Hitmanpro findet Proxyserver auf diesem Computer (Benutzer)

Mavang · 18.06.2014, 12:53

Hallo erstmal,

so nun zu dem Problem das ich habe. Ich fange am besten am Anfang. Ich hatte mir gestern Abend ein Programm heruntergeladen welches meinen Computer mit PUP.Optional.Amonetize infiziert hat. Das hat unter anderem dafür gesorgt, das sich beim Hochfahren der Internetexplorer geöffnet hat (Nur im Taskmanager zu sehen) und irgendwelche Werbung abgespielt hat.

Daraufhin habe ich das Problem gegoogelt und bin auf einen Thread auf Trojanerboard gestoßen, dessen Verfasser das selbe Problem hatte. Ich habe mir also alles durchgelesen und folgende Programme installiert:

Hitmanpro
Malwarebytes Anti-Malware
Adwcleaner
Malwarebytes Anti Rootkit

Installiert als Antivirenprogramm ist Avast free Antivirus. Welches den Schädlig bei einem Scan aber nicht finden konnte.

Malwarebytes hat den Schädling dann ausfindig gemacht hier der erste ScanLog

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 18.06.2014
Scan Time: 00:01:02
Logfile: 1 Scanlog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.17.12
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marvin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268897
Time Elapsed: 14 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\TYPELIB\{E8734BB5-FFD7-464D-A4C3-FD9E1659AEA1}, Quarantined, [c7c995e4b4c71620996cb490af51c63a], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\INTERFACE\{F86EF831-4042-41D3-937F-960DC8A0A474}, Quarantined, [c7c995e4b4c71620996cb490af51c63a], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F86EF831-4042-41D3-937F-960DC8A0A474}, Quarantined, [c7c995e4b4c71620996cb490af51c63a], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E8734BB5-FFD7-464D-A4C3-FD9E1659AEA1}, Quarantined, [c7c995e4b4c71620996cb490af51c63a], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Amonetize, C:\Users\Marvin\AppData\Local\Temp\GotClipDownloader__6629_i893917402_il823.exe, Quarantined, [2b658eebee8d65d115f08fb5d52b9868], 
PUP.Optional.Amonetize, C:\Users\Marvin\Downloads\GotClipDownloader__6629_i893917402_il823.exe, Quarantined, [c7c995e4b4c71620996cb490af51c63a], 

Physical Sectors: 0
(No malicious items detected)

(end)

Daraufhin hat Malwarebytes Anti Malware es in Quarantäne geschoben( Ist immernoch in Quarantäne ). Das hat aber leider das Problem nicht vollständig gelöst, da die Werbung immernoch startete. Also habe ich Hitmanpro installiert welches viele Tracking Cookies gefunden hatte und auch eine PUP Datei gefunden. Hier der erste Log

Code:

ATTFilter

HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : MARVIN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/3
   User name . . . . . . : Marvin-PC\Marvin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (29 days left)

   Scan date . . . . . . : 2014-06-18 00:07:27
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 43s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 119

   Objects scanned . . . : 1.344.570
   Files scanned . . . . : 20.763
   Remnants scanned  . . : 320.420 files / 1.003.387 keys

Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\speedupmypc\ (SpeedUpMyPC) -> Deleted

Repairs _____________________________________________________________________

   Proxyserver auf diesem Computer (Benutzer)
   127.0.0.1:51669

   Proxyserver auf diesem Computer (Benutzer)
   127.0.0.1:51669

   Proxyserver auf diesem Computer (Benutzer)
   127.0.0.1:51669


Cookies _____________________________________________________________________

   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adserver01.de
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.auditude.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.dyntracker.de
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.reklamport.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.brandwire.tv
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.readms.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.smartstream.tv
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.hatcolorsoft.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.pgmediaserve.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:gmeurope.112.2o7.net
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:premiumtv.122.2o7.net
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.computecmedia.de
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:3276817.fls.doubleclick.net
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ad.360yield.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ad.ad-srv.net
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ad.dyntracker.de
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ad.movad.net
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ad.zanox.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ads.ad4game.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ads.adk2.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ads.displayincloud.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ads.escinteractive.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ads.p161.net
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ads.readms.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ads.smartstream.tv
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ads.stickyadstv.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ads.testroom-service.de
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ads.travelaudience.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ads.undertone.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ads.yahoo.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:adtech.de
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:adtechus.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:advertising.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:at.atwola.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:atdmt.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:atwola.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:burstnet.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:casalemedia.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:doubleclick.net
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:eas.apm.emediate.eu
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:emjcd.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:engine.pgmediaserve.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ero-advertising.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:exoclick.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:fastclick.net
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:hearstdigital.122.2o7.net
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ikea.122.2o7.net
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:internetselection.solution.weborama.fr
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:media6degrees.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:mediaplex.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:premiumtv.122.2o7.net
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:questionmarket.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:revsci.net
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ru4.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:serving-sys.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:smartadserver.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:spylog.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:statcounter.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:survey.g.doubleclick.net
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:track.adform.net
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:track.tnm.de
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:track.zalando.de
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:tradedoubler.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:tribalfusion.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:uk.at.atwola.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:weborama.fr
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:ww251.smartadserver.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:www.etracker.de
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:www.googleadservices.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:www4.smartadserver.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:xiti.com
   C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\cookies.sqlite:zedo.com

Diese Datei wurde in Quaratäne verschoben und gelöscht.

Um sicher zu gehen habe ich noch Adwcleaner installiert, welche auch etwas gefunden hat.
Hier der erste Log

Code:

ATTFilter

# AdwCleaner v3.212 - Bericht erstellt am 18/06/2014 um 00:50:42
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Marvin - MARVIN-PC
# Gestartet von : C:\Users\Marvin\Downloads\adwcleaner_3.212.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Ordner Gefunden : C:\Users\Marvin\AppData\Local\Temp\OCS
Ordner Gefunden : C:\Users\Marvin\AppData\Roaming\InetStat
Ordner Gefunden : C:\Users\Marvin\AppData\Roaming\pdfforge

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gefunden : HKLM\Software\Uniblue
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [1889 octets] - [18/06/2014 00:50:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1949 octets] ##########

Hier noch der Quarantäne Log

Code:

ATTFilter

C:\Users\Marvin\AppData\Local\Temp\OCS\ehzadckhaqkvdhvv.dat->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\ehzadckhaqkvdhvv.dat.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\eofgbssfurjtzdhf.dat->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\eofgbssfurjtzdhf.dat.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\hkcmkjngjgatcmch.dat->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\hkcmkjngjgatcmch.dat.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\ICSharpCode.SharpZipLib.dll->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\ICSharpCode.SharpZipLib.dll.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\lpqnmsrlvmkfvyxn.dat->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\lpqnmsrlvmkfvyxn.dat.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\ocs_v71a.exe->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\ocs_v71a.exe.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\ocs_v71b.exe->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\ocs_v71b.exe.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\ofblgwzdtomcqxss.dat->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\ofblgwzdtomcqxss.dat.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\taehandjxpyzivbk.dat->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\taehandjxpyzivbk.dat.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\tobdyfnskplyagib.dat->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\tobdyfnskplyagib.dat.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\vhyfpsrniuzdgzse.dat->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\vhyfpsrniuzdgzse.dat.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\vvszcvqsnsnpsemy.dat->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\vvszcvqsnsnpsemy.dat.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\ypehaibjsstbqfxc.dat->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\ypehaibjsstbqfxc.dat.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\ea75b2293dd1fdf7a365163e7381cfb2\Rise_of_Legends_Demo.exe->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\ea75b2293dd1fdf7a365163e7381cfb2\Rise_of_Legends_Demo.exe.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\e63d23bb06204a88e132a0c69b0c53ae\warzone2100-3.1.1.exe->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\e63d23bb06204a88e132a0c69b0c53ae\warzone2100-3.1.1.exe.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\d229a55e32e221fd3f8889f891a548c8\openttd-1.4.1-windows-win64.exe->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\d229a55e32e221fd3f8889f891a548c8\openttd-1.4.1-windows-win64.exe.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\a9d0a8fda4be268b2def8748d4a5072a\openttd-1.4.1-windows-win32.exe->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\a9d0a8fda4be268b2def8748d4a5072a\openttd-1.4.1-windows-win32.exe.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\a3937b3501088b7b9b06ef18008de960\reproins12.exe->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\a3937b3501088b7b9b06ef18008de960\reproins12.exe.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\6f0598926ff1d778b9ad354e0d2cd07e\IconInstaller.exe->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\6f0598926ff1d778b9ad354e0d2cd07e\IconInstaller.exe.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\635e5489064fe0b451850a9c746595d2\TinyPicSetup.exe->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\635e5489064fe0b451850a9c746595d2\TinyPicSetup.exe.vir
C:\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\1e8bf49cfca86fff7989f3d2b4775191\RedEye18.exe->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\1e8bf49cfca86fff7989f3d2b4775191\RedEye18.exe.vir
C:\Users\Marvin\AppData\Roaming\InetStat\inetstat.exe->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Roaming\InetStat\inetstat.exe.vir
C:\Users\Marvin\AppData\Roaming\pdfforge\Images2PDF\Images2PDF.settings->C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Roaming\pdfforge\Images2PDF\Images2PDF.settings.vir
C:\END->C:\AdwCleaner\Quarantine\C\END.vir

So danach hat Adwcleaner die meisten Sachen löschen können. Nur leider nicht folgende Sachen die bei den Scans danach aufgefallen sind.

Code:

ATTFilter

# AdwCleaner v3.212 - Bericht erstellt am 18/06/2014 um 01:00:02
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Marvin - MARVIN-PC
# Gestartet von : C:\Users\Marvin\Downloads\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\a9inxp0c.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2033 octets] - [18/06/2014 00:50:42]
AdwCleaner[R1].txt - [1064 octets] - [18/06/2014 00:59:14]
AdwCleaner[S0].txt - [2048 octets] - [18/06/2014 00:52:38]
AdwCleaner[S1].txt - [987 octets] - [18/06/2014 01:00:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1046 octets] ##########

Daruafhin habe ich wahrscheinlich einen Fehler gemacht und die Dateien die der Adwcleaner gefunden hat manuell gelöscht. (Google Chrome auch komplett deinsatlliert)

Nach diesem ganzen nervenaufreibenden Abend und Morgen dachte ich nun es wäre vorbei.
Aber leider meldet mir Hitmanpro bei jedem Scan zwei Proxyserver auf diesem Computer.
Hier der letzte Log

Code:

ATTFilter

HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : MARVIN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/3
   User name . . . . . . : Marvin-PC\Marvin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (29 days left)

   Scan date . . . . . . : 2014-06-18 12:57:25
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 29s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 2

   Objects scanned . . . : 1.293.466
   Files scanned . . . . : 16.563
   Remnants scanned  . . : 294.674 files / 982.229 keys

Repairs _____________________________________________________________________

   Proxyserver auf diesem Computer (Benutzer)
   127.0.0.1:51669

   Proxyserver auf diesem Computer (Benutzer)
   127.0.0.1:51669

Nun ist meine Frage sind das Reste von diesem PUP Dateien und sind diese gefährlich? Wenn ja wie kann ich sie löschen?

