369 _____ () C:\Windows\setupact.log 2014-02-13 09:12 - 2014-02-12 23:31 - 00006656 _____ () C:\Windows\system32\bcmwlrc.dll 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-TW 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\th-TH 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sv-SE 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sl-SI 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sk-SK 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ro-RO 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-PT 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-BR 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nl-NL 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nb-NO 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\lv-LV 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\lt-LT 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ko-KR 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ja-JP 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hu-HU 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hr-HR 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\he-IL 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fr-FR 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fi-FI 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\et-EE 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\el-GR 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\bg-BG 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ar-SA 2014-02-13 09:06 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-02-13 09:01 - 2014-02-12 23:02 - 00006226 _____ () C:\Windows\PFRO.log 2014-02-13 09:01 - 2009-07-14 05:33 - 00341520 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-13 08:59 - 2014-02-12 23:29 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Intel 2014-02-13 08:59 - 2014-02-12 23:28 - 00012768 _____ () C:\Windows\DPINST.LOG 2014-02-13 08:59 - 2014-02-12 22:57 - 00000000 ____D () C:\Program Files\Intel 2014-02-13 07:54 - 2014-02-12 23:41 - 00085768 _____ () C:\Users\oh\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-13 07:53 - 2014-02-13 07:48 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Windows\PCHEALTH 2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Microsoft.NET 2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-02-13 07:51 - 2014-02-13 07:48 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-02-13 07:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-02-13 07:49 - 2014-02-13 07:49 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services 2014-02-13 07:49 - 2009-07-14 09:56 - 00000000 ____D () C:\Windows\ShellNew 2014-02-13 07:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System 2014-02-13 07:49 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini 2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 __RHD () C:\MSOCache 2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 ____D () C:\Users\oh\AppData\Local\Microsoft Help 2014-02-13 07:44 - 2014-02-12 23:53 - 00000000 ____D () C:\ProgramData\Vodafone 2014-02-13 07:42 - 2014-02-13 07:42 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Vodafone 2014-02-13 00:01 - 2014-02-13 00:01 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller.exe 2014-02-12 23:56 - 2014-02-12 23:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-02-12 23:56 - 2014-02-12 23:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\DropboxMaster 2014-02-12 23:54 - 2014-02-12 23:54 - 37660568 _____ (Dropbox, Inc.) C:\Users\oh\Downloads\Dropbox 2.6.2.exe 2014-02-12 23:54 - 2014-02-12 23:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2014-02-12 23:53 - 2014-02-12 23:53 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2014-02-12 23:53 - 2014-02-12 23:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf 2014-02-12 23:53 - 2014-02-12 22:54 - 00000000 ____D () C:\Users\oh 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\Macrovision 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Vodafone 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2014-02-12 23:51 - 2014-02-12 23:51 - 93522288 _____ () C:\Users\oh\Downloads\vmc_10.3.401.43721_RC1_setup.exe 2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\ProgramData\eDocPrintPro 2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\GS 2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\Common Files\SipgateFaxdrucker 2014-02-12 23:48 - 2014-02-12 23:48 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Malwarebytes 2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-12 23:47 - 2014-02-12 23:47 - 00614792 _____ (Chip Digital GmbH) C:\Users\oh\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe 2014-02-12 23:46 - 2014-02-12 23:46 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Mozilla 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Local\Mozilla 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\ProgramData\Mozilla 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-12 23:44 - 2014-02-12 23:44 - 00002185 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk 2014-02-12 23:44 - 2014-02-12 23:44 - 00002125 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-02-12 23:44 - 2014-02-12 23:44 - 00000000 ____D () C:\Users\oh\AppData\Roaming\AVAST Software 2014-02-12 23:43 - 2014-02-12 23:43 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-02-12 23:43 - 2014-02-12 23:43 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-02-12 23:43 - 2014-02-12 23:43 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-02-12 23:42 - 2014-02-12 23:42 - 00000000 ____D () C:\Program Files\AVAST Software 2014-02-12 23:41 - 2014-02-12 23:41 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-02-12 23:35 - 2014-02-12 23:35 - 00000000 ____D () C:\Program Files\CONEXANT 2014-02-12 23:33 - 2014-02-12 22:54 - 00000000 ____D () C:\Users\oh\AppData\Local\VirtualStore 2014-02-12 23:31 - 2014-02-12 23:31 - 03872056 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll 2014-02-12 23:31 - 2014-02-12 23:31 - 03764800 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL6.SYS 2014-02-12 23:31 - 2014-02-12 23:31 - 03560760 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll 2014-02-12 23:31 - 2014-02-12 23:31 - 00091448 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll 2014-02-12 23:31 - 2014-02-12 23:31 - 00000000 ____D () C:\Program Files\Broadcom 2014-02-12 23:28 - 2014-02-12 23:28 - 00000000 ____D () C:\Program Files\Cisco 2014-02-12 23:25 - 2014-02-12 23:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-02-12 23:02 - 2014-02-12 23:02 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-12 23:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help 2014-02-12 22:59 - 2014-02-12 22:59 - 00000000 ____D () C:\ProgramData\OEM 2014-02-12 22:59 - 2014-02-12 22:59 - 00000000 ____D () C:\Program Files\Acer 2014-02-12 22:59 - 2014-02-12 22:58 - 00000000 ____D () C:\Program Files\HUAWEI Modem Driver 2014-02-12 22:59 - 2014-02-12 22:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-02-12 22:56 - 2014-02-12 22:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\InstallShield 2014-02-12 22:56 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\restore 2014-02-12 22:54 - 2014-02-12 22:54 - 00001409 _____ () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-12 22:54 - 2014-02-12 22:54 - 00000020 ___SH () C:\Users\oh\ntuser.ini 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Startmenü 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Netzwerkumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Druckumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Local\Verlauf 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 __SHD () C:\Recovery 2014-02-12 22:54 - 2014-02-12 22:44 - 00000000 ____D () C:\Windows\Panther 2014-02-12 22:54 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2014-02-12 22:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT 2014-02-12 22:49 - 2014-02-12 22:47 - 00001313 _____ () C:\Windows\TSSysprep.log 2014-02-12 22:47 - 2009-07-14 09:56 - 00000000 ____D () C:\Windows\CSC 2014-02-12 22:47 - 2009-07-14 05:34 - 00001774 _____ () C:\Windows\DtcInstall.log 2014-02-12 22:44 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG 2014-02-12 22:44 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template Some content of TEMP: ==================== C:\Users\oh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy6xebz.dll C:\Users\oh\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-13 11:43 ==================== End Of Log ============================ --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01 Ran by oh at 2014-02-13 12:27:16 Running from C:\Users\oh\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== Acer ePower Management (Version: 5.00.3009 - Acer Incorporated) avast! Internet Security (Version: 9.0.2013 - Avast Software) Broadcom 802.11 Network Adapter (Version: 5.100.249.2 - Broadcom Corporation) Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Conexant HD Audio (Version: 4.121.0.50 - Conexant) Dropbox (HKCU Version: 2.6.2 - Dropbox, Inc.) HUAWEI DataCard Driver 4.05.02.00 (Version: 4.05.02.00 - Huawei technologies Co., Ltd.) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Mozilla Firefox 22.0 (x86 de) (Version: 22.0 - Mozilla) Mozilla Maintenance Service (Version: 22.0 - Mozilla) NVIDIA Drivers (Version: 1.10 - NVIDIA Corporation) sipgate Faxdrucker (Version: 1.0.0 - sipgate GmbH) Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6 - Intel) Vodafone Mobile Broadband (Version: 10.3.401.43721 - Vodafone) ==================== Restore Points ========================= 12-02-2014 21:56:49 Installiert Überwachungstool für die Intel® Turbo-Boost-Technik 12-02-2014 21:57:14 Installed Intel(R) Turbo Boost Technology Monitor. 12-02-2014 21:59:44 Installiert Acer ePower Management 12-02-2014 22:28:01 Installed Intel(R) PROSet/Wireless WiFi Software. 12-02-2014 22:37:03 Windows Update 12-02-2014 22:41:02 Windows Update 12-02-2014 22:42:03 avast! antivirus system restore point 12-02-2014 22:43:53 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst 12-02-2014 22:49:46 Installed sipgate Faxdrucker 12-02-2014 22:52:34 Installed Vodafone Mobile Broadband. 13-02-2014 06:47:58 Installed Microsoft Office Professional 2010 13-02-2014 07:57:47 Removed Intel(R) PROSet/Wireless WiFi-Software. ==================== Hosts content: ========================== 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {A8F4DCF0-2159-43B5-8C60-A64185AA63BB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-12] (AVAST Software) ==================== Loaded Modules (whitelisted) ============= 2014-02-12 23:43 - 2014-02-12 23:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll 2014-02-13 09:15 - 2014-02-13 09:15 - 00041984 _____ () c:\users\oh\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy6xebz.