Malwarebytes-Systemscan: Wie mit Ergebnis (19 Bedrohungen) umgehen?

Tbsc · 09.07.2014, 00:56

Hallo,

ich habe mit Malwarebytes einen Suchlauf gestartet und dabei 19 potenzielle Bedrohungen gefunden. Nun weiß ich nicht, ob diese alle sicher entfernt werden können und wenn ja, wie?

Desweiteren würde ich gerne wissen, wie man solcher Malware vorbeugen kann (habe als Anti-Viren-Programm avast).

Vielen Dank im Vorraus.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.07.2014
Suchlauf-Zeit: 01:23:55
Logdatei: log17.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.08.12
Rootkit Datenbank: v2014.07.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Theo

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 306924
Verstrichene Zeit: 10 Min, 28 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 11
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [e23afba20b70ee48f51ed5b39b67e818], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [e23afba20b70ee48f51ed5b39b67e818], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [4fcddcc196e5a294846896f2b250de22], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [4fcddcc196e5a294846896f2b250de22], 
PUP.Optional.Babylon.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [c7552e6f5625aa8cbce32d2147bb38c8], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, , [64b8c3dadf9c51e52cf011ae7f8346ba], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1785932237-3895006296-647964263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, , [1ffdb6e7245758de36e815dd8c77f60a], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-1785932237-3895006296-647964263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Redir, , [f9230c913744c86edf41d22140c3c43c], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-1785932237-3895006296-647964263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [c05cc9d463189d99a18025ce32d13ac6], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-1785932237-3895006296-647964263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, , [22faecb13b4078bec0fe45b235ce08f8], 
PUP.Optional.BProtector.A, HKU\S-1-5-21-1785932237-3895006296-647964263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, , [25f7c7d66e0d9d99234f3db863a05aa6], 

Registrierungswerte: 2
PUP.BProtector, HKU\S-1-5-21-1785932237-3895006296-647964263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=008EB6DBC99E0A47&affID=122471&tsp=4982, , [fb21dcc1cab14de91609757d778c41bf]
PUP.BProtector, HKU\S-1-5-21-1785932237-3895006296-647964263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [da422d70e09b83b30f11e50daf54df21]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 3
PUP.Optional.OpenCandy, C:\Users\Theo\AppData\Roaming\OpenCandy, , [61bb97060378e65080be8d0e778bf40c], 
PUP.Optional.OpenCandy, C:\Users\Theo\AppData\Roaming\OpenCandy\6AFAD66890BB40959EF6561CDB5FCC00, , [61bb97060378e65080be8d0e778bf40c], 
PUP.Optional.FileScout.A, C:\Users\Theo\AppData\Roaming\File Scout, , [8894366791eabc7ae3739efd7a88a957], 

Dateien: 3
PUP.Optional.BitGuard.A, C:\Windows\System32\Tasks\BitGuard, , [df3d5548e893290d3fd58a2f4bb7d12f], 
PUP.Optional.OpenCandy, C:\Users\Theo\AppData\Roaming\OpenCandy\6AFAD66890BB40959EF6561CDB5FCC00\speedupmypcDE.exe, , [61bb97060378e65080be8d0e778bf40c], 
PUP.Optional.FileScout.A, C:\Users\Theo\AppData\Roaming\File Scout\uninst.exe, , [8894366791eabc7ae3739efd7a88a957], 

Physische Sektoren: 0
(No malicious items detected)


(end)

schrauber · 09.07.2014, 07:07

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Tbsc · 09.07.2014, 13:39

Hey, hier die beiden Dateien.