Vielen Dank schon mal im Vorraus

Mit freundlichen Grüßen

Mavang

P.S: Ich muss einfach noch ein Lob aussprechen. Wie viel Mühe sich die Admins und auch die User in diesem Forum machen um Leuten bei ihren Problemen zu helfen finde ich echt klasse.

schrauber · 18.06.2014, 13:17

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Mavang · 18.06.2014, 13:31

Hallo,

danke für deine schnelle Antwort. Hier die beiden FRST Scans

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by Marvin (administrator) on MARVIN-PC on 18-06-2014 14:28:08
Running from C:\Users\Marvin\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Spotify Ltd) C:\Users\Marvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-17] (AVAST Software)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2770432 2010-02-10] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-1510567587-1030786161-79826142-1001\...\Run: [Spotify] => C:\Users\Marvin\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-17] (Spotify Ltd)
HKU\S-1-5-21-1510567587-1030786161-79826142-1001\...\Run: [Spotify Web Helper] => C:\Users\Marvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-17] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x404BD892E232CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\ej4fgn7y.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\ej4fgn7y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-26]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-10]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-17] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-06-18] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-17] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-18 14:28 - 2014-06-18 14:28 - 00010672 _____ () C:\Users\Marvin\Downloads\FRST.txt
2014-06-18 14:27 - 2014-06-18 14:28 - 00000000 ____D () C:\FRST
2014-06-18 14:27 - 2014-06-18 14:27 - 02081280 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe
2014-06-18 13:10 - 2014-06-18 13:10 - 00001864 _____ () C:\Users\Marvin\Desktop\HitmanPro_20140618_1310.log
2014-06-18 12:44 - 2014-06-18 12:44 - 02347384 _____ (ESET) C:\Users\Marvin\Downloads\esetsmartinstaller_deu.exe
2014-06-18 12:44 - 2014-06-18 12:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-18 12:22 - 2014-06-18 12:22 - 00275336 _____ () C:\Windows\Minidump\061814-36800-01.dmp
2014-06-18 01:40 - 2014-06-18 01:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-18 01:40 - 2014-06-18 01:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-18 01:40 - 2014-06-18 01:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-18 01:40 - 2014-06-18 01:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-18 01:40 - 2014-06-18 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-18 01:40 - 2014-06-18 01:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-18 01:38 - 2014-06-18 01:38 - 00284288 _____ (Mozilla) C:\Users\Marvin\Downloads\Firefox Setup Stub 30.0.exe
2014-06-18 01:38 - 2014-06-18 01:38 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-18 01:38 - 2014-06-18 01:38 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-18 01:38 - 2014-06-18 01:38 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Mozilla
2014-06-18 01:25 - 2014-06-18 01:25 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 01:24 - 2014-06-18 01:25 - 01016261 _____ (Thisisu) C:\Users\Marvin\Downloads\JRT.exe
2014-06-18 00:57 - 2014-06-18 00:58 - 00275336 _____ () C:\Windows\Minidump\061814-16770-01.dmp
2014-06-18 00:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-18 00:50 - 2014-06-18 12:24 - 00000000 ____D () C:\AdwCleaner
2014-06-18 00:50 - 2014-06-18 00:50 - 01333465 _____ () C:\Users\Marvin\Downloads\adwcleaner_3.212.exe
2014-06-18 00:41 - 2014-06-18 02:18 - 00000000 ____D () C:\Users\Marvin\Desktop\mbar
2014-06-18 00:41 - 2014-06-18 02:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-18 00:40 - 2014-06-18 00:41 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Marvin\Downloads\mbar-1.07.0.1012.exe
2014-06-18 00:07 - 2014-06-18 00:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-18 00:07 - 2014-06-18 00:07 - 00001905 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-06-18 00:07 - 2014-06-18 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-18 00:07 - 2014-06-18 00:07 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-18 00:06 - 2014-06-18 00:06 - 10971424 _____ (SurfRight B.V.) C:\Users\Marvin\Downloads\hitmanpro_x64.exe
2014-06-18 00:00 - 2014-06-18 13:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 23:59 - 2014-06-18 02:18 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-17 23:59 - 2014-06-17 23:59 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-17 23:59 - 2014-06-17 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-17 23:59 - 2014-06-17 23:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-17 23:59 - 2014-06-17 23:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-17 23:59 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-17 23:59 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-17 23:58 - 2014-06-17 23:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marvin\Downloads\mbamsetup_20730.exe
2014-06-17 23:44 - 2014-06-17 23:45 - 01258032 _____ () C:\Users\Marvin\Downloads\avg_remover_bootkit.exe
2014-06-17 23:43 - 2014-06-17 23:43 - 11423432 _____ (Bitdefender LLC) C:\Users\Marvin\Downloads\BootkitRemoval_x64.exe
2014-06-17 23:40 - 2014-06-17 23:40 - 15258612 _____ () C:\Users\Marvin\Downloads\Rootkit_Remover_3022.zip
2014-06-17 23:39 - 2014-06-17 23:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Bitdefender Rootkit Remover - CHIP-Installer.exe
2014-06-17 23:16 - 2014-06-17 23:16 - 00262144 _____ () C:\Windows\Minidump\061714-21918-01.dmp
2014-06-17 22:18 - 2014-06-17 23:08 - 00000000 ____D () C:\Users\Marvin\Documents\OpenTTD
2014-06-17 22:17 - 2014-06-17 22:18 - 00000000 ____D () C:\Program Files\OpenTTD
2014-06-17 22:17 - 2014-06-17 22:17 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\OpenTTD 64 Bit - CHIP-Installer.exe
2014-06-17 22:17 - 2014-06-17 22:17 - 00000796 _____ () C:\Users\Public\Desktop\OpenTTD.lnk
2014-06-17 22:17 - 2014-06-17 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
2014-06-17 22:16 - 2014-06-17 22:16 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\OpenTTD 32 Bit - CHIP-Installer.exe
2014-06-17 21:53 - 2014-06-17 21:53 - 00000000 __SHD () C:\Users\Marvin\AppData\Local\EmieUserList
2014-06-17 21:53 - 2014-06-17 21:53 - 00000000 __SHD () C:\Users\Marvin\AppData\Local\EmieSiteList
2014-06-17 21:49 - 2014-06-17 21:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-17 21:49 - 2014-06-17 21:49 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-17 20:40 - 2014-06-17 20:45 - 00000000 ____D () C:\Users\Marvin\Documents\My Games
2014-06-17 20:40 - 2014-06-17 20:45 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-06-17 20:40 - 2014-06-17 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-06-17 20:40 - 2014-06-17 20:40 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-17 20:39 - 2014-06-17 20:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-06-17 20:28 - 2014-06-17 20:28 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Demo Rise of Nations Rise of Legends - CHIP-Installer.exe
2014-06-17 20:21 - 2014-06-17 20:21 - 00000000 ____D () C:\Users\Marvin\Documents\Warzone 2100 3.1
2014-06-17 20:20 - 2014-06-17 20:20 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00001094 _____ () C:\Users\Public\Desktop\Warzone 2100-3.1.1.lnk
2014-06-17 20:20 - 2014-06-17 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warzone 2100-3.1.1
2014-06-17 20:20 - 2014-06-17 20:20 - 00000000 ____D () C:\Program Files (x86)\Warzone 2100-3.1.1
2014-06-17 20:20 - 2014-06-17 20:20 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-06-17 20:19 - 2014-06-17 20:19 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Warzone 2100 - CHIP-Installer.exe
2014-06-16 13:53 - 2014-06-16 13:54 - 26201511 _____ () C:\Users\Marvin\Desktop\UST Skript.zip
2014-06-15 22:02 - 2014-06-15 22:02 - 00605935 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version 9b (1).pptx
2014-06-15 22:02 - 2014-06-15 22:02 - 00483022 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version10 (1).pptx
2014-06-15 21:47 - 2014-06-15 22:01 - 00594521 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version 9b.pptx
2014-06-15 21:46 - 2014-06-15 21:46 - 00563347 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version11.pptx
2014-06-15 21:46 - 2014-06-15 21:46 - 00483022 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version10.pptx
2014-06-15 21:45 - 2014-06-15 21:45 - 00615646 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version12 (1).pptx
2014-06-15 21:24 - 2014-06-15 21:36 - 00604382 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version12.pptx
2014-06-14 14:02 - 2014-06-14 14:02 - 00099840 _____ () C:\Users\Marvin\Downloads\SWOT_Analyse_06_2013.xls
2014-06-14 13:57 - 2014-06-14 14:27 - 00362427 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version 4.pptx
2014-06-12 12:51 - 2014-06-12 12:51 - 00275336 _____ () C:\Windows\Minidump\061214-16364-01.dmp
2014-06-12 12:00 - 2014-06-13 21:59 - 00292435 _____ () C:\Users\Marvin\Desktop\Zinsstrukturkurven und Credit Spread 1.1.pptx
2014-06-12 11:54 - 2014-06-12 11:54 - 00275336 _____ () C:\Windows\Minidump\061214-16832-01.dmp
2014-06-12 11:50 - 2014-06-12 11:50 - 00000000 ____D () C:\Users\Marvin\AppData\OICE_15_974FA576_32C1D314_2FA6
2014-06-12 09:21 - 2014-06-12 09:21 - 00000165 ____H () C:\Users\Marvin\Desktop\~$Zinsstrukturkurven und Credit Spread.pptx
2014-06-11 15:30 - 2014-06-12 10:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 14:07 - 2014-06-11 14:07 - 01760822 _____ () C:\Users\Marvin\Downloads\4.5 Aktuelle Entwicklung auf den Finanzmärkten-1.pptx
2014-06-11 13:36 - 2014-06-11 13:36 - 00327025 _____ () C:\Users\Marvin\Downloads\1.5 Sonderformen der Finanzierung (Factoring, Forfaitierung) Rachid Chaatouf (2).pptx
2014-06-11 13:31 - 2014-06-11 13:31 - 03575808 _____ () C:\Users\Marvin\Downloads\3.2 Finanzplanung 30.05.2014.ppt
2014-06-11 13:31 - 2014-06-11 13:31 - 00327025 _____ () C:\Users\Marvin\Downloads\1.5 Sonderformen der Finanzierung (Factoring, Forfaitierung) Rachid Chaatouf (1).pptx
2014-06-11 13:27 - 2014-06-11 13:27 - 01180160 _____ () C:\Users\Marvin\Downloads\3.3 Portfoliotheorie_30.5.2014.ppt
2014-06-11 13:27 - 2014-06-11 13:27 - 00516096 _____ () C:\Users\Marvin\Downloads\4.1 Bankenstruktur Präsentation.ppt
2014-06-11 13:26 - 2014-06-11 13:26 - 00204135 _____ () C:\Users\Marvin\Downloads\1.3  Fremdfinanzierung mit Effekten - Michael Bohrmann.pptx
2014-06-11 13:25 - 2014-06-11 13:25 - 00327025 _____ () C:\Users\Marvin\Downloads\1.5 Sonderformen der Finanzierung (Factoring, Forfaitierung) Rachid Chaatouf.pptx
2014-06-11 13:24 - 2014-06-11 13:24 - 00275023 _____ () C:\Users\Marvin\Downloads\1.3 Kreditfinanzierung - Al-sharqi.pptx
2014-06-11 12:02 - 2014-06-11 12:02 - 01236480 _____ () C:\Users\Marvin\Downloads\Geld_5.ppt
2014-06-11 12:02 - 2014-06-11 12:02 - 00975360 _____ () C:\Users\Marvin\Downloads\Geld_6.ppt
2014-06-11 11:59 - 2014-06-11 11:59 - 01243136 _____ () C:\Users\Marvin\Downloads\Geld_7.ppt
2014-06-11 08:22 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 08:22 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 08:22 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 08:22 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 08:22 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 08:22 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 08:22 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 08:22 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 08:22 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 08:22 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 08:22 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 08:22 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 08:22 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 08:22 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 08:22 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 08:22 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 08:22 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 08:22 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 08:22 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 08:22 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 08:22 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 08:22 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 08:22 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 08:22 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 08:22 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 08:22 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 08:22 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 08:22 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 08:22 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 08:22 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 08:22 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 08:22 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 08:22 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 08:22 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 08:22 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 08:22 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 08:22 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 08:22 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 08:22 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 08:22 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 08:22 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 08:22 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 08:22 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 08:22 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 08:22 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 08:22 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 08:22 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 08:22 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 08:22 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 08:22 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 08:22 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 08:22 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 08:22 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 08:22 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 08:22 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 08:22 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 08:22 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 08:22 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 08:22 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 08:22 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 08:22 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 08:22 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 08:22 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 08:22 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 08:22 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-06 13:26 - 2014-06-06 13:26 - 00262144 _____ () C:\Windows\Minidump\060614-42104-01.dmp
2014-05-24 18:27 - 2014-05-24 18:27 - 00275336 _____ () C:\Windows\Minidump\052414-20108-01.dmp
2014-05-24 18:12 - 2014-05-24 18:12 - 00000222 _____ () C:\Users\Marvin\Desktop\Neverwinter.url
2014-05-24 18:01 - 2014-06-17 20:40 - 00094259 _____ () C:\Windows\DirectX.log
2014-05-24 18:01 - 2014-05-24 18:01 - 00000000 ____D () C:\Users\Marvin\Documents\Spiele
2014-05-24 18:01 - 2014-05-24 18:01 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Gas Powered Games
2014-05-24 17:38 - 2014-05-24 17:38 - 00000221 _____ () C:\Users\Marvin\Desktop\Supreme Commander 2.url
2014-05-22 14:17 - 2014-05-22 14:17 - 00262144 _____ () C:\Windows\Minidump\052214-15490-01.dmp
2014-05-20 13:28 - 2014-05-20 13:28 - 00000000 ____D () C:\Users\Marvin\Documents\Cities In Motion
2014-05-20 13:07 - 2014-05-20 13:07 - 00262144 _____ () C:\Windows\Minidump\052014-15849-01.dmp