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\oh\AppData\Roaming\Dropbox\bin\libcef.dll 2014-02-12 23:46 - 2013-06-18 15:21 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf 2010-02-28 02:55 - 2010-02-28 02:55 - 01040736 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: PCI-Kommunikationscontroller (einfach) Description: PCI-Kommunikationscontroller (einfach) Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: FingerPrinter Reader Description: FingerPrinter Reader Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service) (User: ) Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7 Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service) (User: ) Description: License acquisition failure details. hr=0x80072EE7 Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service) (User: ) Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7 Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service) (User: ) Description: License acquisition failure details. hr=0x80072EE7 Error: (02/13/2014 07:56:10 AM) (Source: Office Software Protection Platform Service) (User: ) Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7 Error: (02/13/2014 07:56:10 AM) (Source: Office Software Protection Platform Service) (User: ) Description: License acquisition failure details. hr=0x80072EE7 Error: (02/13/2014 07:53:00 AM) (Source: Office Software Protection Platform Service) (User: ) Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7 Error: (02/13/2014 07:53:00 AM) (Source: Office Software Protection Platform Service) (User: ) Description: License acquisition failure details. hr=0x80072EE7 Error: (02/13/2014 07:47:56 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {cddba2f9-50de-40c6-8df1-ef44051a25e6} Error: (02/12/2014 10:56:49 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {0a9e2df2-af72-4e0c-8a98-fb26589c4b75} System errors: ============= Error: (02/13/2014 08:56:13 AM) (Source: BTHUSB) (User: ) Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error: (02/12/2014 11:41:38 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "kwxjrvfe" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/12/2014 10:50:26 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243 Microsoft Office Sessions: ========================= Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service)(User: ) Description: hr=0x80072EE78b559c37-0117-413e-921b-b853aeb6e210 Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service)(User: ) Description: hr=0x80072EE700010001(0x00000000, 09:03:44:900 - hxxp://go.microsoft.com/fwlink/?LinkID=120748) 00020001(0x00000000, 09:03:44:900) 00030001(0x00000000, 09:03:44:900 - hxxp://go.microsoft.com) 00030002(0x00000000, 09:03:44:900 - 0) 00040001(0x00000000, 09:03:44:900 - hxxp://go.microsoft.com) 00040002(0x00000000, 09:03:44:916 - 1, <NULL>, <NULL>, <NULL>) 00040004(0x80072F94, 09:03:44:932 - <NULL>) 00040006(0x00000000, 09:03:44:932 - 1, hxxp://go.microsoft.com, <NULL>, <local>) 00020005(0x00000000, 09:03:44:932 - 0) 00020007(0x80072EE7, 09:03:44:932) 00010002(0x80072EE7, 09:03:44:932 - <NULL>) 00010003(0x80072EE7, 09:03:44:932) Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service)(User: ) Description: hr=0x80072EE78b559c37-0117-413e-921b-b853aeb6e210 Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service)(User: ) Description: hr=0x80072EE700010001(0x00000000, 08:14:23:884 - hxxp://go.microsoft.com/fwlink/?LinkID=120748) 00020001(0x00000000, 08:14:23:884) 00030001(0x00000000, 08:14:23:899 - hxxp://go.microsoft.com) 00030002(0x00000000, 08:14:23:899 - 0) 00040001(0x00000000, 08:14:23:899 - hxxp://go.microsoft.com) 00040002(0x00000000, 08:14:23:915 - 1, <NULL>, <NULL>, <NULL>) 00040004(0x80072F94, 08:14:23:930 - <NULL>) 00040006(0x00000000, 08:14:23:930 - 1, hxxp://go.microsoft.com, <NULL>, <local>) 00020005(0x00000000, 08:14:23:930 - 0) 00020007(0x80072EE7, 08:14:23:930) 00010002(0x80072EE7, 08:14:23:930 - <NULL>) 00010003(0x80072EE7, 08:14:23:930) Error: (02/13/2014 07:56:10 AM) (Source: Office Software Protection Platform Service)(User: ) Description: hr=0x80072EE78b559c37-0117-413e-921b-b853aeb6e210 Error: (02/13/2014 07:56:10 AM) (Source: Office Software Protection Platform Service)(User: ) Description: hr=0x80072EE700010001(0x00000000, 07:56:10:340 - hxxp://go.microsoft.com/fwlink/?LinkID=120748) 00020001(0x00000000, 07:56:10:355) 00030001(0x00000000, 07:56:10:371 - hxxp://go.microsoft.com) 00030002(0x00000000, 07:56:10:371 - 0) 00040001(0x00000000, 07:56:10:371 - hxxp://go.microsoft.com) 00040002(0x00000000, 07:56:10:371 - 1, <NULL>, <NULL>, <NULL>) 00040004(0x80072F94, 07:56:10:402 - <NULL>) 00040006(0x00000000, 07:56:10:402 - 1, hxxp://go.microsoft.com, <NULL>, <local>) 00020005(0x00000000, 07:56:10:402 - 0) 00020007(0x80072EE7, 07:56:10:402) 00010002(0x80072EE7, 07:56:10:402 - <NULL>) 00010003(0x80072EE7, 07:56:10:402) Error: (02/13/2014 07:53:00 AM) (Source: Office Software Protection Platform Service)(User: ) Description: hr=0x80072EE78b559c37-0117-413e-921b-b853aeb6e210 Error: (02/13/2014 07:53:00 AM) (Source: Office Software Protection Platform Service)(User: ) Description: hr=0x80072EE700010001(0x00000000, 07:53:00:218 - hxxp://go.microsoft.com/fwlink/?LinkID=120748) 00020001(0x00000000, 07:53:00:265) 00030001(0x00000000, 07:53:00:296 - hxxp://go.microsoft.com) 00030002(0x00000000, 07:53:00:296 - 0) 00040001(0x00000000, 07:53:00:296 - hxxp://go.microsoft.com) 00040002(0x00000000, 07:53:00:312 - 1, <NULL>, <NULL>, <NULL>) 00040004(0x80072F94, 07:53:00:374 - <NULL>) 00040006(0x00000000, 07:53:00:374 - 1, hxxp://go.microsoft.com, <NULL>, <local>) 00020005(0x00000000, 07:53:00:374 - 0) 00020007(0x80072EE7, 07:53:00:374) 00010002(0x80072EE7, 07:53:00:374 - <NULL>) 00010003(0x80072EE7, 07:53:00:374) Error: (02/13/2014 07:47:56 AM) (Source: VSS)(User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {cddba2f9-50de-40c6-8df1-ef44051a25e6} Error: (02/12/2014 10:56:49 PM) (Source: VSS)(User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {0a9e2df2-af72-4e0c-8a98-fb26589c4b75} ==================== Memory info =========================== Percentage of memory in use: 61% Total physical RAM: 2356.4 MB Available physical RAM: 909.93 MB Total Pagefile: 4711.08 MB Available Pagefile: 3020.21 MB Total Virtual: 2047.88 MB Available Virtual: 1883.36 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.66 GB) (Free:81.49 GB) NTFS Drive d: () (Fixed) (Total:187.33 GB) (Free:20.4 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: AABD5AB5) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=187 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
14.02.2014, 15:02 | #10 |
/// the machine /// TB-Ausbilder | PUP.Optional.OpenCandy gefunden Die LOgs zeigen immer nur das WIndows-Laufwerk. Also im WIndows Explorer siehst du die Ordner nicht? Auch nicht wenn du versteckte Dateien anzeigen lässt?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.02.2014, 14:23 | #11 |
| PUP.Optional.OpenCandy gefunden versteckte Dateien anzeigen zeigt mir den vermissten Ordner nicht an. Auf DOS sehe ich den Ordnernamen aber wie gesagt nicht unter Windows Explorer. Rufe ich den vermissten Ordnernamen von Hand auf leitet er mich auf einen Ordner im Laufwerk D. Aber das ist für mich erstmal verschmerzbar da ich die Daten zum Glück noch anderweitig gesichert habe. Ich habe wie geschrieben mein System neu aufgesetzt und Malewarebytes drüber laufen lassen. mit folgendem Log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.12.10 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 oh :: XMP [Administrator] Schutz: Aktiviert 17.02.2014 11:06:30 MBAM-log-2014-02-17 (13-59-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 525936 Laufzeit: 2 Stunde(n), 49 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\oh\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> 4428 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\SOMOTO\SDP (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\Software\Somoto\SDP|affid (PUP.Optional.Somoto.A) -> Daten: danielnetsoftware -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 5 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 5 C:\Users\oh\AppData\Local\Temp\smartbar (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Roaming\OpenCandy\1A5FD436EB8C4D21BAA393E16B9E4B9C (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Local\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 13 C:\Users\oh\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Local\Temp\nsaD3B9.tmp\Setup58771.exe (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Local\Temp\smartbar\Installer.msi (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Local\Temp\is-FMP2J.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Roaming\OpenCandy\1A5FD436EB8C4D21BAA393E16B9E4B9C\dlm.exe (PUP.Optional.OpenCandy.A) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Local\Temp\smartbar\GuidCreator.dll (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Local\Temp\smartbar\Installer.exe.config (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Roaming\OpenCandy\1A5FD436EB8C4D21BAA393E16B9E4B9C\Setup1004733_DE-2.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Roaming\OpenCandy\1A5FD436EB8C4D21BAA393E16B9E4B9C\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. (Ende) FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014 Ran by oh (administrator) on XMP on 17-02-2014 14:21:54 Running from C:\Users\oh\Downloads Microsoft Windows 7 Ultimate (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Connectify) C:\Program Files\Connectify\ConnectifyService.exe (Connectify) C:\Program Files\Connectify\ConnectifyD.exe (Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Connectify) C:\Program Files\Connectify\Connectify.exe (Connectify) C:\Program Files\Connectify\DispatchUI.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Somoto) C:\Users\oh\AppData\Local\FilesFrog Update Checker\update_checker.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files\iTunes\iTunes.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe (Connectify) C:\Program Files\Connectify\ConnectifyNetServices.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe (Farbar) C:\Users\oh\Downloads\FRST(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [492952 2010-12-03] (Acer Incorporated) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13834856 2010-05-20] (NVIDIA Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-12] (AVAST Software) HKLM\...\Run: [MobileBroadband] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-02-05] (Vodafone) HKLM\...\Run: [Connectify Hotspot] - C:\Program Files\Connectify\Connectify.exe [3755296 2013-12-23] (Connectify) HKLM\...\Run: [Connectify Dispatch] - C:\Program Files\Connectify\DispatchUI.exe [1685280 2013-12-23] (Connectify) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.) HKLM\...