==================== One Month Modified Files and Folders =======

2014-06-18 14:28 - 2014-06-18 14:28 - 00010672 _____ () C:\Users\Marvin\Downloads\FRST.txt
2014-06-18 14:28 - 2014-06-18 14:27 - 00000000 ____D () C:\FRST
2014-06-18 14:28 - 2014-02-26 13:01 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Temp
2014-06-18 14:27 - 2014-06-18 14:27 - 02081280 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe
2014-06-18 14:27 - 2014-04-02 17:43 - 00152958 _____ () C:\Windows\setupact.log
2014-06-18 14:26 - 2014-02-26 13:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-18 14:02 - 2014-03-18 13:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-18 13:14 - 2014-06-18 00:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 13:10 - 2014-06-18 13:10 - 00001864 _____ () C:\Users\Marvin\Desktop\HitmanPro_20140618_1310.log
2014-06-18 13:02 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 13:02 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 12:58 - 2014-02-26 13:01 - 01833677 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 12:55 - 2014-02-26 17:18 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Spotify
2014-06-18 12:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 12:44 - 2014-06-18 12:44 - 02347384 _____ (ESET) C:\Users\Marvin\Downloads\esetsmartinstaller_deu.exe
2014-06-18 12:44 - 2014-06-18 12:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-18 12:24 - 2014-06-18 00:50 - 00000000 ____D () C:\AdwCleaner
2014-06-18 12:22 - 2014-06-18 12:22 - 00275336 _____ () C:\Windows\Minidump\061814-36800-01.dmp
2014-06-18 12:22 - 2014-04-05 11:58 - 383190026 _____ () C:\Windows\MEMORY.DMP
2014-06-18 12:22 - 2014-03-03 14:06 - 00000000 ____D () C:\Windows\Minidump
2014-06-18 12:19 - 2014-04-03 11:20 - 00015286 _____ () C:\Windows\PFRO.log
2014-06-18 11:54 - 2014-02-26 13:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 02:18 - 2014-06-18 00:41 - 00000000 ____D () C:\Users\Marvin\Desktop\mbar
2014-06-18 02:18 - 2014-06-18 00:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-18 02:18 - 2014-06-17 23:59 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-18 01:40 - 2014-06-18 01:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-18 01:40 - 2014-06-18 01:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-18 01:40 - 2014-06-18 01:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-18 01:40 - 2014-06-18 01:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-18 01:40 - 2014-06-18 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-18 01:40 - 2014-06-18 01:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-18 01:40 - 2014-03-18 13:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-18 01:40 - 2014-02-28 15:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-18 01:40 - 2014-02-28 15:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-18 01:38 - 2014-06-18 01:38 - 00284288 _____ (Mozilla) C:\Users\Marvin\Downloads\Firefox Setup Stub 30.0.exe
2014-06-18 01:38 - 2014-06-18 01:38 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-18 01:38 - 2014-06-18 01:38 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-18 01:38 - 2014-06-18 01:38 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Mozilla
2014-06-18 01:38 - 2014-05-11 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 01:35 - 2014-02-26 13:09 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-18 01:25 - 2014-06-18 01:25 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 01:25 - 2014-06-18 01:24 - 01016261 _____ (Thisisu) C:\Users\Marvin\Downloads\JRT.exe
2014-06-18 01:09 - 2014-04-27 21:58 - 00000000 ____D () C:\Program Files (x86)\Red Eye Remover Pro
2014-06-18 00:58 - 2014-06-18 00:57 - 00275336 _____ () C:\Windows\Minidump\061814-16770-01.dmp
2014-06-18 00:50 - 2014-06-18 00:50 - 01333465 _____ () C:\Users\Marvin\Downloads\adwcleaner_3.212.exe
2014-06-18 00:41 - 2014-06-18 00:40 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Marvin\Downloads\mbar-1.07.0.1012.exe
2014-06-18 00:18 - 2014-02-26 17:18 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Spotify
2014-06-18 00:15 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2014-06-18 00:14 - 2014-06-18 00:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-18 00:07 - 2014-06-18 00:07 - 00001905 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-06-18 00:07 - 2014-06-18 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-18 00:07 - 2014-06-18 00:07 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-18 00:06 - 2014-06-18 00:06 - 10971424 _____ (SurfRight B.V.) C:\Users\Marvin\Downloads\hitmanpro_x64.exe
2014-06-17 23:59 - 2014-06-17 23:59 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-17 23:59 - 2014-06-17 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-17 23:59 - 2014-06-17 23:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-17 23:59 - 2014-06-17 23:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-17 23:58 - 2014-06-17 23:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marvin\Downloads\mbamsetup_20730.exe
2014-06-17 23:45 - 2014-06-17 23:44 - 01258032 _____ () C:\Users\Marvin\Downloads\avg_remover_bootkit.exe
2014-06-17 23:43 - 2014-06-17 23:43 - 11423432 _____ (Bitdefender LLC) C:\Users\Marvin\Downloads\BootkitRemoval_x64.exe
2014-06-17 23:40 - 2014-06-17 23:40 - 15258612 _____ () C:\Users\Marvin\Downloads\Rootkit_Remover_3022.zip
2014-06-17 23:39 - 2014-06-17 23:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Bitdefender Rootkit Remover - CHIP-Installer.exe
2014-06-17 23:16 - 2014-06-17 23:16 - 00262144 _____ () C:\Windows\Minidump\061714-21918-01.dmp
2014-06-17 23:08 - 2014-06-17 22:18 - 00000000 ____D () C:\Users\Marvin\Documents\OpenTTD
2014-06-17 22:18 - 2014-06-17 22:17 - 00000000 ____D () C:\Program Files\OpenTTD
2014-06-17 22:17 - 2014-06-17 22:17 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\OpenTTD 64 Bit - CHIP-Installer.exe
2014-06-17 22:17 - 2014-06-17 22:17 - 00000796 _____ () C:\Users\Public\Desktop\OpenTTD.lnk
2014-06-17 22:17 - 2014-06-17 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
2014-06-17 22:16 - 2014-06-17 22:16 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\OpenTTD 32 Bit - CHIP-Installer.exe
2014-06-17 22:06 - 2014-03-01 23:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-17 21:53 - 2014-06-17 21:53 - 00000000 __SHD () C:\Users\Marvin\AppData\Local\EmieUserList
2014-06-17 21:53 - 2014-06-17 21:53 - 00000000 __SHD () C:\Users\Marvin\AppData\Local\EmieSiteList
2014-06-17 21:51 - 2014-02-26 13:08 - 00116216 _____ () C:\Users\Marvin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-17 21:50 - 2009-07-14 06:45 - 00459448 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-17 21:49 - 2014-06-17 21:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-17 21:49 - 2014-06-17 21:49 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-17 21:49 - 2014-02-27 13:56 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\TS3Client
2014-06-17 21:49 - 2014-02-26 13:10 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-17 21:49 - 2014-02-26 13:09 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-17 21:49 - 2014-02-26 13:09 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-17 21:49 - 2014-02-26 13:09 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-17 21:49 - 2014-02-26 13:09 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-17 21:49 - 2014-02-26 13:09 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-17 21:49 - 2014-02-26 13:09 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-17 21:49 - 2014-02-26 13:09 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-17 21:49 - 2014-02-26 13:09 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-17 21:34 - 2014-02-26 13:48 - 00000000 ____D () C:\Users\Marvin\AppData\Local\PMB Files
2014-06-17 20:55 - 2009-07-14 19:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-06-17 20:55 - 2009-07-14 19:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-06-17 20:55 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-17 20:45 - 2014-06-17 20:40 - 00000000 ____D () C:\Users\Marvin\Documents\My Games
2014-06-17 20:45 - 2014-06-17 20:40 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-06-17 20:45 - 2014-06-17 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-06-17 20:45 - 2014-06-17 20:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-06-17 20:45 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-17 20:40 - 2014-06-17 20:40 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-17 20:40 - 2014-05-24 18:01 - 00094259 _____ () C:\Windows\DirectX.log
2014-06-17 20:40 - 2014-02-26 23:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-17 20:28 - 2014-06-17 20:28 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Demo Rise of Nations Rise of Legends - CHIP-Installer.exe
2014-06-17 20:21 - 2014-06-17 20:21 - 00000000 ____D () C:\Users\Marvin\Documents\Warzone 2100 3.1
2014-06-17 20:20 - 2014-06-17 20:20 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00001094 _____ () C:\Users\Public\Desktop\Warzone 2100-3.1.1.lnk
2014-06-17 20:20 - 2014-06-17 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warzone 2100-3.1.1
2014-06-17 20:20 - 2014-06-17 20:20 - 00000000 ____D () C:\Program Files (x86)\Warzone 2100-3.1.1
2014-06-17 20:20 - 2014-06-17 20:20 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-06-17 20:19 - 2014-06-17 20:19 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Warzone 2100 - CHIP-Installer.exe
2014-06-16 13:54 - 2014-06-16 13:53 - 26201511 _____ () C:\Users\Marvin\Desktop\UST Skript.zip
2014-06-15 22:02 - 2014-06-15 22:02 - 00605935 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version 9b (1).pptx
2014-06-15 22:02 - 2014-06-15 22:02 - 00483022 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version10 (1).pptx
2014-06-15 22:01 - 2014-06-15 21:47 - 00594521 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version 9b.pptx
2014-06-15 21:46 - 2014-06-15 21:46 - 00563347 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version11.pptx
2014-06-15 21:46 - 2014-06-15 21:46 - 00483022 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version10.pptx
2014-06-15 21:45 - 2014-06-15 21:45 - 00615646 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version12 (1).pptx
2014-06-15 21:36 - 2014-06-15 21:24 - 00604382 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version12.pptx
2014-06-14 14:27 - 2014-06-14 13:57 - 00362427 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version 4.pptx
2014-06-14 14:02 - 2014-06-14 14:02 - 00099840 _____ () C:\Users\Marvin\Downloads\SWOT_Analyse_06_2013.xls
2014-06-13 21:59 - 2014-06-12 12:00 - 00292435 _____ () C:\Users\Marvin\Desktop\Zinsstrukturkurven und Credit Spread 1.1.pptx
2014-06-13 11:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 10:42 - 2014-04-29 14:10 - 00000000 ____D () C:\Users\Marvin\Desktop\Bewerbung
2014-06-12 12:51 - 2014-06-12 12:51 - 00275336 _____ () C:\Windows\Minidump\061214-16364-01.dmp
2014-06-12 11:54 - 2014-06-12 11:54 - 00275336 _____ () C:\Windows\Minidump\061214-16832-01.dmp
2014-06-12 11:50 - 2014-06-12 11:50 - 00000000 ____D () C:\Users\Marvin\AppData\OICE_15_974FA576_32C1D314_2FA6
2014-06-12 10:56 - 2014-06-11 15:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-12 09:21 - 2014-06-12 09:21 - 00000165 ____H () C:\Users\Marvin\Desktop\~$Zinsstrukturkurven und Credit Spread.pptx
2014-06-12 00:09 - 2014-02-28 15:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:08 - 2014-02-28 15:53 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 15:12 - 2014-02-26 13:48 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-11 14:07 - 2014-06-11 14:07 - 01760822 _____ () C:\Users\Marvin\Downloads\4.5 Aktuelle Entwicklung auf den Finanzmärkten-1.pptx
2014-06-11 13:36 - 2014-06-11 13:36 - 00327025 _____ () C:\Users\Marvin\Downloads\1.5 Sonderformen der Finanzierung (Factoring, Forfaitierung) Rachid Chaatouf (2).pptx
2014-06-11 13:31 - 2014-06-11 13:31 - 03575808 _____ () C:\Users\Marvin\Downloads\3.2 Finanzplanung 30.05.2014.ppt
2014-06-11 13:31 - 2014-06-11 13:31 - 00327025 _____ () C:\Users\Marvin\Downloads\1.5 Sonderformen der Finanzierung (Factoring, Forfaitierung) Rachid Chaatouf (1).pptx
2014-06-11 13:27 - 2014-06-11 13:27 - 01180160 _____ () C:\Users\Marvin\Downloads\3.3 Portfoliotheorie_30.5.2014.ppt
2014-06-11 13:27 - 2014-06-11 13:27 - 00516096 _____ () C:\Users\Marvin\Downloads\4.1 Bankenstruktur Präsentation.ppt
2014-06-11 13:26 - 2014-06-11 13:26 - 00204135 _____ () C:\Users\Marvin\Downloads\1.3  Fremdfinanzierung mit Effekten - Michael Bohrmann.pptx
2014-06-11 13:25 - 2014-06-11 13:25 - 00327025 _____ () C:\Users\Marvin\Downloads\1.5 Sonderformen der Finanzierung (Factoring, Forfaitierung) Rachid Chaatouf.pptx
2014-06-11 13:24 - 2014-06-11 13:24 - 00275023 _____ () C:\Users\Marvin\Downloads\1.3 Kreditfinanzierung - Al-sharqi.pptx
2014-06-11 12:02 - 2014-06-11 12:02 - 01236480 _____ () C:\Users\Marvin\Downloads\Geld_5.ppt
2014-06-11 12:02 - 2014-06-11 12:02 - 00975360 _____ () C:\Users\Marvin\Downloads\Geld_6.ppt
2014-06-11 11:59 - 2014-06-11 11:59 - 01243136 _____ () C:\Users\Marvin\Downloads\Geld_7.ppt
2014-06-06 13:26 - 2014-06-06 13:26 - 00262144 _____ () C:\Windows\Minidump\060614-42104-01.dmp
2014-06-03 10:49 - 2014-05-13 17:43 - 00000000 ____D () C:\Users\Marvin\Desktop\Bewerbungsunterlagen
2014-05-30 12:21 - 2014-06-11 08:22 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 08:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 08:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 08:22 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 08:22 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 08:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 08:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 08:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 08:22 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 08:22 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 08:22 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 08:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 08:22 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 08:22 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 08:22 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 08:22 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 08:22 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 08:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 08:22 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 08:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 08:22 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 08:22 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 08:22 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 08:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 08:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 08:22 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 08:22 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 08:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 08:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 08:22 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 08:22 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 08:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 08:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 08:22 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 08:22 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 08:22 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 08:22 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 08:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 08:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 08:22 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 08:22 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 08:22 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 08:22 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 08:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 08:22 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 08:22 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 08:22 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 08:22 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 08:22 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 08:22 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 08:22 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 08:22 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-24 18:28 - 2014-04-02 18:04 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-24 18:27 - 2014-05-24 18:27 - 00275336 _____ () C:\Windows\Minidump\052414-20108-01.dmp
2014-05-24 18:12 - 2014-05-24 18:12 - 00000222 _____ () C:\Users\Marvin\Desktop\Neverwinter.url
2014-05-24 18:01 - 2014-05-24 18:01 - 00000000 ____D () C:\Users\Marvin\Documents\Spiele
2014-05-24 18:01 - 2014-05-24 18:01 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Gas Powered Games
2014-05-24 17:38 - 2014-05-24 17:38 - 00000221 _____ () C:\Users\Marvin\Desktop\Supreme Commander 2.url
2014-05-22 14:17 - 2014-05-22 14:17 - 00262144 _____ () C:\Windows\Minidump\052214-15490-01.dmp
2014-05-20 13:28 - 2014-05-20 13:28 - 00000000 ____D () C:\Users\Marvin\Documents\Cities In Motion
2014-05-20 13:07 - 2014-05-20 13:07 - 00262144 _____ () C:\Windows\Minidump\052014-15849-01.dmp
2014-05-19 13:11 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Marvin\AppData\Local\Temp\speedupmypc.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-10 16:00