\Runonce: [danielnetsoftware] - [X] Startup: C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM} HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM} SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM} BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.250.40 FireFox: ======== FF ProfilePath: C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\ep2r4gcc.default FF NewTab: hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=nt&installDate={installDate}&barcodeid={barcodeID}&um={UM} FF SelectedSearchEngine: Yahoo FF Homepage: about:home FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&installDate={installDate}&barcodeid={barcodeID}&um={UM}&q= FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-12] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-12] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-12] (AVAST Software) R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [487936 2013-12-23] (Connectify) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-02-05] (Vodafone) ==================== Drivers (Whitelisted) ==================== R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-02-12] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-12] (AVAST Software) R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [265072 2014-02-12] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2014-02-12] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-02-12] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-12] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-12] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-12] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-02-12] () R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [29672 2014-02-13] (Connectify) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-17] (Malwarebytes Corporation) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [14808 2009-11-02] () R3 vodafone_K3805-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [61952 2010-09-01] (Vodafone) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [204800 2010-04-07] (Huawei Technologies Co., Ltd.) U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [101504 2010-03-20] (Huawei Technologies Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-17 14:21 - 2014-02-17 14:21 - 01166132 _____ () C:\Users\oh\Downloads\adwcleaner(1).exe 2014-02-17 14:21 - 2014-02-17 14:21 - 01037530 _____ (Thisisu) C:\Users\oh\Downloads\JRT.exe 2014-02-17 14:20 - 2014-02-17 14:20 - 01141248 _____ (Farbar) C:\Users\oh\Downloads\FRST(1).exe 2014-02-17 11:05 - 2014-02-17 11:05 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-02-17 09:28 - 2014-02-17 09:36 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Apple Computer 2014-02-17 09:28 - 2014-02-17 09:28 - 00000000 ____D () C:\Users\oh\AppData\Local\Apple Computer 2014-02-17 09:28 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2014-02-17 09:27 - 2014-02-17 09:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-02-17 09:27 - 2014-02-17 09:28 - 00000000 ____D () C:\Program Files\iTunes 2014-02-17 09:27 - 2014-02-17 09:27 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-02-17 09:27 - 2014-02-17 09:27 - 00000000 ____D () C:\Program Files\iPod 2014-02-17 09:26 - 2014-02-17 09:26 - 00000000 ____D () C:\Users\oh\AppData\Local\Apple 2014-02-17 09:25 - 2014-02-17 09:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf 2014-02-17 09:25 - 2014-02-17 09:25 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-02-17 09:23 - 2014-02-17 09:23 - 00000000 ____D () C:\Program Files\Bonjour 2014-02-17 09:22 - 2014-02-17 09:27 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-02-17 09:22 - 2014-02-17 09:25 - 00000000 ____D () C:\ProgramData\Apple 2014-02-17 09:19 - 2014-02-17 09:20 - 137694544 _____ (Apple Inc.) C:\Users\oh\Downloads\iTunesSetup.exe 2014-02-17 09:14 - 2014-02-17 09:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-02-17 08:06 - 2014-02-17 09:05 - 00406917 _____ () C:\Users\oh\Desktop\LeadGen-Businessplan_20140217.xlsx 2014-02-17 08:06 - 2014-02-17 08:06 - 00000165 ____H () C:\Users\oh\Desktop\~$LeadGen-Businessplan_20140217.xlsx 2014-02-14 18:57 - 2014-02-17 08:05 - 00392663 _____ () C:\Users\oh\Desktop\LeadGen-Businessplan_20140214.xlsx 2014-02-14 16:46 - 2014-02-14 16:46 - 00000000 ____D () C:\Users\oh\Downloads\Win7LogonBackgroundChanger 2014-02-14 15:52 - 2014-02-14 15:53 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 ____D () C:\Users\oh\AppData\Roaming\TuneUp Software 2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker 2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 ____D () C:\Users\oh\AppData\Local\FilesFrog Update Checker 2014-02-14 15:51 - 2014-02-14 15:52 - 00002410 _____ () C:\Windows\system32\cplLogon.tsk 2014-02-14 15:51 - 2014-02-14 15:51 - 00001013 _____ () C:\Users\Public\Desktop\Logon Screen.lnk 2014-02-14 15:51 - 2014-02-14 15:51 - 00000000 ____D () C:\Users\oh\AppData\Roaming\OpenCandy 2014-02-14 15:50 - 2014-02-14 15:50 - 02218077 _____ (Daniel Rebelo ) C:\Users\oh\Downloads\Logon_Screen_2.56.exe 2014-02-14 11:04 - 2014-02-14 18:56 - 00394247 _____ () C:\Users\oh\Desktop\LeadGen-Businessplan_20140213.xlsx 2014-02-14 10:50 - 2011-02-19 06:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-02-14 10:31 - 2012-12-16 15:25 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-02-14 10:31 - 2012-12-16 15:25 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-02-14 10:29 - 2009-09-10 06:52 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-02-14 09:58 - 2014-02-14 10:00 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-14 09:58 - 2014-02-04 19:09 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-14 09:58 - 2012-07-26 04:39 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-02-14 09:58 - 2012-07-26 04:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2014-02-14 09:58 - 2012-07-26 03:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2014-02-14 09:58 - 2012-06-02 15:34 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2014-02-14 09:57 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2014-02-14 09:57 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2014-02-14 09:57 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2014-02-14 09:57 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2014-02-14 09:57 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2014-02-14 09:57 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2014-02-14 09:57 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2014-02-14 09:57 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2014-02-14 09:55 - 2012-03-01 06:53 - 00019312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys 2014-02-14 09:55 - 2012-03-01 06:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-02-14 09:55 - 2012-03-01 06:40 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-02-14 09:54 - 2014-02-14 09:54 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-14 09:54 - 2014-02-14 09:54 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-14 09:54 - 2014-02-14 09:54 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-02-14 09:54 - 2014-02-14 09:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-02-14 09:54 - 2014-02-14 09:54 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-02-14 09:54 - 2014-02-14 09:54 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-14 09:54 - 2014-02-14 09:54 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-02-14 09:54 - 2014-02-14 09:54 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-02-14 09:54 - 2014-02-14 09:54 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-14 09:54 - 2014-02-14 09:54 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-02-14 09:54 - 2014-02-14 09:54 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-02-14 09:54 - 2014-02-14 09:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-02-14 09:52 - 2014-02-14 09:55 - 00004884 _____ () C:\Windows\IE9_main.log 2014-02-14 09:51 - 2010-02-11 08:10 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe 2014-02-14 09:47 - 2010-03-04 05:04 - 00146304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2014-02-14 09:47 - 2010-03-04 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys 2014-02-14 09:46 - 2010-09-14 07:07 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll 2014-02-14 09:39 - 2013-04-12 14:58 - 01210728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-02-14 09:39 - 2012-11-22 10:33 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-02-14 09:39 - 2011-11-17 06:41 - 01288984 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-02-14 09:39 - 2011-04-29 03:57 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2014-02-14 09:39 - 2011-04-29 03:57 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2014-02-14 09:39 - 2011-04-29 03:57 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2014-02-14 09:39 - 2011-04-25 03:35 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-02-14 09:39 - 2010-06-29 06:02 - 01413632 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2014-02-14 09:38 - 2013-03-19 06:06 - 03958120 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-02-14 09:38 - 2013-03-19 06:06 - 03902312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-02-14 09:38 - 2013-03-19 05:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-02-14 09:38 - 2013-03-19 03:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2014-02-14 09:38 - 2013-03-01 04:11 - 02345984 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-02-14 09:38 - 2013-02-12 14:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2014-02-14 09:38 - 2013-01-24 05:51 - 00195816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2014-02-14 09:38 - 2012-11-09 05:49 - 00492032 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-02-14 09:38 - 2012-11-02 05:48 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2014-02-14 09:38 - 2012-08-24 18:10 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-02-14 09:38 - 2011-06-16 05:35 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll 2014-02-14 09:38 - 2011-03-03 06:29 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2014-02-14 09:38 - 2011-03-03 06:29 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2014-02-14 09:38 - 2011-03-03 06:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe 2014-02-14 09:38 - 2011-02-18 06:33 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe 2014-02-14 09:38 - 2010-08-21 06:32 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2014-02-14 09:37 - 2012-06-02 05:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-02-14 09:37 - 2012-06-02 05:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-02-14 09:37 - 2012-06-02 05:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-02-14 09:37 - 2012-04-28 04:19 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-02-14 09:37 - 2012-01-03 06:44 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2014-02-14 09:37 - 2011-08-17 05:26 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll 2014-02-14 09:37 - 2011-08-17 05:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax 2014-02-14 09:37 - 2011-08-17 05:22 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax 2014-02-14 09:37 - 2011-08-17 05:22 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax 2014-02-14 09:37 - 2011-08-17 05:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax 2014-02-14 09:37 - 2011-05-24 11:35 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll 2014-02-14 09:37 - 2010-11-02 05:41 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll 2014-02-14 09:37 - 2010-11-02 05:40 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll 2014-02-14 09:37 - 2010-11-02 05:40 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll 2014-02-14 09:37 - 2010-11-02 05:39 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-02-14 09:37 - 2010-11-02 05:34 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe 2014-02-14 09:37 - 2010-11-02 05:34 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe 2014-02-14 09:37 - 2010-08-26 05:39 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2014-02-14 09:37 - 2010-08-04 07:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll 2014-02-14 09:37 - 2010-07-29 07:30 - 00197632 _____ (Intel(R) Corporation) C:\Windows\system32\ir32_32.dll 2014-02-14 09:37 - 2010-07-29 07:30 - 00082944 _____ (Radius Inc.) C:\Windows\system32\iccvid.dll 2014-02-14 09:37 - 2010-06-19 07:23 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll 2014-02-14 09:37 - 2009-10-31 06:45 - 02614272 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2014-02-14 09:37 - 2009-10-28 07:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-02-14 09:37 - 2009-08-29 07:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll 2014-02-14 09:36 - 2013-02-12 16:13 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-02-14 09:36 - 2013-02-12 16:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-02-14 09:36 - 2013-02-12 14:59 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-02-14 09:36 - 2012-11-02 05:50 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-02-14 09:36 - 2012-06-06 06:09 - 01236992 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-14 09:36 - 2012-06-02 05:51 - 00134000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-02-14 09:36 - 2012-06-02 05:51 - 00067440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-02-14 09:36 - 2012-06-02 05:50 - 00369336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-02-14 09:36 - 2012-06-02 05:48 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-02-14 09:36 - 2011-08-27 05:43 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-02-14 09:36 - 2011-08-27 05:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll 2014-02-14 09:36 - 2011-07-09 03:26 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2014-02-14 09:36 - 2011-05-04 03:43 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2014-02-14 09:36 - 2011-05-04 03:43 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2014-02-14 09:36 - 2011-05-03 05:50 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-02-14 09:36 - 2011-04-27 03:33 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-02-14 09:36 - 2010-10-16 05:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll 2014-02-14 09:36 - 2010-03-05 08:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2014-02-14 09:36 - 2009-09-03 08:04 - 01320960 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll 2014-02-14 09:36 - 2009-08-19 08:20 - 00507568 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-02-14 09:36 - 2009-08-19 08:20 - 00442920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-02-14 09:35 - 2013-01-04 05:55 - 01287528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-02-14 09:35 - 2013-01-04 05:55 - 00187240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-02-14 09:35 - 2012-11-30 00:21 - 00420032 _____ () C:\Windows\system32\locale.nls 2014-02-14 09:35 - 2011-11-19 15:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-02-14 09:35 - 2011-05-04 05:53 - 01553920 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2014-02-14 09:35 - 2011-05-04 05:52 - 01401856 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2014-02-14 09:35 - 2011-05-04 05:52 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2014-02-14 09:35 - 2011-05-04 05:52 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2014-02-14 09:35 - 2011-05-04 05:52 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2014-02-14 09:35 - 2011-05-04 05:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2014-02-14 09:35 - 2011-05-04 05:52 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2014-02-14 09:35 - 2011-05-04 05:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2014-02-14 09:35 - 2011-05-04 05:52 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2014-02-14 09:35 - 2010-09-01 05:29 - 11406848 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-02-14 09:35 - 2010-09-01 05:23 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-02-14 09:35 - 2010-08-31 05:32 - 00954752 _____ (Microsoft Corporation) C:\Windows\system32\mfc40.dll 2014-02-14 09:35 - 2010-08-31 05:32 - 00954288 _____ (Microsoft Corporation) C:\Windows\system32\mfc40u.dll 2014-02-14 09:35 - 2010-08-21 06:33 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-02-14 09:34 - 2012-08-11 00:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-02-14 09:34 - 2012-07-04 22:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll 2014-02-14 09:34 - 2012-07-04 22:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll 2014-02-14 09:34 - 2012-07-04 22:23 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll 2014-02-14 09:34 - 2012-05-05 08:44 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-02-14 09:34 - 2011-10-26 05:28 - 01328640 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-02-14 09:34 - 2011-10-26 05:28 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-02-14 09:34 - 2011-10-15 06:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2014-02-14 09:34 - 2011-03-12 12:31 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2014-02-14 09:34 - 2011-02-24 06:32 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-02-14 09:34 - 2011-02-12 06:30 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe 2014-02-14 09:34 - 2010-12-23 06:28 - 00850432 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll 2014-02-14 09:34 - 2010-12-23 06:28 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2014-02-14 09:34 - 2010-12-23 06:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax 2014-02-14 09:34 - 2009-12-19 10:02 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll 2014-02-14 09:34 - 2009-12-19 10:02 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll 2014-02-14 09:34 - 2009-12-19 10:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll 2014-02-14 09:34 - 2009-12-19 10:02 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll 2014-02-14 09:34 - 2009-12-19 10:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll 2014-02-14 09:34 - 2009-12-19 10:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll 2014-02-14 09:34 - 2009-12-19 10:02 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll 2014-02-14 09:34 - 2009-12-08 12:32 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2014-02-14 09:34 - 2009-10-19 15:10 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2014-02-14 09:33 - 2012-12-07 06:04 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll 2014-02-14 09:33 - 2012-12-07 05:57 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll 2014-02-14 09:33 - 2012-12-07 04:21 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs 2014-02-14 09:33 - 2012-12-07 04:21 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs 2014-02-14 09:33 - 2012-12-07 04:21 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs 2014-02-14 09:33 - 2012-12-07 04:21 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs 2014-02-14 09:33 - 2012-12-07 04:21 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs 2014-02-14 09:33 - 2012-12-07 04:21 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs 2014-02-14 09:33 - 2012-12-07 04:21 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs 2014-02-14 09:33 - 2012-12-07 04:21 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs 2014-02-14 09:33 - 2012-12-07 04:21 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs 2014-02-14 09:33 - 2012-12-07 04:21 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs 2014-02-14 09:33 - 2012-12-07 04:21 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs 2014-02-14 09:33 - 2012-12-07 04:21 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs 2014-02-14 09:33 - 2012-12-07 04:21 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs 2014-02-14 09:33 - 2012-12-07 04:21 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs 2014-02-14 09:33 - 2012-11-20 06:10 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-02-14 09:33 - 2012-08-02 18:05 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-02-14 09:33 - 2012-05-02 05:52 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2014-02-14 09:33 - 2012-04-26 05:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-02-14 09:33 - 2012-04-26 05:48 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll 2014-02-14 09:33 - 2012-04-26 05:43 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe 2014-02-14 09:33 - 2012-04-07 12:34 - 02342400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-02-14 09:33 - 2012-03-17 08:20 - 00056688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys 2014-02-14 09:33 - 2011-12-16 08:59 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll 2014-02-14 09:33 - 2011-11-17 06:39 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll 2014-02-14 09:33 - 2011-11-17 06:39 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-02-14 09:33 - 2011-11-17 06:39 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-02-14 09:33 - 2011-11-17 06:39 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-02-14 09:33 - 2011-11-17 06:38 - 01037312 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-02-14 09:33 - 2011-11-17 06:36 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-02-14 09:33 - 2011-06-15 10:04 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll 2014-02-14 09:33 - 2011-06-15 10:04 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll 2014-02-14 09:33 - 2011-06-15 10:04 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll 2014-02-14 09:33 - 2011-06-15 10:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll 2014-02-14 09:33 - 2011-06-15 10:04 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll 2014-02-14 09:33 - 2010-12-18 06:26 - 01034240 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-02-14 09:32 - 2012-09-25 22:55 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll 2014-02-14 09:32 - 2012-09-06 17:48 - 00245616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2014-02-14 09:32 - 2012-06-09 05:46 - 12868608 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-02-14 09:32 - 2012-05-14 05:37 - 00768512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-02-14 09:32 - 2012-03-03 06:40 - 01170944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-14 09:32 - 2012-03-03 06:40 - 01074176 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-02-14 09:32 - 2012-03-03 