==================== End Of Log ============================

--- --- ---

Und der Additionteil

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by Marvin at 2014-06-18 14:28:45
Running from C:\Users\Marvin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Accelerated Video Transcoding (Version: 13.30.100.40223 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{A081D35B-0AF0-588A-D0D6-259D25C03E50}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Cities in Motion (HKLM-x32\...\Steam App 73010) (Version:  - Colossal Order Ltd.)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
InetStat (HKCU\...\InetStat) (Version: 0.4 - InetStat)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version:  - Novawave Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7316 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
OpenTTD 1.4.1 (HKLM-x32\...\OpenTTD) (Version: 1.4.1 - OpenTTD)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
RedEye (remove only) (HKLM-x32\...\RedEye) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Warzone 2100-3.1.1 (HKLM-x32\...\Warzone 2100-3.1.1) (Version: 3.1.1 - Warzone 2100 Project)

==================== Restore Points  =========================

10-06-2014 12:26:14 Windows Update
11-06-2014 22:07:08 Windows Update
17-06-2014 09:12:02 Windows Update
17-06-2014 18:39:00 Installed Rise Of Legends Demo
17-06-2014 18:44:30 Removed Rise Of Legends Demo
17-06-2014 19:47:54 Uniblue SpeedUpMyPC installation
17-06-2014 19:47:58 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {5954C638-A135-44FA-998C-6A0F79F3AA14} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-17] (AVAST Software)
Task: {5B2D39AD-EB98-4A0E-ABDB-AEE0F5C2272A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-18] (Adobe Systems Incorporated)
Task: {A4F18637-433A-4989-A07F-A34066FFB1A7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: {CF04552D-3505-4D6E-B021-967DB37A4178} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-24] (Microsoft Corporation)
Task: {F7A25FB9-79D1-43B8-A1C0-67CB6172727F} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-02 18:04 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-04-02 18:04 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-02-26 23:54 - 2009-05-07 10:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-02-26 23:54 - 2009-05-07 10:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-02-26 23:54 - 2008-01-18 08:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2014-02-26 23:54 - 2009-11-03 05:12 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2009-08-10 17:01 - 2009-08-10 17:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-10 17:00 - 2009-08-10 17:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-10 17:01 - 2009-08-10 17:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2009-08-10 17:01 - 2009-08-10 17:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-06-18 11:55 - 2014-06-18 11:55 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061800\algo.dll
2014-02-27 00:01 - 2009-03-19 23:35 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2014-02-27 00:01 - 2009-03-19 23:35 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2014-02-27 00:01 - 2009-01-15 15:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2014-02-27 00:01 - 2009-03-25 17:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2014-02-26 13:09 - 2014-02-26 13:09 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-18 01:38 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-11 15:30 - 2014-06-11 15:30 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-11 15:30 - 2014-06-11 15:30 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-11 15:30 - 2014-06-11 15:30 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/18/2014 01:23:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/18/2014 00:44:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/18/2014 00:44:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/18/2014 00:04:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (06/18/2014 00:04:22 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {4698D3C7-EEB3-4EFD-8C6B-8A929B5F894D}

Error: (06/18/2014 00:04:21 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {4698D3C7-EEB3-4EFD-8C6B-8A929B5F894D}


System errors:
=============
Error: (06/18/2014 00:22:38 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000c5 (0x0000000000000008, 0x0000000000000002, 0x0000000000000001, 0xfffff800031fc147)C:\Windows\MEMORY.DMP061814-36800-01

Error: (06/18/2014 00:22:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎18.‎06.‎2014 um 12:20:01 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (06/18/2014 01:23:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Marvin\Downloads\esetsmartinstaller_deu.exe

Error: (06/18/2014 00:44:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Marvin\Downloads\esetsmartinstaller_deu.exe

Error: (06/18/2014 00:44:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Marvin\Downloads\esetsmartinstaller_deu.exe

Error: (06/18/2014 00:04:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (06/18/2014 00:04:22 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {4698D3C7-EEB3-4EFD-8C6B-8A929B5F894D}

Error: (06/18/2014 00:04:21 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {4698D3C7-EEB3-4EFD-8C6B-8A929B5F894D}


==================== Memory info =========================== 

Percentage of memory in use: 31%
Total physical RAM: 6143.23 MB
Available physical RAM: 4217.64 MB
Total Pagefile: 12284.63 MB
Available Pagefile: 10213.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:394.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A3543337)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 19.06.2014, 13:10

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Mavang · 20.06.2014, 09:21

Hallo,

sry das es ein bisschen gedauert hat. Hier der Combofixlog

Code:

ATTFilter

ComboFix 14-06-19.01 - Marvin 20.06.2014  10:12:12.1.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6143.4153 [GMT 2:00]
ausgeführt von:: c:\users\Marvin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-20 bis 2014-06-20  ))))))))))))))))))))))))))))))
.
.
2014-06-20 08:17 . 2014-06-20 08:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-20 08:09 . 2014-06-05 10:54	10779000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD01FBF1-21CF-4D97-B7ED-F314FF1D5BC8}\mpengine.dll
2014-06-19 17:29 . 2014-06-19 17:29	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2014-06-18 23:37 . 2014-06-18 23:37	--------	d-----w-	c:\users\Marvin\AppData\Roaming\Microsoft Games
2014-06-18 12:27 . 2014-06-18 12:29	--------	d-----w-	C:\FRST
2014-06-18 10:44 . 2014-06-18 10:44	--------	d-----w-	c:\program files (x86)\ESET
2014-06-17 23:40 . 2014-06-17 23:40	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-06-17 23:40 . 2014-06-17 23:40	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-17 23:40 . 2014-06-17 23:40	--------	d-----w-	c:\program files (x86)\Java
2014-06-17 23:25 . 2014-06-17 23:25	--------	d-----w-	c:\windows\ERUNT
2014-06-17 22:51 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-06-17 22:50 . 2014-06-18 10:24	--------	d-----w-	C:\AdwCleaner
2014-06-17 22:41 . 2014-06-18 00:18	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-06-17 22:07 . 2014-06-17 22:07	--------	d-----w-	c:\program files\HitmanPro
2014-06-17 22:07 . 2014-06-17 22:14	--------	d-----w-	c:\programdata\HitmanPro
2014-06-17 22:00 . 2014-06-18 11:14	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-17 21:59 . 2014-06-18 00:18	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-06-17 21:59 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-06-17 21:59 . 2014-06-17 21:59	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-06-17 21:59 . 2014-06-17 21:59	--------	d-----w-	c:\programdata\Malwarebytes
2014-06-17 21:59 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-06-17 20:17 . 2014-06-17 20:18	--------	d-----w-	c:\program files\OpenTTD
2014-06-17 19:53 . 2014-06-17 19:53	--------	d-sh--w-	c:\users\Marvin\AppData\Local\EmieUserList
2014-06-17 19:53 . 2014-06-17 19:53	--------	d-sh--w-	c:\users\Marvin\AppData\Local\EmieSiteList
2014-06-17 19:49 . 2014-06-17 19:49	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-06-17 19:49 . 2014-06-17 19:49	43152	----a-w-	c:\windows\avastSS.scr
2014-06-17 18:39 . 2014-06-18 23:30	--------	d-----w-	c:\program files (x86)\Microsoft Games
2014-06-17 18:20 . 2014-06-17 18:20	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2014-06-17 18:20 . 2014-06-17 18:20	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2014-06-17 18:20 . 2014-06-17 18:20	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2014-06-17 18:20 . 2014-06-17 18:20	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2014-06-17 18:20 . 2014-06-17 18:20	--------	d-----w-	c:\program files (x86)\OpenAL
2014-06-17 18:20 . 2014-06-17 18:20	--------	d-----w-	c:\program files (x86)\Warzone 2100-3.1.1
2014-06-11 13:30 . 2014-06-12 08:56	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2014-05-24 16:01 . 2014-05-24 16:01	--------	d-----w-	c:\users\Marvin\AppData\Local\Gas Powered Games
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-18 20:35 . 2014-04-02 16:06	588496	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-06-17 23:40 . 2014-02-28 13:21	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-17 23:40 . 2014-02-28 13:21	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-17 19:49 . 2014-02-26 11:09	85328	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-06-17 19:49 . 2014-02-26 11:09	423240	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-06-17 19:49 . 2014-02-26 11:09	1039096	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-06-17 19:49 . 2014-02-26 11:09	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-06-17 19:49 . 2014-02-26 11:09	208416	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-06-17 19:49 . 2014-02-26 11:09	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-06-17 19:49 . 2014-02-26 11:09	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-06-17 19:49 . 2014-02-26 11:09	334648	----a-w-	c:\windows\system32\aswBoot.exe
2014-06-11 22:08 . 2014-02-28 13:53	95414520	----a-w-	c:\windows\system32\MRT.exe
2014-04-12 02:22 . 2014-05-14 16:21	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:22 . 2014-05-14 16:21	155072	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:19 . 2014-05-14 16:21	136192	----a-w-	c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 16:21	29184	----a-w-	c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 16:21	28160	----a-w-	c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 16:21	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 16:21	31232	----a-w-	c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 16:21	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 16:21	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-03-31 07:35 . 2014-02-26 11:17	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-25 02:43 . 2014-05-14 16:21	14175744	----a-w-	c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-02 16:10	222920	----a-w-	c:\users\Marvin\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-02 16:10	222920	----a-w-	c:\users\Marvin\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-02 16:10	222920	----a-w-	c:\users\Marvin\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Marvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-05-17 1176632]
"Spotify"="c:\users\Marvin\AppData\Roaming\Spotify\spotify.exe" [2014-05-17 6170168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-17 3890208]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 2770432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-02-06 189480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-28 23:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-02 16:10	261832	----a-w-	c:\users\Marvin\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-02 16:10	261832	----a-w-	c:\users\Marvin\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-02 16:10	261832	----a-w-	c:\users\Marvin\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-18 20:35	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-18 20:35	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-18 20:35	2335960	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-06-17 19:49	290888	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 192.168.0.2
FF - ProfilePath - c:\users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\ej4fgn7y.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-InetStat - c:\users\Marvin\AppData\Roaming\InetStat\inetstat.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-20  10:19:13
ComboFix-quarantined-files.txt  2014-06-20 08:19
.
Vor Suchlauf: 10 Verzeichnis(se), 424.646.397.952 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 424.222.281.728 Bytes frei
.
- - End Of File - - E2B54038A50C2EB2A8309FE1D04FE83A
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 21.06.2014, 09:05

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Mavang · 21.06.2014, 13:58

Hi,

hier die ganzen logs in der reihenfolge wie von dir beschrieben.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 21.06.2014
Suchlauf-Zeit: 14:22:41
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.21.04
Rootkit Datenbank: v2014.06.20.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Marvin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 278866
Verstrichene Zeit: 7 Min, 14 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

# AdwCleaner v3.212 - Bericht erstellt am 21/06/2014 um 14:32:36
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Marvin - MARVIN-PC
# Gestartet von : C:\Users\Marvin\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\ej4fgn7y.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2033 octets] - [18/06/2014 00:50:42]
AdwCleaner[R1].txt - [1064 octets] - [18/06/2014 00:59:14]
AdwCleaner[R2].txt - [1185 octets] - [18/06/2014 01:17:37]
AdwCleaner[R3].txt - [1245 octets] - [18/06/2014 01:33:01]
AdwCleaner[R4].txt - [1351 octets] - [18/06/2014 01:48:07]
AdwCleaner[R5].txt - [1411 octets] - [18/06/2014 12:04:31]
AdwCleaner[R6].txt - [1371 octets] - [18/06/2014 12:14:34]
AdwCleaner[R7].txt - [1376 octets] - [18/06/2014 12:24:30]
AdwCleaner[R8].txt - [1535 octets] - [21/06/2014 14:31:39]
AdwCleaner[S0].txt - [2048 octets] - [18/06/2014 00:52:38]
AdwCleaner[S1].txt - [1126 octets] - [18/06/2014 01:00:02]
AdwCleaner[S2].txt - [1307 octets] - [18/06/2014 01:33:39]
AdwCleaner[S3].txt - [1432 octets] - [18/06/2014 12:17:52]
AdwCleaner[S4].txt - [1456 octets] - [21/06/2014 14:32:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1516 octets] ##########

Code:

ATTFilter

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Marvin on 21.06.2014 at 14:42:35,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Marvin\AppData\Roaming\mozilla\firefox\profiles\ej4fgn7y.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.06.2014 at 14:49:29,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by Marvin (administrator) on MARVIN-PC on 21-06-2014 14:51:33
Running from C:\Users\Marvin\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Spotify Ltd) C:\Users\Marvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-17] (AVAST Software)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2770432 2010-02-10] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-1510567587-1030786161-79826142-1001\...\Run: [Spotify Web Helper] => C:\Users\Marvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-17] (Spotify Ltd)
HKU\S-1-5-21-1510567587-1030786161-79826142-1001\...\Run: [Spotify] => C:\Users\Marvin\AppData\Roaming\Spotify\spotify.exe [6170168 2014-05-17] (Spotify Ltd)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x404BD892E232CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\ej4fgn7y.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\ej4fgn7y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-26]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-10]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-17] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-06-18] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-17] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-17] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-21 14:51 - 2014-06-21 14:51 - 00000000 ____D () C:\Users\Marvin\Downloads\FRST-OlderVersion
2014-06-21 14:49 - 2014-06-21 14:51 - 00000758 _____ () C:\Users\Marvin\Desktop\JRT.txt
2014-06-21 14:40 - 2014-06-21 14:40 - 01016261 _____ (Thisisu) C:\Users\Marvin\Desktop\JRT(1).exe
2014-06-21 14:39 - 2014-06-21 14:39 - 00001596 _____ () C:\Users\Marvin\Desktop\AdwCleaner[S4].txt
2014-06-21 14:30 - 2014-06-21 14:30 - 00001159 _____ () C:\Users\Marvin\Desktop\mbam.txt
2014-06-20 22:41 - 2014-06-20 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IndustrieGigant 2
2014-06-20 22:39 - 2014-06-20 22:40 - 00000000 ____D () C:\Program Files (x86)\IndustrieGigant 2
2014-06-20 22:32 - 2014-06-20 22:38 - 00000000 ____D () C:\Users\Marvin\Downloads\Industry Gigant II - Gold Edition 2012
2014-06-20 22:32 - 2014-06-20 22:32 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Nexway
2014-06-20 22:31 - 2014-06-20 22:32 - 02113208 _____ (Nexway) C:\Users\Marvin\Downloads\downloadManager_21866910.exe
2014-06-20 19:58 - 2014-06-20 19:58 - 00000222 _____ () C:\Users\Marvin\Desktop\Total War ROME II.url
2014-06-20 17:32 - 2014-06-20 19:57 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Skype
2014-06-20 17:32 - 2014-06-20 17:32 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Skype
2014-06-20 17:31 - 2014-06-20 17:32 - 00000000 ____D () C:\ProgramData\Skype
2014-06-20 17:31 - 2014-06-20 17:31 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-20 17:31 - 2014-06-20 17:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-20 17:31 - 2014-06-20 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-20 17:30 - 2014-06-20 17:30 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Marvin\Downloads\SkypeSetup.exe
2014-06-20 11:25 - 2014-06-20 11:25 - 00288418 _____ () C:\Windows\msxml4-KB973688-deu.LOG
2014-06-20 10:19 - 2014-06-20 10:19 - 00015881 _____ () C:\ComboFix.txt
2014-06-20 10:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-20 10:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-20 10:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-20 10:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-20 10:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-20 10:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-20 10:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-20 10:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-20 10:10 - 2014-06-20 10:19 - 00000000 ____D () C:\Qoobox
2014-06-20 10:10 - 2014-06-20 10:18 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 10:08 - 2014-06-20 10:08 - 05207168 ____R (Swearware) C:\Users\Marvin\Desktop\ComboFix.exe
2014-06-19 19:29 - 2014-06-19 19:30 - 00294046 _____ () C:\Windows\msxml4-KB954430-deu.LOG
2014-06-19 19:29 - 2014-06-19 19:29 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-19 01:37 - 2014-06-19 01:37 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft Games
2014-06-19 01:33 - 2014-06-19 01:33 - 00002128 _____ () C:\Users\Public\Desktop\Rise Of Nations.lnk
2014-06-18 14:28 - 2014-06-21 14:51 - 00011938 _____ () C:\Users\Marvin\Downloads\FRST.txt
2014-06-18 14:28 - 2014-06-18 14:29 - 00022142 _____ () C:\Users\Marvin\Downloads\Addition.txt
2014-06-18 14:27 - 2014-06-21 14:51 - 02083328 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe
2014-06-18 14:27 - 2014-06-21 14:51 - 00000000 ____D () C:\FRST
2014-06-18 12:44 - 2014-06-18 12:44 - 02347384 _____ (ESET) C:\Users\Marvin\Downloads\esetsmartinstaller_deu.exe
2014-06-18 12:44 - 2014-06-18 12:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-18 12:22 - 2014-06-18 12:22 - 00275336 _____ () C:\Windows\Minidump\061814-36800-01.dmp
2014-06-18 01:40 - 2014-06-18 01:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-18 01:40 - 2014-06-18 01:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-18 01:40 - 2014-06-18 01:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-18 01:40 - 2014-06-18 01:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-18 01:40 - 2014-06-18 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-18 01:40 - 2014-06-18 01:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-18 01:38 - 2014-06-18 01:38 - 00284288 _____ (Mozilla) C:\Users\Marvin\Downloads\Firefox Setup Stub 30.0.exe
2014-06-18 01:38 - 2014-06-18 01:38 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-18 01:38 - 2014-06-18 01:38 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-18 01:38 - 2014-06-18 01:38 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Mozilla
2014-06-18 01:25 - 2014-06-18 01:25 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 01:24 - 2014-06-18 01:25 - 01016261 _____ (Thisisu) C:\Users\Marvin\Downloads\JRT.exe
2014-06-18 00:57 - 2014-06-18 00:58 - 00275336 _____ () C:\Windows\Minidump\061814-16770-01.dmp
2014-06-18 00:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-18 00:50 - 2014-06-21 14:32 - 00000000 ____D () C:\AdwCleaner
2014-06-18 00:50 - 2014-06-18 00:50 - 01333465 _____ () C:\Users\Marvin\Desktop\adwcleaner_3.212.exe
2014-06-18 00:41 - 2014-06-18 02:18 - 00000000 ____D () C:\Users\Marvin\Desktop\mbar
2014-06-18 00:41 - 2014-06-18 02:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-18 00:40 - 2014-06-18 00:41 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Marvin\Downloads\mbar-1.07.0.1012.exe
2014-06-18 00:07 - 2014-06-18 00:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-18 00:07 - 2014-06-18 00:07 - 00001905 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-06-18 00:07 - 2014-06-18 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-18 00:07 - 2014-06-18 00:07 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-18 00:06 - 2014-06-18 00:06 - 10971424 _____ (SurfRight B.V.) C:\Users\Marvin\Downloads\hitmanpro_x64.exe
2014-06-18 00:00 - 2014-06-21 14:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 23:59 - 2014-06-18 02:18 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-17 23:59 - 2014-06-17 23:59 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-17 23:59 - 2014-06-17 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-17 23:59 - 2014-06-17 23:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-17 23:59 - 2014-06-17 23:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-17 23:59 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-17 23:59 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-17 23:58 - 2014-06-17 23:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marvin\Downloads\mbamsetup_20730.exe
2014-06-17 23:44 - 2014-06-17 23:45 - 01258032 _____ () C:\Users\Marvin\Downloads\avg_remover_bootkit.exe
2014-06-17 23:43 - 2014-06-17 23:43 - 11423432 _____ (Bitdefender LLC) C:\Users\Marvin\Downloads\BootkitRemoval_x64.exe
2014-06-17 23:40 - 2014-06-17 23:40 - 15258612 _____ () C:\Users\Marvin\Downloads\Rootkit_Remover_3022.zip
2014-06-17 23:39 - 2014-06-17 23:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Bitdefender Rootkit Remover - CHIP-Installer.exe
2014-06-17 23:16 - 2014-06-17 23:16 - 00262144 _____ () C:\Windows\Minidump\061714-21918-01.dmp
2014-06-17 22:18 - 2014-06-20 22:18 - 00000000 ____D () C:\Users\Marvin\Documents\OpenTTD
2014-06-17 22:17 - 2014-06-17 22:18 - 00000000 ____D () C:\Program Files\OpenTTD
2014-06-17 22:17 - 2014-06-17 22:17 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\OpenTTD 64 Bit - CHIP-Installer.exe
2014-06-17 22:17 - 2014-06-17 22:17 - 00000796 _____ () C:\Users\Public\Desktop\OpenTTD.lnk
2014-06-17 22:17 - 2014-06-17 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
2014-06-17 22:16 - 2014-06-17 22:16 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\OpenTTD 32 Bit - CHIP-Installer.exe
2014-06-17 21:53 - 2014-06-17 21:53 - 00000000 __SHD () C:\Users\Marvin\AppData\Local\EmieUserList
2014-06-17 21:53 - 2014-06-17 21:53 - 00000000 __SHD () C:\Users\Marvin\AppData\Local\EmieSiteList
2014-06-17 21:49 - 2014-06-17 21:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-17 21:49 - 2014-06-17 21:49 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-17 20:40 - 2014-06-20 22:43 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-17 20:40 - 2014-06-19 01:37 - 00000000 ____D () C:\Users\Marvin\Documents\My Games
2014-06-17 20:40 - 2014-06-19 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-06-17 20:40 - 2014-06-17 20:45 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-06-17 20:39 - 2014-06-19 01:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-06-17 20:28 - 2014-06-17 20:28 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Demo Rise of Nations Rise of Legends - CHIP-Installer.exe
2014-06-17 20:21 - 2014-06-17 20:21 - 00000000 ____D () C:\Users\Marvin\Documents\Warzone 2100 3.1
2014-06-17 20:20 - 2014-06-17 20:20 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00001094 _____ () C:\Users\Public\Desktop\Warzone 2100-3.1.1.lnk
2014-06-17 20:20 - 2014-06-17 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warzone 2100-3.1.1
2014-06-17 20:20 - 2014-06-17 20:20 - 00000000 ____D () C:\Program Files (x86)\Warzone 2100-3.1.1
2014-06-17 20:20 - 2014-06-17 20:20 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-06-17 20:19 - 2014-06-17 20:19 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Warzone 2100 - CHIP-Installer.exe
2014-06-16 13:53 - 2014-06-16 13:54 - 26201511 _____ () C:\Users\Marvin\Desktop\UST Skript.zip
2014-06-15 22:02 - 2014-06-15 22:02 - 00605935 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version 9b (1).pptx
2014-06-15 22:02 - 2014-06-15 22:02 - 00483022 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version10 (1).pptx
2014-06-15 21:47 - 2014-06-15 22:01 - 00594521 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version 9b.pptx
2014-06-15 21:46 - 2014-06-15 21:46 - 00563347 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version11.pptx
2014-06-15 21:46 - 2014-06-15 21:46 - 00483022 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version10.pptx
2014-06-15 21:45 - 2014-06-15 21:45 - 00615646 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version12 (1).pptx
2014-06-15 21:24 - 2014-06-15 21:36 - 00604382 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version12.pptx
2014-06-14 14:02 - 2014-06-14 14:02 - 00099840 _____ () C:\Users\Marvin\Downloads\SWOT_Analyse_06_2013.xls
2014-06-14 13:57 - 2014-06-14 14:27 - 00362427 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version 4.pptx
2014-06-12 12:51 - 2014-06-12 12:51 - 00275336 _____ () C:\Windows\Minidump\061214-16364-01.dmp
2014-06-12 12:00 - 2014-06-20 11:24 - 00300809 _____ () C:\Users\Marvin\Desktop\Zinsstrukturkurven und Credit Spread 1.1.pptx
2014-06-12 11:54 - 2014-06-12 11:54 - 00275336 _____ () C:\Windows\Minidump\061214-16832-01.dmp
2014-06-12 11:50 - 2014-06-12 11:50 - 00000000 ____D () C:\Users\Marvin\AppData\OICE_15_974FA576_32C1D314_2FA6
2014-06-12 09:21 - 2014-06-12 09:21 - 00000165 ____H () C:\Users\Marvin\Desktop\~$Zinsstrukturkurven und Credit Spread.pptx
2014-06-11 15:30 - 2014-06-12 10:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 14:07 - 2014-06-11 14:07 - 01760822 _____ () C:\Users\Marvin\Downloads\4.5 Aktuelle Entwicklung auf den Finanzmärkten-1.pptx
2014-06-11 13:36 - 2014-06-11 13:36 - 00327025 _____ () C:\Users\Marvin\Downloads\1.5 Sonderformen der Finanzierung (Factoring, Forfaitierung) Rachid Chaatouf (2).pptx
2014-06-11 13:31 - 2014-06-11 13:31 - 03575808 _____ () C:\Users\Marvin\Downloads\3.2 Finanzplanung 30.05.2014.ppt
2014-06-11 13:31 - 2014-06-11 13:31 - 00327025 _____ () C:\Users\Marvin\Downloads\1.5 Sonderformen der Finanzierung (Factoring, Forfaitierung) Rachid Chaatouf (1).pptx
2014-06-11 13:27 - 2014-06-11 13:27 - 01180160 _____ () C:\Users\Marvin\Downloads\3.3 Portfoliotheorie_30.5.2014.ppt
2014-06-11 13:27 - 2014-06-11 13:27 - 00516096 _____ () C:\Users\Marvin\Downloads\4.1 Bankenstruktur Präsentation.ppt
2014-06-11 13:26 - 2014-06-11 13:26 - 00204135 _____ () C:\Users\Marvin\Downloads\1.3  Fremdfinanzierung mit Effekten - Michael Bohrmann.pptx
2014-06-11 13:25 - 2014-06-11 13:25 - 00327025 _____ () C:\Users\Marvin\Downloads\1.5 Sonderformen der Finanzierung (Factoring, Forfaitierung) Rachid Chaatouf.pptx
2014-06-11 13:24 - 2014-06-11 13:24 - 00275023 _____ () C:\Users\Marvin\Downloads\1.3 Kreditfinanzierung - Al-sharqi.pptx
2014-06-11 12:02 - 2014-06-11 12:02 - 01236480 _____ () C:\Users\Marvin\Downloads\Geld_5.ppt
2014-06-11 12:02 - 2014-06-11 12:02 - 00975360 _____ () C:\Users\Marvin\Downloads\Geld_6.ppt
2014-06-11 11:59 - 2014-06-11 11:59 - 01243136 _____ () C:\Users\Marvin\Downloads\Geld_7.ppt
2014-06-11 08:22 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 08:22 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 08:22 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 08:22 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 08:22 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 08:22 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 08:22 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 08:22 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 08:22 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 08:22 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 08:22 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 08:22 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 08:22 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 08:22 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 08:22 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 08:22 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 08:22 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 08:22 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 08:22 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 08:22 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 08:22 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 08:22 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 08:22 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 08:22 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 08:22 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 08:22 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 08:22 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 08:22 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 08:22 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 08:22 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 08:22 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 08:22 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 08:22 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 08:22 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 08:22 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 08:22 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 08:22 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 08:22 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 08:22 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 08:22 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 08:22 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 08:22 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 08:22 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 08:22 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 08:22 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 08:22 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 08:22 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 08:22 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 08:22 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 08:22 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 08:22 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 08:22 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 08:22 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 08:22 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 08:22 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 08:22 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 08:22 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 08:22 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 08:22 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 08:22 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 08:22 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 08:22 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 08:22 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 08:22 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 08:22 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-06 13:26 - 2014-06-06 13:26 - 00262144 _____ () C:\Windows\Minidump\060614-42104-01.dmp
2014-05-24 18:27 - 2014-05-24 18:27 - 00275336 _____ () C:\Windows\Minidump\052414-20108-01.dmp
2014-05-24 18:12 - 2014-05-24 18:12 - 00000222 _____ () C:\Users\Marvin\Desktop\Neverwinter.url
2014-05-24 18:01 - 2014-06-20 20:29 - 00112770 _____ () C:\Windows\DirectX.log
2014-05-24 18:01 - 2014-05-24 18:01 - 00000000 ____D () C:\Users\Marvin\Documents\Spiele
2014-05-24 18:01 - 2014-05-24 18:01 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Gas Powered Games
2014-05-24 17:38 - 2014-05-24 17:38 - 00000221 _____ () C:\Users\Marvin\Desktop\Supreme Commander 2.url
2014-05-22 14:17 - 2014-05-22 14:17 - 00262144 _____ () C:\Windows\Minidump\052214-15490-01.dmp