06:40 - 00739840 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-14 09:32 - 2012-03-03 06:40 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-02-14 09:32 - 2012-03-03 06:40 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-02-14 09:32 - 2012-01-04 10:03 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll 2014-02-14 09:32 - 2011-03-11 06:40 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll 2014-02-14 09:32 - 2011-03-11 06:40 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll 2014-02-14 09:32 - 2011-02-23 06:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2014-02-14 09:32 - 2010-12-21 06:38 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2014-02-14 09:32 - 2010-12-21 06:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-02-14 09:32 - 2010-12-21 06:38 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll 2014-02-14 09:32 - 2010-12-21 06:38 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll 2014-02-14 09:32 - 2010-12-21 06:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll 2014-02-14 09:32 - 2010-12-21 06:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll 2014-02-14 09:32 - 2010-12-21 06:34 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-02-14 09:32 - 2010-11-02 05:41 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll 2014-02-14 09:32 - 2010-10-16 05:41 - 00101760 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-02-14 09:32 - 2010-08-27 06:46 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll 2014-02-14 09:32 - 2010-08-21 06:36 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2014-02-14 09:32 - 2010-06-26 06:14 - 01495040 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2014-02-14 09:32 - 2010-05-23 11:15 - 01619456 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-02-14 09:32 - 2010-05-23 11:11 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-02-14 09:32 - 2010-05-23 11:11 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll 2014-02-14 09:32 - 2010-05-05 07:46 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2014-02-14 09:32 - 2010-01-19 00:29 - 00369152 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-14 09:32 - 2010-01-19 00:29 - 00365568 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-14 09:32 - 2010-01-19 00:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-14 09:32 - 2010-01-19 00:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-14 09:32 - 2010-01-19 00:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-14 09:32 - 2010-01-19 00:28 - 00320512 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-14 09:32 - 2010-01-19 00:28 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-14 09:32 - 2010-01-19 00:28 - 00277504 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-14 09:31 - 2013-01-04 05:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-02-14 09:31 - 2013-01-04 05:46 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-02-14 09:31 - 2013-01-04 05:46 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 03:59 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2014-02-14 09:31 - 2013-01-04 03:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 03:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 03:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2014-02-14 09:31 - 2013-01-04 03:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2014-02-14 09:31 - 2012-11-09 05:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-02-14 09:31 - 2011-04-22 20:36 - 00026496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-02-14 09:31 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-02-14 09:15 - 2011-02-03 06:45 - 00219008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-02-14 09:15 - 2010-11-02 05:46 - 00728448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-02-14 09:15 - 2010-11-02 05:23 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-02-13 16:33 - 2014-02-13 16:34 - 00000000 ____D () C:\Program Files\XMind 2014-02-13 16:25 - 2014-02-13 16:30 - 100610688 _____ (XMind Ltd. ) C:\Users\oh\Downloads\xmind-windows-3.4.1.201401221918.exe 2014-02-13 16:25 - 2014-02-13 16:25 - 00000000 __HDC () C:\ProgramData\{FABD1F31-EB27-47F1-AEF6-822DDBEB1A0F} 2014-02-13 16:25 - 2014-02-13 16:25 - 00000000 ____D () C:\Users\oh\AppData\Local\PackageAware 2014-02-13 16:25 - 2014-02-13 16:25 - 00000000 ____D () C:\Program Files\Axure 2014-02-13 16:18 - 2014-02-13 16:18 - 61846472 _____ (Axure Software Solutions, Inc. ) C:\Users\oh\Downloads\AxureRP-Pro-Setup.exe 2014-02-13 16:08 - 2014-02-14 11:04 - 00000000 ___RD () C:\Users\oh\Dropbox 2014-02-13 16:08 - 2014-02-13 16:08 - 00000998 _____ () C:\Users\oh\Desktop\Dropbox.lnk 2014-02-13 13:26 - 2014-02-13 13:26 - 00001138 _____ () C:\Users\Public\Desktop\Connectify Dispatch.lnk 2014-02-13 13:26 - 2014-02-13 13:26 - 00001122 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk 2014-02-13 13:25 - 2014-02-13 13:41 - 00000000 ____D () C:\Program Files\Connectify 2014-02-13 13:25 - 2014-02-13 13:25 - 00029672 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys 2014-02-13 13:24 - 2014-02-13 13:29 - 00000000 ____D () C:\ProgramData\Connectify 2014-02-13 12:53 - 2009-11-25 11:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-02-13 12:53 - 2009-11-25 11:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2014-02-13 12:53 - 2009-11-25 11:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2014-02-13 12:53 - 2009-11-25 11:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2014-02-13 12:53 - 2009-11-25 11:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2014-02-13 12:36 - 2014-02-13 12:45 - 00000000 ____D () C:\AdwCleaner 2014-02-13 12:35 - 2014-02-13 12:35 - 01166132 _____ () C:\Users\oh\Downloads\adwcleaner.exe 2014-02-13 12:27 - 2014-02-13 12:28 - 00014721 _____ () C:\Users\oh\Downloads\Addition.txt 2014-02-13 12:26 - 2014-02-17 14:21 - 00010615 _____ () C:\Users\oh\Downloads\FRST.txt 2014-02-13 12:26 - 2014-02-17 14:21 - 00000000 ____D () C:\FRST 2014-02-13 12:26 - 2014-02-13 12:26 - 01141248 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe 2014-02-13 09:20 - 2014-02-13 09:20 - 00000000 ____D () C:\Users\oh\AppData\Roaming\FLEXnet 2014-02-13 07:51 - 2014-02-13 12:53 - 00000000 ____D () C:\Program Files\Microsoft.NET 2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Windows\PCHEALTH 2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-02-13 07:49 - 2014-02-13 07:49 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services 2014-02-13 07:48 - 2014-02-13 07:53 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-13 07:48 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 __RHD () C:\MSOCache 2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 ____D () C:\Users\oh\AppData\Local\Microsoft Help 2014-02-13 07:42 - 2014-02-13 07:42 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Vodafone 2014-02-13 00:01 - 2014-02-13 00:01 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller.exe 2014-02-12 23:56 - 2014-02-13 16:10 - 00000000 ____D () C:\Users\oh\AppData\Roaming\DropboxMaster 2014-02-12 23:56 - 2014-02-12 23:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-02-12 23:54 - 2014-02-14 11:23 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Dropbox 2014-02-12 23:54 - 2014-02-12 23:54 - 37660568 _____ (Dropbox, Inc.) C:\Users\oh\Downloads\Dropbox 2.6.2.exe 2014-02-12 23:54 - 2014-02-12 23:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2014-02-12 23:54 - 2013-01-30 11:26 - 00076544 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys 2014-02-12 23:53 - 2014-02-13 07:44 - 00000000 ____D () C:\ProgramData\Vodafone 2014-02-12 23:53 - 2014-02-12 23:53 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2014-02-12 23:53 - 2014-02-12 23:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\Macrovision 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Vodafone 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2014-02-12 23:51 - 2014-02-12 23:51 - 93522288 _____ () C:\Users\oh\Downloads\vmc_10.3.401.43721_RC1_setup.exe 2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\ProgramData\eDocPrintPro 2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\GS 2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\Common Files\SipgateFaxdrucker 2014-02-12 23:50 - 2013-12-18 06:13 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-02-12 23:48 - 2014-02-12 23:48 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Malwarebytes 2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-12 23:48 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-12 23:47 - 2014-02-12 23:47 - 00614792 _____ (Chip Digital GmbH) C:\Users\oh\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe 2014-02-12 23:46 - 2014-02-17 11:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-12 23:46 - 2014-02-17 11:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Mozilla 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Local\Mozilla 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\ProgramData\Mozilla 2014-02-12 23:44 - 2014-02-12 23:44 - 00002185 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk 2014-02-12 23:44 - 2014-02-12 23:44 - 00000000 ____D () C:\Users\oh\AppData\Roaming\AVAST Software 2014-02-12 23:43 - 2014-02-12 23:43 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-02-12 23:43 - 2014-02-12 23:43 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-02-12 23:43 - 2014-02-12 23:43 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-02-12 23:42 - 2014-02-12 23:42 - 00000000 ____D () C:\Program Files\AVAST Software 2014-02-12 23:41 - 2014-02-14 10:45 - 00086224 _____ () C:\Users\oh\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-12 23:41 - 2014-02-12 23:41 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-02-12 23:41 - 2012-02-15 06:44 - 00826368 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2014-02-12 23:41 - 2012-02-15 05:22 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys 2014-02-12 23:41 - 2010-01-09 07:52 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll 2014-02-12 23:37 - 2012-06-02 23:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-02-12 23:37 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-02-12 23:37 - 2012-06-02 23:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-02-12 23:37 - 2012-06-02 23:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-02-12 23:37 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-02-12 23:37 - 2012-06-02 23:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-02-12 23:37 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-02-12 23:37 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-02-12 23:37 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-02-12 23:35 - 2014-02-12 23:35 - 00000000 ____D () C:\Program Files\CONEXANT 2014-02-12 23:35 - 2012-11-18 21:40 - 00001096 ____N () C:\Windows\system32\Drivers\SamSfPa.dat 2014-02-12 23:35 - 2009-12-16 10:26 - 00168648 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\EED32A.dll 2014-02-12 23:35 - 2009-12-16 10:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\EEL32A.dll 2014-02-12 23:35 - 2009-12-16 10:26 - 00062664 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\EEG32A.dll 2014-02-12 23:31 - 2014-02-13 09:12 - 00006656 _____ () C:\Windows\system32\bcmwlrc.dll 2014-02-12 23:31 - 2014-02-12 23:31 - 03872056 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll 2014-02-12 23:31 - 2014-02-12 23:31 - 03764800 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL6.SYS 2014-02-12 23:31 - 2014-02-12 23:31 - 03560760 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll 2014-02-12 23:31 - 2014-02-12 23:31 - 00091448 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll 2014-02-12 23:31 - 2014-02-12 23:31 - 00000000 ____D () C:\Program Files\Broadcom 2014-02-12 23:29 - 2014-02-13 08:59 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Intel 2014-02-12 23:28 - 2014-02-13 08:59 - 00012768 _____ () C:\Windows\DPINST.LOG 2014-02-12 23:28 - 2014-02-12 23:28 - 00000000 ____D () C:\Program Files\Cisco 2014-02-12 23:25 - 2014-02-12 23:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-02-12 23:02 - 2014-02-13 09:01 - 00006226 _____ () C:\Windows\PFRO.log 2014-02-12 23:02 - 2014-02-12 23:02 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-12 23:00 - 2010-06-10 14:15 - 00600680 _____ (NVIDIA Corporation) C:\Windows\system32\nvuninst.exe 2014-02-12 22:59 - 2014-02-13 16:11 - 00000000 ____D () C:\Program Files\Acer 2014-02-12 22:59 - 2014-02-12 22:59 - 00000000 ____D () C:\ProgramData\OEM 2014-02-12 22:59 - 2010-04-07 10:05 - 00204800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys 2014-02-12 22:59 - 2010-03-25 03:08 - 00105984 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2014-02-12 22:59 - 2010-03-20 05:06 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys 2014-02-12 22:59 - 2010-03-20 04:56 - 00101504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys 2014-02-12 22:59 - 2010-03-17 07:33 - 00861696 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys 2014-02-12 22:59 - 2010-01-18 11:48 - 00027136 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys 2014-02-12 22:58 - 2014-02-12 22:59 - 00000000 ____D () C:\Program Files\HUAWEI Modem Driver 2014-02-12 22:57 - 2014-02-17 09:26 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-12 22:57 - 2014-02-13 08:59 - 00000000 ____D () C:\Program Files\Intel 2014-02-12 22:56 - 2014-02-12 22:59 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-02-12 22:56 - 2014-02-12 22:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\InstallShield 2014-02-12 22:54 - 2014-02-14 10:45 - 00001409 _____ () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-12 22:54 - 2014-02-14 10:44 - 00000000 ____D () C:\Users\oh 2014-02-12 22:54 - 2014-02-12 23:33 - 00000000 ____D () C:\Users\oh\AppData\Local\VirtualStore 2014-02-12 22:54 - 2014-02-12 22:54 - 00000020 ___SH () C:\Users\oh\ntuser.ini 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Startmenü 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Netzwerkumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Druckumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Local\Verlauf 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 __SHD () C:\Recovery 2014-02-12 22:54 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-12 22:54 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-12 22:50 - 2014-02-17 10:58 - 01773272 _____ () C:\Windows\WindowsUpdate.log 2014-02-12 22:47 - 2014-02-12 22:49 - 00001313 _____ () C:\Windows\TSSysprep.log 2014-02-12 22:44 - 2014-02-12 22:54 - 00000000 ____D () C:\Windows\Panther 2014-02-12 22:09 - 2012-11-18 21:56 - 00325672 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60x.sys 2014-02-12 22:08 - 2012-11-18 21:40 - 01737272 _____ (Conexant Systems Inc.) C:\Windows\system32\CX32HP25.dll 2014-02-12 22:08 - 2012-11-18 21:40 - 00520760 _____ (Conexant Systems Inc.) C:\Windows\system32\Drivers\CHDRT32.sys 2014-02-12 22:08 - 2012-11-18 21:40 - 00428088 _____ (Conexant Systems, Inc.) C:\Windows\system32\CDolbyExt32.dll 2014-02-12 22:08 - 2012-11-18 21:40 - 00308128 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll 2014-02-12 22:08 - 2012-11-18 21:40 - 00301624 _____ (Conexant Systems, Inc.) C:\Windows\system32\UCI32A55.dll 2014-02-12 22:08 - 2012-11-18 21:40 - 00076344 _____ (Conexant Systems, Inc.) C:\Windows\system32\FMPropPageExt.dll ==================== One Month Modified Files and Folders ======= 2014-02-17 14:22 - 2014-02-13 12:26 - 00010615 _____ () C:\Users\oh\Downloads\FRST.txt 2014-02-17 14:21 - 2014-02-17 14:21 - 01166132 _____ () C:\Users\oh\Downloads\adwcleaner(1).exe 2014-02-17 14:21 - 2014-02-17 14:21 - 01037530 _____ (Thisisu) C:\Users\oh\Downloads\JRT.exe 2014-02-17 14:21 - 2014-02-13 12:26 - 00000000 ____D () C:\FRST 2014-02-17 14:20 - 2014-02-17 14:20 - 01141248 _____ (Farbar) C:\Users\oh\Downloads\FRST(1).exe 2014-02-17 14:00 - 2009-07-14 05:34 - 00012208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-17 14:00 - 2009-07-14 05:34 - 00012208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-17 11:05 - 2014-02-17 11:05 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2014-02-17 11:01 - 2014-02-12 23:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-17 11:01 - 2014-02-12 23:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-17 10:58 - 2014-02-12 22:50 - 01773272 _____ () C:\Windows\WindowsUpdate.log 2014-02-17 09:36 - 2014-02-17 09:28 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Apple Computer 2014-02-17 09:36 - 2009-07-14 05:39 - 00028121 _____ () C:\Windows\setupact.log 2014-02-17 09:28 - 2014-02-17 09:28 - 00000000 ____D () C:\Users\oh\AppData\Local\Apple Computer 2014-02-17 09:28 - 2014-02-17 09:27 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-02-17 09:28 - 2014-02-17 09:27 - 00000000 ____D () C:\Program Files\iTunes 2014-02-17 09:27 - 2014-02-17 09:27 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-02-17 09:27 - 2014-02-17 09:27 - 00000000 ____D () C:\Program Files\iPod 2014-02-17 09:27 - 2014-02-17 09:22 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-02-17 09:26 - 2014-02-17 09:26 - 00000000 ____D () C:\Users\oh\AppData\Local\Apple 2014-02-17 09:26 - 2014-02-12 22:57 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-17 09:25 - 2014-02-17 09:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf 2014-02-17 09:25 - 2014-02-17 09:25 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-02-17 09:25 - 2014-02-17 09:22 - 00000000 ____D () C:\ProgramData\Apple 2014-02-17 09:23 - 2014-02-17 09:23 - 00000000 ____D () C:\Program Files\Bonjour 2014-02-17 09:20 - 2014-02-17 09:19 - 137694544 _____ (Apple Inc.) C:\Users\oh\Downloads\iTunesSetup.exe 2014-02-17 09:14 - 2014-02-17 09:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-02-17 09:05 - 2014-02-17 08:06 - 00406917 _____ () C:\Users\oh\Desktop\LeadGen-Businessplan_20140217.xlsx 2014-02-17 08:06 - 2014-02-17 08:06 - 00000165 ____H () C:\Users\oh\Desktop\~$LeadGen-Businessplan_20140217.xlsx 2014-02-17 08:05 - 2014-02-14 18:57 - 00392663 _____ () C:\Users\oh\Desktop\LeadGen-Businessplan_20140214.xlsx 2014-02-14 18:56 - 2014-02-14 11:04 - 00394247 _____ () C:\Users\oh\Desktop\LeadGen-Businessplan_20140213.xlsx 2014-02-14 16:46 - 2014-02-14 16:46 - 00000000 ____D () C:\Users\oh\Downloads\Win7LogonBackgroundChanger 2014-02-14 15:53 - 2014-02-14 15:52 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 ____D () C:\Users\oh\AppData\Roaming\TuneUp Software 2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker 2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 ____D () C:\Users\oh\AppData\Local\FilesFrog Update Checker 2014-02-14 15:52 - 2014-02-14 15:51 - 00002410 _____ () C:\Windows\system32\cplLogon.tsk 2014-02-14 15:51 - 2014-02-14 15:51 - 00001013 _____ () C:\Users\Public\Desktop\Logon Screen.lnk 2014-02-14 15:51 - 2014-02-14 15:51 - 00000000 ____D () C:\Users\oh\AppData\Roaming\OpenCandy 2014-02-14 15:50 - 2014-02-14 15:50 - 02218077 _____ (Daniel Rebelo ) C:\Users\oh\Downloads\Logon_Screen_2.56.exe 2014-02-14 11:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2014-02-14 11:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-14 11:23 - 2014-02-12 23:54 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Dropbox 2014-02-14 11:04 - 2014-02-13 16:08 - 00000000 ___RD () C:\Users\oh\Dropbox 2014-02-14 10:54 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-14 10:45 - 2014-02-12 23:41 - 00086224 _____ () C:\Users\oh\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-14 10:45 - 2014-02-12 22:54 - 00001409 _____ () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-14 10:44 - 2014-02-12 22:54 - 00000000 ____D () C:\Users\oh 2014-02-14 10:42 - 2009-07-14 05:33 - 00347408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-14 10:40 - 2009-07-14 09:56 - 00000000 ____D () C:\Program Files\Windows Journal 2014-02-14 10:40 - 2009-07-14 09:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE 2014-02-14 10:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-02-14 10:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System 2014-02-14 10:00 - 2014-02-14 09:58 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-14 09:55 - 2014-02-14 09:52 - 00004884 _____ () C:\Windows\IE9_main.log 2014-02-14 09:54 - 2014-02-14 09:54 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-02-14 09:54 - 2014-02-14 09:54 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-14 09:54 - 2014-02-14 09:54 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-14 09:54 - 2014-02-14 09:54 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-02-14 09:54 - 2014-02-14 09:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-02-14 09:54 - 2014-02-14 09:54 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-02-14 09:54 - 2014-02-14 09:54 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-14 09:54 - 2014-02-14 09:54 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-02-14 09:54 - 2014-02-14 09:54 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-02-14 09:54 - 2014-02-14 09:54 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-14 09:54 - 2014-02-14 09:54 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-02-14 09:54 - 2014-02-14 09:54 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-02-14 09:54 - 2014-02-14 09:54 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-02-14 09:54 - 2014-02-14 09:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-02-13 16:34 - 2014-02-13 16:33 - 00000000 ____D () C:\Program Files\XMind 2014-02-13 16:30 - 2014-02-13 16:25 - 100610688 _____ (XMind Ltd. ) C:\Users\oh\Downloads\xmind-windows-3.4.1.201401221918.exe 2014-02-13 16:25 - 2014-02-13 16:25 - 00000000 __HDC () C:\ProgramData\{FABD1F31-EB27-47F1-AEF6-822DDBEB1A0F} 2014-02-13 16:25 - 2014-02-13 16:25 - 00000000 ____D () C:\Users\oh\AppData\Local\PackageAware 2014-02-13 16:25 - 2014-02-13 16:25 - 00000000 ____D () C:\Program Files\Axure 2014-02-13 16:18 - 2014-02-13 16:18 - 61846472 _____ (Axure Software Solutions, Inc. ) C:\Users\oh\Downloads\AxureRP-Pro-Setup.exe 