==================== One Month Modified Files and Folders =======

2014-06-21 14:51 - 2014-06-21 14:51 - 00000000 ____D () C:\Users\Marvin\Downloads\FRST-OlderVersion
2014-06-21 14:51 - 2014-06-21 14:49 - 00000758 _____ () C:\Users\Marvin\Desktop\JRT.txt
2014-06-21 14:51 - 2014-06-18 14:28 - 00011938 _____ () C:\Users\Marvin\Downloads\FRST.txt
2014-06-21 14:51 - 2014-06-18 14:27 - 02083328 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe
2014-06-21 14:51 - 2014-06-18 14:27 - 00000000 ____D () C:\FRST
2014-06-21 14:51 - 2014-04-02 17:43 - 00161638 _____ () C:\Windows\setupact.log
2014-06-21 14:41 - 2014-02-26 17:18 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Spotify
2014-06-21 14:41 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-21 14:41 - 2009-07-14 06:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 14:40 - 2014-06-21 14:40 - 01016261 _____ (Thisisu) C:\Users\Marvin\Desktop\JRT(1).exe
2014-06-21 14:40 - 2014-02-26 13:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-21 14:39 - 2014-06-21 14:39 - 00001596 _____ () C:\Users\Marvin\Desktop\AdwCleaner[S4].txt
2014-06-21 14:37 - 2014-02-26 13:01 - 02001262 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 14:33 - 2014-04-03 11:20 - 00021676 _____ () C:\Windows\PFRO.log
2014-06-21 14:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-21 14:32 - 2014-06-18 00:50 - 00000000 ____D () C:\AdwCleaner
2014-06-21 14:30 - 2014-06-21 14:30 - 00001159 _____ () C:\Users\Marvin\Desktop\mbam.txt
2014-06-21 14:21 - 2014-06-18 00:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 00:02 - 2014-03-18 13:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-20 22:43 - 2014-06-17 20:40 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-20 22:41 - 2014-06-20 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IndustrieGigant 2
2014-06-20 22:40 - 2014-06-20 22:39 - 00000000 ____D () C:\Program Files (x86)\IndustrieGigant 2
2014-06-20 22:38 - 2014-06-20 22:32 - 00000000 ____D () C:\Users\Marvin\Downloads\Industry Gigant II - Gold Edition 2012
2014-06-20 22:32 - 2014-06-20 22:32 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Nexway
2014-06-20 22:32 - 2014-06-20 22:31 - 02113208 _____ (Nexway) C:\Users\Marvin\Downloads\downloadManager_21866910.exe
2014-06-20 22:18 - 2014-06-17 22:18 - 00000000 ____D () C:\Users\Marvin\Documents\OpenTTD
2014-06-20 22:17 - 2014-03-01 23:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-20 22:16 - 2014-02-27 13:56 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\TS3Client
2014-06-20 21:45 - 2014-02-26 13:48 - 00000000 ____D () C:\Users\Marvin\AppData\Local\PMB Files
2014-06-20 20:29 - 2014-05-24 18:01 - 00112770 _____ () C:\Windows\DirectX.log
2014-06-20 19:58 - 2014-06-20 19:58 - 00000222 _____ () C:\Users\Marvin\Desktop\Total War ROME II.url
2014-06-20 19:57 - 2014-06-20 17:32 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Skype
2014-06-20 17:32 - 2014-06-20 17:32 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Skype
2014-06-20 17:32 - 2014-06-20 17:31 - 00000000 ____D () C:\ProgramData\Skype
2014-06-20 17:31 - 2014-06-20 17:31 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-20 17:31 - 2014-06-20 17:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-20 17:31 - 2014-06-20 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-20 17:30 - 2014-06-20 17:30 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Marvin\Downloads\SkypeSetup.exe
2014-06-20 11:25 - 2014-06-20 11:25 - 00288418 _____ () C:\Windows\msxml4-KB973688-deu.LOG
2014-06-20 11:24 - 2014-06-12 12:00 - 00300809 _____ () C:\Users\Marvin\Desktop\Zinsstrukturkurven und Credit Spread 1.1.pptx
2014-06-20 10:45 - 2009-07-14 19:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-06-20 10:45 - 2009-07-14 19:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-06-20 10:45 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-20 10:19 - 2014-06-20 10:19 - 00015881 _____ () C:\ComboFix.txt
2014-06-20 10:19 - 2014-06-20 10:10 - 00000000 ____D () C:\Qoobox
2014-06-20 10:19 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-20 10:18 - 2014-06-20 10:10 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 10:17 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-20 10:08 - 2014-06-20 10:08 - 05207168 ____R (Swearware) C:\Users\Marvin\Desktop\ComboFix.exe
2014-06-19 19:30 - 2014-06-19 19:29 - 00294046 _____ () C:\Windows\msxml4-KB954430-deu.LOG
2014-06-19 19:29 - 2014-06-19 19:29 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-19 18:17 - 2014-02-26 13:48 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-19 01:37 - 2014-06-19 01:37 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft Games
2014-06-19 01:37 - 2014-06-17 20:40 - 00000000 ____D () C:\Users\Marvin\Documents\My Games
2014-06-19 01:33 - 2014-06-19 01:33 - 00002128 _____ () C:\Users\Public\Desktop\Rise Of Nations.lnk
2014-06-19 01:33 - 2014-06-17 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-06-19 01:30 - 2014-06-17 20:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-06-19 00:24 - 2014-02-26 17:18 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Spotify
2014-06-18 22:36 - 2014-04-02 18:04 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-18 14:29 - 2014-06-18 14:28 - 00022142 _____ () C:\Users\Marvin\Downloads\Addition.txt
2014-06-18 12:44 - 2014-06-18 12:44 - 02347384 _____ (ESET) C:\Users\Marvin\Downloads\esetsmartinstaller_deu.exe
2014-06-18 12:44 - 2014-06-18 12:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-18 12:22 - 2014-06-18 12:22 - 00275336 _____ () C:\Windows\Minidump\061814-36800-01.dmp
2014-06-18 12:22 - 2014-04-05 11:58 - 383190026 _____ () C:\Windows\MEMORY.DMP
2014-06-18 12:22 - 2014-03-03 14:06 - 00000000 ____D () C:\Windows\Minidump
2014-06-18 11:54 - 2014-02-26 13:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 02:18 - 2014-06-18 00:41 - 00000000 ____D () C:\Users\Marvin\Desktop\mbar
2014-06-18 02:18 - 2014-06-18 00:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-18 02:18 - 2014-06-17 23:59 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-18 01:40 - 2014-06-18 01:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-18 01:40 - 2014-06-18 01:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-18 01:40 - 2014-06-18 01:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-18 01:40 - 2014-06-18 01:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-18 01:40 - 2014-06-18 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-18 01:40 - 2014-06-18 01:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-18 01:40 - 2014-03-18 13:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-18 01:40 - 2014-02-28 15:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-18 01:40 - 2014-02-28 15:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-18 01:38 - 2014-06-18 01:38 - 00284288 _____ (Mozilla) C:\Users\Marvin\Downloads\Firefox Setup Stub 30.0.exe
2014-06-18 01:38 - 2014-06-18 01:38 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-18 01:38 - 2014-06-18 01:38 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-18 01:38 - 2014-06-18 01:38 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Mozilla
2014-06-18 01:38 - 2014-05-11 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 01:35 - 2014-02-26 13:09 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-18 01:25 - 2014-06-18 01:25 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 01:25 - 2014-06-18 01:24 - 01016261 _____ (Thisisu) C:\Users\Marvin\Downloads\JRT.exe
2014-06-18 01:09 - 2014-04-27 21:58 - 00000000 ____D () C:\Program Files (x86)\Red Eye Remover Pro
2014-06-18 00:58 - 2014-06-18 00:57 - 00275336 _____ () C:\Windows\Minidump\061814-16770-01.dmp
2014-06-18 00:50 - 2014-06-18 00:50 - 01333465 _____ () C:\Users\Marvin\Desktop\adwcleaner_3.212.exe
2014-06-18 00:41 - 2014-06-18 00:40 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Marvin\Downloads\mbar-1.07.0.1012.exe
2014-06-18 00:15 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2014-06-18 00:14 - 2014-06-18 00:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-18 00:07 - 2014-06-18 00:07 - 00001905 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-06-18 00:07 - 2014-06-18 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-18 00:07 - 2014-06-18 00:07 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-18 00:06 - 2014-06-18 00:06 - 10971424 _____ (SurfRight B.V.) C:\Users\Marvin\Downloads\hitmanpro_x64.exe
2014-06-17 23:59 - 2014-06-17 23:59 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-17 23:59 - 2014-06-17 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-17 23:59 - 2014-06-17 23:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-17 23:59 - 2014-06-17 23:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-17 23:58 - 2014-06-17 23:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marvin\Downloads\mbamsetup_20730.exe
2014-06-17 23:45 - 2014-06-17 23:44 - 01258032 _____ () C:\Users\Marvin\Downloads\avg_remover_bootkit.exe
2014-06-17 23:43 - 2014-06-17 23:43 - 11423432 _____ (Bitdefender LLC) C:\Users\Marvin\Downloads\BootkitRemoval_x64.exe
2014-06-17 23:40 - 2014-06-17 23:40 - 15258612 _____ () C:\Users\Marvin\Downloads\Rootkit_Remover_3022.zip
2014-06-17 23:39 - 2014-06-17 23:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Bitdefender Rootkit Remover - CHIP-Installer.exe
2014-06-17 23:16 - 2014-06-17 23:16 - 00262144 _____ () C:\Windows\Minidump\061714-21918-01.dmp
2014-06-17 22:18 - 2014-06-17 22:17 - 00000000 ____D () C:\Program Files\OpenTTD
2014-06-17 22:17 - 2014-06-17 22:17 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\OpenTTD 64 Bit - CHIP-Installer.exe
2014-06-17 22:17 - 2014-06-17 22:17 - 00000796 _____ () C:\Users\Public\Desktop\OpenTTD.lnk
2014-06-17 22:17 - 2014-06-17 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
2014-06-17 22:16 - 2014-06-17 22:16 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\OpenTTD 32 Bit - CHIP-Installer.exe
2014-06-17 21:53 - 2014-06-17 21:53 - 00000000 __SHD () C:\Users\Marvin\AppData\Local\EmieUserList
2014-06-17 21:53 - 2014-06-17 21:53 - 00000000 __SHD () C:\Users\Marvin\AppData\Local\EmieSiteList
2014-06-17 21:51 - 2014-02-26 13:08 - 00116216 _____ () C:\Users\Marvin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-17 21:50 - 2009-07-14 06:45 - 00459448 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-17 21:49 - 2014-06-17 21:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-17 21:49 - 2014-06-17 21:49 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-17 21:49 - 2014-02-26 13:10 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-17 21:49 - 2014-02-26 13:09 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-17 21:49 - 2014-02-26 13:09 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-17 21:49 - 2014-02-26 13:09 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-17 21:49 - 2014-02-26 13:09 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-17 21:49 - 2014-02-26 13:09 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-17 21:49 - 2014-02-26 13:09 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-17 21:49 - 2014-02-26 13:09 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-17 21:49 - 2014-02-26 13:09 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-17 20:45 - 2014-06-17 20:40 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-06-17 20:45 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-17 20:40 - 2014-02-26 23:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-17 20:28 - 2014-06-17 20:28 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Demo Rise of Nations Rise of Legends - CHIP-Installer.exe
2014-06-17 20:21 - 2014-06-17 20:21 - 00000000 ____D () C:\Users\Marvin\Documents\Warzone 2100 3.1
2014-06-17 20:20 - 2014-06-17 20:20 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-06-17 20:20 - 2014-06-17 20:20 - 00001094 _____ () C:\Users\Public\Desktop\Warzone 2100-3.1.1.lnk
2014-06-17 20:20 - 2014-06-17 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warzone 2100-3.1.1
2014-06-17 20:20 - 2014-06-17 20:20 - 00000000 ____D () C:\Program Files (x86)\Warzone 2100-3.1.1
2014-06-17 20:20 - 2014-06-17 20:20 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-06-17 20:19 - 2014-06-17 20:19 - 00961360 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Warzone 2100 - CHIP-Installer.exe
2014-06-16 13:54 - 2014-06-16 13:53 - 26201511 _____ () C:\Users\Marvin\Desktop\UST Skript.zip
2014-06-15 22:02 - 2014-06-15 22:02 - 00605935 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version 9b (1).pptx
2014-06-15 22:02 - 2014-06-15 22:02 - 00483022 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version10 (1).pptx
2014-06-15 22:01 - 2014-06-15 21:47 - 00594521 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version 9b.pptx
2014-06-15 21:46 - 2014-06-15 21:46 - 00563347 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version11.pptx
2014-06-15 21:46 - 2014-06-15 21:46 - 00483022 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version10.pptx
2014-06-15 21:45 - 2014-06-15 21:45 - 00615646 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version12 (1).pptx
2014-06-15 21:36 - 2014-06-15 21:24 - 00604382 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version12.pptx
2014-06-14 14:27 - 2014-06-14 13:57 - 00362427 _____ () C:\Users\Marvin\Downloads\Planspiel Hauptversammlung Version 4.pptx
2014-06-14 14:02 - 2014-06-14 14:02 - 00099840 _____ () C:\Users\Marvin\Downloads\SWOT_Analyse_06_2013.xls
2014-06-13 11:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 10:42 - 2014-04-29 14:10 - 00000000 ____D () C:\Users\Marvin\Desktop\Bewerbung
2014-06-12 12:51 - 2014-06-12 12:51 - 00275336 _____ () C:\Windows\Minidump\061214-16364-01.dmp
2014-06-12 11:54 - 2014-06-12 11:54 - 00275336 _____ () C:\Windows\Minidump\061214-16832-01.dmp
2014-06-12 11:50 - 2014-06-12 11:50 - 00000000 ____D () C:\Users\Marvin\AppData\OICE_15_974FA576_32C1D314_2FA6
2014-06-12 10:56 - 2014-06-11 15:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-12 09:21 - 2014-06-12 09:21 - 00000165 ____H () C:\Users\Marvin\Desktop\~$Zinsstrukturkurven und Credit Spread.pptx
2014-06-12 00:09 - 2014-02-28 15:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:08 - 2014-02-28 15:53 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 14:07 - 2014-06-11 14:07 - 01760822 _____ () C:\Users\Marvin\Downloads\4.5 Aktuelle Entwicklung auf den Finanzmärkten-1.pptx
2014-06-11 13:36 - 2014-06-11 13:36 - 00327025 _____ () C:\Users\Marvin\Downloads\1.5 Sonderformen der Finanzierung (Factoring, Forfaitierung) Rachid Chaatouf (2).pptx
2014-06-11 13:31 - 2014-06-11 13:31 - 03575808 _____ () C:\Users\Marvin\Downloads\3.2 Finanzplanung 30.05.2014.ppt
2014-06-11 13:31 - 2014-06-11 13:31 - 00327025 _____ () C:\Users\Marvin\Downloads\1.5 Sonderformen der Finanzierung (Factoring, Forfaitierung) Rachid Chaatouf (1).pptx
2014-06-11 13:27 - 2014-06-11 13:27 - 01180160 _____ () C:\Users\Marvin\Downloads\3.3 Portfoliotheorie_30.5.2014.ppt
2014-06-11 13:27 - 2014-06-11 13:27 - 00516096 _____ () C:\Users\Marvin\Downloads\4.1 Bankenstruktur Präsentation.ppt
2014-06-11 13:26 - 2014-06-11 13:26 - 00204135 _____ () C:\Users\Marvin\Downloads\1.3  Fremdfinanzierung mit Effekten - Michael Bohrmann.pptx
2014-06-11 13:25 - 2014-06-11 13:25 - 00327025 _____ () C:\Users\Marvin\Downloads\1.5 Sonderformen der Finanzierung (Factoring, Forfaitierung) Rachid Chaatouf.pptx
2014-06-11 13:24 - 2014-06-11 13:24 - 00275023 _____ () C:\Users\Marvin\Downloads\1.3 Kreditfinanzierung - Al-sharqi.pptx
2014-06-11 12:02 - 2014-06-11 12:02 - 01236480 _____ () C:\Users\Marvin\Downloads\Geld_5.ppt
2014-06-11 12:02 - 2014-06-11 12:02 - 00975360 _____ () C:\Users\Marvin\Downloads\Geld_6.ppt
2014-06-11 11:59 - 2014-06-11 11:59 - 01243136 _____ () C:\Users\Marvin\Downloads\Geld_7.ppt
2014-06-06 13:26 - 2014-06-06 13:26 - 00262144 _____ () C:\Windows\Minidump\060614-42104-01.dmp
2014-06-03 10:49 - 2014-05-13 17:43 - 00000000 ____D () C:\Users\Marvin\Desktop\Bewerbungsunterlagen
2014-05-30 12:21 - 2014-06-11 08:22 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 08:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 08:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 08:22 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 08:22 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 08:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 08:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 08:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 08:22 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 08:22 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 08:22 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 08:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 08:22 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 08:22 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 08:22 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 08:22 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 08:22 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 08:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 08:22 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 08:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 08:22 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 08:22 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 08:22 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 08:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 08:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 08:22 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 08:22 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 08:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 08:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 08:22 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 08:22 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 08:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 08:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 08:22 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 08:22 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 08:22 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 08:22 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 08:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 08:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 08:22 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 08:22 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 08:22 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 08:22 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 08:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 08:22 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 08:22 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 08:22 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 08:22 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 08:22 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 08:22 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 08:22 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 08:22 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-24 18:27 - 2014-05-24 18:27 - 00275336 _____ () C:\Windows\Minidump\052414-20108-01.dmp
2014-05-24 18:12 - 2014-05-24 18:12 - 00000222 _____ () C:\Users\Marvin\Desktop\Neverwinter.url
2014-05-24 18:01 - 2014-05-24 18:01 - 00000000 ____D () C:\Users\Marvin\Documents\Spiele
2014-05-24 18:01 - 2014-05-24 18:01 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Gas Powered Games
2014-05-24 17:38 - 2014-05-24 17:38 - 00000221 _____ () C:\Users\Marvin\Desktop\Supreme Commander 2.url
2014-05-22 14:17 - 2014-05-22 14:17 - 00262144 _____ () C:\Windows\Minidump\052214-15490-01.dmp