2014-02-13 16:11 - 2014-02-12 22:59 - 00000000 ____D () C:\Program Files\Acer 2014-02-13 16:10 - 2014-02-12 23:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\DropboxMaster 2014-02-13 16:08 - 2014-02-13 16:08 - 00000998 _____ () C:\Users\oh\Desktop\Dropbox.lnk 2014-02-13 13:41 - 2014-02-13 13:25 - 00000000 ____D () C:\Program Files\Connectify 2014-02-13 13:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-02-13 13:29 - 2014-02-13 13:24 - 00000000 ____D () C:\ProgramData\Connectify 2014-02-13 13:26 - 2014-02-13 13:26 - 00001138 _____ () C:\Users\Public\Desktop\Connectify Dispatch.lnk 2014-02-13 13:26 - 2014-02-13 13:26 - 00001122 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk 2014-02-13 13:25 - 2014-02-13 13:25 - 00029672 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys 2014-02-13 12:53 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Microsoft.NET 2014-02-13 12:45 - 2014-02-13 12:36 - 00000000 ____D () C:\AdwCleaner 2014-02-13 12:35 - 2014-02-13 12:35 - 01166132 _____ () C:\Users\oh\Downloads\adwcleaner.exe 2014-02-13 12:28 - 2014-02-13 12:27 - 00014721 _____ () C:\Users\oh\Downloads\Addition.txt 2014-02-13 12:26 - 2014-02-13 12:26 - 01141248 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe 2014-02-13 09:20 - 2014-02-13 09:20 - 00000000 ____D () C:\Users\oh\AppData\Roaming\FLEXnet 2014-02-13 09:12 - 2014-02-12 23:31 - 00006656 _____ () C:\Windows\system32\bcmwlrc.dll 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-TW 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\th-TH 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sv-SE 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sl-SI 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sk-SK 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ro-RO 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-PT 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-BR 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nl-NL 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nb-NO 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\lv-LV 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\lt-LT 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ko-KR 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ja-JP 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hu-HU 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hr-HR 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\he-IL 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fr-FR 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fi-FI 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\et-EE 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\el-GR 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\bg-BG 2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ar-SA 2014-02-13 09:06 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-02-13 09:01 - 2014-02-12 23:02 - 00006226 _____ () C:\Windows\PFRO.log 2014-02-13 08:59 - 2014-02-12 23:29 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Intel 2014-02-13 08:59 - 2014-02-12 23:28 - 00012768 _____ () C:\Windows\DPINST.LOG 2014-02-13 08:59 - 2014-02-12 22:57 - 00000000 ____D () C:\Program Files\Intel 2014-02-13 07:53 - 2014-02-13 07:48 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Windows\PCHEALTH 2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-02-13 07:51 - 2014-02-13 07:48 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-02-13 07:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-02-13 07:49 - 2014-02-13 07:49 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services 2014-02-13 07:49 - 2009-07-14 09:56 - 00000000 ____D () C:\Windows\ShellNew 2014-02-13 07:49 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini 2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 __RHD () C:\MSOCache 2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 ____D () C:\Users\oh\AppData\Local\Microsoft Help 2014-02-13 07:44 - 2014-02-12 23:53 - 00000000 ____D () C:\ProgramData\Vodafone 2014-02-13 07:42 - 2014-02-13 07:42 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Vodafone 2014-02-13 00:01 - 2014-02-13 00:01 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller.exe 2014-02-12 23:56 - 2014-02-12 23:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-02-12 23:54 - 2014-02-12 23:54 - 37660568 _____ (Dropbox, Inc.) C:\Users\oh\Downloads\Dropbox 2.6.2.exe 2014-02-12 23:54 - 2014-02-12 23:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf 2014-02-12 23:53 - 2014-02-12 23:53 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk 2014-02-12 23:53 - 2014-02-12 23:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\Macrovision 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Vodafone 2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2014-02-12 23:51 - 2014-02-12 23:51 - 93522288 _____ () C:\Users\oh\Downloads\vmc_10.3.401.43721_RC1_setup.exe 2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\ProgramData\eDocPrintPro 2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\GS 2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\Common Files\SipgateFaxdrucker 2014-02-12 23:48 - 2014-02-12 23:48 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Malwarebytes 2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-12 23:47 - 2014-02-12 23:47 - 00614792 _____ (Chip Digital GmbH) C:\Users\oh\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Mozilla 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Local\Mozilla 2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\ProgramData\Mozilla 2014-02-12 23:44 - 2014-02-12 23:44 - 00002185 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk 2014-02-12 23:44 - 2014-02-12 23:44 - 00000000 ____D () C:\Users\oh\AppData\Roaming\AVAST Software 2014-02-12 23:43 - 2014-02-12 23:43 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-02-12 23:43 - 2014-02-12 23:43 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-02-12 23:43 - 2014-02-12 23:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-02-12 23:43 - 2014-02-12 23:43 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-02-12 23:42 - 2014-02-12 23:42 - 00000000 ____D () C:\Program Files\AVAST Software 2014-02-12 23:41 - 2014-02-12 23:41 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-02-12 23:35 - 2014-02-12 23:35 - 00000000 ____D () C:\Program Files\CONEXANT 2014-02-12 23:33 - 2014-02-12 22:54 - 00000000 ____D () C:\Users\oh\AppData\Local\VirtualStore 2014-02-12 23:31 - 2014-02-12 23:31 - 03872056 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll 2014-02-12 23:31 - 2014-02-12 23:31 - 03764800 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL6.SYS 2014-02-12 23:31 - 2014-02-12 23:31 - 03560760 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll 2014-02-12 23:31 - 2014-02-12 23:31 - 00091448 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll 2014-02-12 23:31 - 2014-02-12 23:31 - 00000000 ____D () C:\Program Files\Broadcom 2014-02-12 23:28 - 2014-02-12 23:28 - 00000000 ____D () C:\Program Files\Cisco 2014-02-12 23:25 - 2014-02-12 23:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-02-12 23:02 - 2014-02-12 23:02 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-12 23:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help 2014-02-12 22:59 - 2014-02-12 22:59 - 00000000 ____D () C:\ProgramData\OEM 2014-02-12 22:59 - 2014-02-12 22:58 - 00000000 ____D () C:\Program Files\HUAWEI Modem Driver 2014-02-12 22:59 - 2014-02-12 22:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-02-12 22:56 - 2014-02-12 22:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\InstallShield 2014-02-12 22:56 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\restore 2014-02-12 22:54 - 2014-02-12 22:54 - 00000020 ___SH () C:\Users\oh\ntuser.ini 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Startmenü 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Netzwerkumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Druckumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Local\Verlauf 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Programme 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Startmenü 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Dokumente 2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 __SHD () C:\Recovery 2014-02-12 22:54 - 2014-02-12 22:44 - 00000000 ____D () C:\Windows\Panther 2014-02-12 22:54 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2014-02-12 22:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT 2014-02-12 22:49 - 2014-02-12 22:47 - 00001313 _____ () C:\Windows\TSSysprep.log 2014-02-12 22:47 - 2009-07-14 09:56 - 00000000 ____D () C:\Windows\CSC 2014-02-12 22:47 - 2009-07-14 05:34 - 00001774 _____ () C:\Windows\DtcInstall.log 2014-02-12 22:44 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG 2014-02-12 22:44 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template 2014-02-04 19:09 - 2014-02-14 09:58 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\oh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpype9hd.dll C:\Users\oh\AppData\Local\Temp\Installer.exe C:\Users\oh\AppData\Local\Temp\ose00000.exe C:\Users\oh\AppData\Local\Temp\TUUUninstallHelper.exe C:\Users\oh\AppData\Local\Temp\UpdateCheckerSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-13 11:43 ==================== End Of Log ============================ --- --- --- --- --- --- und Additional.