Some content of TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-19 11:01

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01
Ran by Marvin at 2014-06-21 14:52:11
Running from C:\Users\Marvin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Accelerated Video Transcoding (Version: 13.30.100.40223 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{A081D35B-0AF0-588A-D0D6-259D25C03E50}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Cities in Motion (HKLM-x32\...\Steam App 73010) (Version:  - Colossal Order Ltd.)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
IndustrieGigant 2 (HKLM-x32\...\{8D914DD2-F3CE-44E4-9498-E7EED093281C}_is1) (Version:  - UIG GmbH)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Rise Of Nations (HKLM-x32\...\RiseOfNations 1.0) (Version:  - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version:  - Novawave Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7316 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
OpenTTD 1.4.1 (HKLM-x32\...\OpenTTD) (Version: 1.4.1 - OpenTTD)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
RedEye (remove only) (HKLM-x32\...\RedEye) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Warzone 2100-3.1.1 (HKLM-x32\...\Warzone 2100-3.1.1) (Version: 3.1.1 - Warzone 2100 Project)

==================== Restore Points  =========================

17-06-2014 19:47:54 Uniblue SpeedUpMyPC installation
17-06-2014 19:47:58 avast! antivirus system restore point
19-06-2014 17:29:25 Windows Update
20-06-2014 09:25:04 Windows Update
20-06-2014 18:28:27 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {5954C638-A135-44FA-998C-6A0F79F3AA14} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-17] (AVAST Software)
Task: {5B2D39AD-EB98-4A0E-ABDB-AEE0F5C2272A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-18] (Adobe Systems Incorporated)
Task: {7BCBEAC7-02A6-4E37-AC17-3AC06B94C994} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {CF04552D-3505-4D6E-B021-967DB37A4178} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-18] (Microsoft Corporation)
Task: {F7A25FB9-79D1-43B8-A1C0-67CB6172727F} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-02 18:04 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-26 23:54 - 2009-05-07 10:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-02-26 23:54 - 2009-05-07 10:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-02-26 23:54 - 2008-01-18 08:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2014-02-26 23:54 - 2009-11-03 05:12 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2009-08-10 17:01 - 2009-08-10 17:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-10 17:00 - 2009-08-10 17:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-10 17:01 - 2009-08-10 17:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2009-08-10 17:01 - 2009-08-10 17:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-06-21 14:18 - 2014-06-21 14:18 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062100\algo.dll
2014-02-27 00:01 - 2009-03-19 23:35 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2014-02-27 00:01 - 2009-03-19 23:35 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2014-02-27 00:01 - 2009-01-15 15:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2014-02-26 13:09 - 2014-02-26 13:09 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (06/21/2014 02:51:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 6143.23 MB
Available physical RAM: 4703.3 MB
Total Pagefile: 12284.63 MB
Available Pagefile: 10660.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:368.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RON) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A3543337)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 22.06.2014, 06:51

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Hitmanpro findet Proxyserver auf diesem Computer (Benutzer)

Plagegeister aller Art und deren Bekämpfung: Hitmanpro findet Proxyserver auf diesem Computer (Benutzer)