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-02-2014 Ran by oh at 2014-02-17 14:24:55 Running from C:\Users\oh\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== Acer PowerSmart Manager (Version: 5.02.3006 - Acer Incorporated) Apple Application Support (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (Version: 2.1.3.127 - Apple Inc.) avast! Internet Security (Version: 9.0.2013 - Avast Software) Axure RP Pro 7.0 (Version: 7.0.0.3146 - Axure Software Solutions, Inc.) Axure RP Pro 7.0 (Version: 7.0.0.3146 - Axure Software Solutions, Inc.) Hidden Bonjour (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Network Adapter (Version: 5.100.249.2 - Broadcom Corporation) Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Conexant HD Audio (Version: 4.121.0.50 - Conexant) Connectify (Version: 7.2.1.29658 - Connectify) Dropbox (HKCU Version: 2.6.2 - Dropbox, Inc.) FilesFrog Update Checker (Version: - ) <==== ATTENTION HUAWEI DataCard Driver 4.05.02.00 (Version: 4.05.02.00 - Huawei technologies Co., Ltd.) iTunes (Version: 11.1.4.62 - Apple Inc.) Logon Screen (Version: - Daniel Rebelo) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Mozilla Firefox 22.0 (x86 de) (Version: 22.0 - Mozilla) Mozilla Maintenance Service (Version: 22.0 - Mozilla) NVIDIA Drivers (Version: 1.10 - NVIDIA Corporation) sipgate Faxdrucker (Version: 1.0.0 - sipgate GmbH) Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6 - Intel) Vodafone Mobile Broadband (Version: 10.3.401.43721 - Vodafone) XMind 2013 (v3.4.1) (Version: 3.4.1.201401221918 - XMind Ltd.) ==================== Restore Points ========================= 13-02-2014 15:11:37 Installiert Acer PowerSmart Manager 14-02-2014 08:44:36 Windows Update 14-02-2014 09:50:50 Windows Update 14-02-2014 14:54:08 TuneUp Utilities 2014 wird entfernt 14-02-2014 14:54:42 TuneUp Utilities 2014 (de-DE) wird entfernt 14-02-2014 15:47:09 Installed Windows 7 Logon Background Changer 17-02-2014 08:26:12 Installed iTunes ==================== Hosts content: ========================== 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {00764BA5-B6F2-4ACB-8D3C-87029EA9A716} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\oh\AppData\Local\FilesFrog Update Checker\update_checker.exe [2013-10-17] (Somoto) <==== ATTENTION Task: {232EC02A-8C28-4DAA-ACC1-57FF336078A5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A8F4DCF0-2159-43B5-8C60-A64185AA63BB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-12] (AVAST Software) ==================== Loaded Modules (whitelisted) ============= 2014-02-12 23:43 - 2014-02-12 23:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll 2014-02-13 13:25 - 2013-12-23 19:59 - 00376608 _____ () C:\Program Files\Connectify\NativeLibrary.dll 2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf 2014-02-12 23:46 - 2013-06-18 15:21 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 00:52 - 2014-02-06 00:52 - 00237384 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: FingerPrinter Reader Description: FingerPrinter Reader Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/14/2014 04:48:33 PM) (Source: MsiInstaller) (User: xmp) Description: Product: Windows 7 Logon Background Changer -- Error 1406. Could not write value to key \Software\Classes\CLSID\{351344A7-DD78-4c98-816C-436D6FC3360A}\Shell\Open\Command. System error . Verify that you have sufficient access to that key, or contact your support personnel. Error: (02/14/2014 11:24:38 AM) (Source: Application Hang) (User: ) Description: Programm Dropbox.exe, Version 2.6.2.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 388 Startzeit: 01cf296af8dbdbf0 Endzeit: 16 Anwendungspfad: C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe Berichts-ID: Error: (02/14/2014 10:22:05 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ePowerSvc.exe, Version: 5.2.3006.0, Zeitstempel: 0x4cf88cd5 Name des fehlerhaften Moduls: ePowerSvc.exe, Version: 5.2.3006.0, Zeitstempel: 0x4cf88cd5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000079a0 ID des fehlerhaften Prozesses: 0x1190 Startzeit der fehlerhaften Anwendung: 0xePowerSvc.exe0 Pfad der fehlerhaften Anwendung: ePowerSvc.exe1 Pfad des fehlerhaften Moduls: ePowerSvc.exe2 Berichtskennung: ePowerSvc.exe3 Error: (02/13/2014 04:11:37 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {52c7847a-c2af-45db-bef4-d9a7312b4724} Error: (02/13/2014 04:11:23 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ePowerSvc.exe, Version: 5.0.3009.0, Zeitstempel: 0x4d241b0f Name des fehlerhaften Moduls: ePowerSvc.exe, Version: 5.0.3009.0, Zeitstempel: 0x4d241b0f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000097fb ID des fehlerhaften Prozesses: 0x7e4 Startzeit der fehlerhaften Anwendung: 0xePowerSvc.exe0 Pfad der fehlerhaften Anwendung: ePowerSvc.exe1 Pfad des fehlerhaften Moduls: ePowerSvc.exe2 Berichtskennung: ePowerSvc.exe3 Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service) (User: ) Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7 Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service) (User: ) Description: License acquisition failure details. hr=0x80072EE7 Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service) (User: ) Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7 Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service) (User: ) Description: License acquisition failure details. hr=0x80072EE7 Error: (02/13/2014 07:56:10 AM) (Source: Office Software Protection Platform Service) (User: ) Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7 System errors: ============= Error: (02/17/2014 09:23:18 AM) (Source: ipnathlp) (User: ) Description: 192.168.243.1192.168.173.0255.255.255.0 Error: (02/14/2014 03:54:25 PM) (Source: Service Control Manager) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (02/14/2014 03:52:25 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (02/14/2014 10:55:17 AM) (Source: ipnathlp) (User: ) Description: 192.168.243.1192.168.173.0255.255.255.0 Error: (02/14/2014 10:47:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 (KB2703157) Error: (02/14/2014 10:47:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für Internet Explorer*8 für Windows*7 (KB2598845) Error: (02/14/2014 10:44:42 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: %%16405 Error: (02/14/2014 10:43:41 AM) (Source: ipnathlp) (User: ) Description: 192.168.243.1192.168.173.0255.255.255.0 Error: (02/14/2014 10:37:06 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (02/14/2014 10:22:19 AM) (Source: Service Control Manager) (User: ) Description: Dienst "Acer ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (02/14/2014 04:48:33 PM) (Source: MsiInstaller)(User: xmp) Description: Product: Windows 7 Logon Background Changer -- Error 1406. Could not write value to key \Software\Classes\CLSID\{351344A7-DD78-4c98-816C-436D6FC3360A}\Shell\Open\Command. System error . Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/14/2014 11:24:38 AM) (Source: Application Hang)(User: ) Description: Dropbox.exe2.6.2.038801cf296af8dbdbf016C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe Error: (02/14/2014 10:22:05 AM) (Source: Application Error)(User: ) Description: ePowerSvc.exe5.2.3006.04cf88cd5ePowerSvc.exe5.2.3006.04cf88cd5c0000005000079a0119001cf28cdf27c3ce3C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exeC:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe77f10e45-9559-11e3-b843-60eb698d14b8 Error: (02/13/2014 04:11:37 PM) (Source: VSS)(User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {52c7847a-c2af-45db-bef4-d9a7312b4724} Error: (02/13/2014 04:11:23 PM) (Source: Application Error)(User: ) Description: ePowerSvc.exe5.0.3009.04d241b0fePowerSvc.exe5.0.3009.04d241b0fc0000005000097fb7e401cf28b72fccd2b9C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exeC:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe198e1689-94c1-11e3-b843-60eb698d14b8 Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service)(User: ) Description: hr=0x80072EE78b559c37-0117-413e-921b-b853aeb6e210 Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service)(User: ) Description: hr=0x80072EE700010001(0x00000000, 09:03:44:900 - hxxp://go.microsoft.com/fwlink/?LinkID=120748) 00020001(0x00000000, 09:03:44:900) 00030001(0x00000000, 09:03:44:900 - hxxp://go.microsoft.com) 00030002(0x00000000, 09:03:44:900 - 0) 00040001(0x00000000, 09:03:44:900 - hxxp://go.microsoft.com) 00040002(0x00000000, 09:03:44:916 - 1, <NULL>, <NULL>, <NULL>) 00040004(0x80072F94, 09:03:44:932 - <NULL>) 00040006(0x00000000, 09:03:44:932 - 1, hxxp://go.microsoft.com, <NULL>, <local>) 00020005(0x00000000, 09:03:44:932 - 0) 00020007(0x80072EE7, 09:03:44:932) 00010002(0x80072EE7, 09:03:44:932 - <NULL>) 00010003(0x80072EE7, 09:03:44:932) Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service)(User: ) Description: hr=0x80072EE78b559c37-0117-413e-921b-b853aeb6e210 Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service)(User: ) Description: hr=0x80072EE700010001(0x00000000, 08:14:23:884 - hxxp://go.microsoft.com/fwlink/?LinkID=120748) 00020001(0x00000000, 08:14:23:884) 00030001(0x00000000, 08:14:23:899 - hxxp://go.microsoft.com) 00030002(0x00000000, 08:14:23:899 - 0) 00040001(0x00000000, 08:14:23:899 - hxxp://go.microsoft.com) 00040002(0x00000000, 08:14:23:915 - 1, <NULL>, <NULL>, <NULL>) 00040004(0x80072F94, 08:14:23:930 - <NULL>) 00040006(0x00000000, 08:14:23:930 - 1, hxxp://go.microsoft.com, <NULL>, <local>) 00020005(0x00000000, 08:14:23:930 - 0) 00020007(0x80072EE7, 08:14:23:930) 00010002(0x80072EE7, 08:14:23:930 - <NULL>) 00010003(0x80072EE7, 08:14:23:930) Error: (02/13/2014 07:56:10 AM) (Source: Office Software Protection Platform Service)(User: ) Description: hr=0x80072EE78b559c37-0117-413e-921b-b853aeb6e210 ==================== Memory info =========================== Percentage of memory in use: 62% Total physical RAM: 2356.4 MB Available physical RAM: 892.43 MB Total Pagefile: 4711.08 MB Available Pagefile: 2216.64 MB Total Virtual: 2047.88 MB Available Virtual: 1924.21 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.66 GB) (Free:67.71 GB) NTFS Drive d: () (Fixed) (Total:187.33 GB) (Free:9.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: AABD5AB5) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=187 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
18.02.2014, 11:52 | #12 |
/// the machine /// TB-Ausbilder | PUP.Optional.OpenCandy gefunden Der MBAM Scan ist NACH Neuaufsetzen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
18.02.2014, 13:30 | #13 |
| PUP.Optional.OpenCandy gefunden ich hab zwischenzeitlich schon ein paar Programme wieder installiert und darunter auch eines mit dem man den Loginscreen anpassen kann. Dabei hat sich etwas mit installiert. Dieses Programm habe ich soeben deinstalliert und führe nochmal einen Scan durch. Zur Not setze ich das System halt nochmal auf. Bin ja gerade in Übung. Melde mich sobald der Scan durch ist. |
19.02.2014, 12:18 | #14 |
/// the machine /// TB-Ausbilder | PUP.Optional.OpenCandy gefunden ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.02.2014, 14:17 | #15 |
| PUP.Optional.OpenCandy gefunden sodele, hier das neue Logfile. Wurde nicht besser. Was kann ich jetzt tun, um die nervigen Trojanern los zuwerden? Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.12.10 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 oh :: XMP [Administrator] Schutz: Aktiviert 18.02.2014 17:24:36 MBAM-log-2014-02-19 (14-10-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 525110 Laufzeit: 17 Stunde(n), 41 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 5 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 3 C:\Users\oh\AppData\Local\Temp\smartbar (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Roaming\OpenCandy\1A5FD436EB8C4D21BAA393E16B9E4B9C (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. Infizierte Dateien: 5 C:\Users\oh\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Local\Temp\smartbar\Installer.msi (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Local\Temp\smartbar\GuidCreator.dll (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Local\Temp\smartbar\Installer.exe.config (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt. C:\Users\oh\AppData\Roaming\OpenCandy\1A5FD436EB8C4D21BAA393E16B9E4B9C\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. (Ende) |
Themen zu PUP.Optional.OpenCandy gefunden |
anbei, antivirenprogramm, avast, beste, besten, candy, einsatz, entferne, erkannt, file, folder, gefunde, log, nichts, programm, pup.optional.opencandy, schlägt, vorgehen |