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by Theo (administrator) on THEO-PC on 09-07-2014 14:32:14
Running from C:\Users\Theo\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [100112 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-19] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-22] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
AppInit_DLLs:  c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [245432 2012-12-03] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=008EB6DBC99E0A47&affID=122471&tsp=4982
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.brothersoft.com?f=afc
SearchScopes: HKLM-x32 - DefaultScope {A84EC40C-8D72-4753-92EF-BA4BA6DC7809} URL = 
SearchScopes: HKCU - DefaultScope {A84EC40C-8D72-4753-92EF-BA4BA6DC7809} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281348&CUI=UN27970064152486027&UM=2
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {A84EC40C-8D72-4753-92EF-BA4BA6DC7809} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281348&CUI=UN27970064152486027&UM=2
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xp603m.default
FF Homepage: https://posteo.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xp603m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-09]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-01-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-02]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-10-21] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-10-21] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-09 14:32 - 2014-07-09 14:32 - 00010764 _____ () C:\Users\Theo\Desktop\FRST.txt
2014-07-09 14:31 - 2014-07-09 14:32 - 00000000 ____D () C:\FRST
2014-07-09 14:31 - 2014-07-09 14:31 - 02084352 _____ (Farbar) C:\Users\Theo\Desktop\FRST64.exe
2014-07-09 01:22 - 2014-07-09 01:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 01:22 - 2014-07-09 01:22 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-09 01:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-09 01:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-09 01:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-09 01:21 - 2014-07-09 01:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Theo\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-08 18:55 - 2014-07-08 18:55 - 00064024 _____ () C:\Users\Theo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 15:53 - 2014-07-09 14:26 - 00000112 _____ () C:\Windows\setupact.log
2014-07-08 15:53 - 2014-07-08 15:53 - 00294184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-08 15:53 - 2014-07-08 15:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-08 14:22 - 2014-07-08 14:22 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\Windows Live Writer
2014-07-08 14:22 - 2014-07-08 14:22 - 00000000 ____D () C:\Users\Theo\AppData\Local\Windows Live Writer
2014-07-08 14:03 - 2014-07-08 14:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-08 13:58 - 2014-07-08 14:51 - 00007600 _____ () C:\Users\Theo\AppData\Local\Resmon.ResmonCfg
2014-07-08 13:57 - 2014-07-08 14:00 - 00002872 _____ () C:\Windows\system32\TmInstall.log
2014-07-08 13:57 - 2014-07-08 13:57 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-07-06 15:15 - 2014-07-06 15:15 - 00000000 ____D () C:\Users\Theo\Documents\Anno 1404
2014-07-06 03:56 - 2014-07-06 03:56 - 00001050 _____ () C:\Users\Theo\Documents\cc_20140706_035603.reg
2014-07-06 03:55 - 2014-07-06 03:55 - 00010966 _____ () C:\Users\Theo\Documents\cc_20140706_035548.reg
2014-07-06 03:51 - 2014-07-06 03:51 - 00152792 _____ () C:\Users\Theo\Documents\cc_20140706_035130.reg
2014-07-06 00:18 - 2014-07-06 14:05 - 00000000 ____D () C:\Users\Theo\Desktop\ANNO 1404 (Download)
2014-06-26 19:01 - 2014-06-26 19:01 - 00000000 ____D () C:\Users\Theo\AppData\Local\PDF24
2014-06-23 18:48 - 2014-06-23 18:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 18:58 - 2013-12-21 11:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-16 18:58 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-16 18:52 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-16 18:52 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-16 18:52 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-16 18:52 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-16 18:52 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-16 18:52 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-16 18:52 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-16 18:52 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-16 18:52 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-16 18:52 - 2014-05-24 04:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-16 18:52 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-16 18:52 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-16 18:52 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-16 18:52 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-16 18:52 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-16 18:52 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-16 18:52 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-16 18:52 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-16 18:52 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-16 18:52 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-16 18:52 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-16 18:52 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-16 18:52 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-16 18:52 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-16 18:52 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-16 18:52 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-16 18:52 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-16 18:52 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-16 18:52 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-16 18:52 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-16 18:52 - 2014-05-24 03:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-16 18:52 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-16 18:52 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-16 18:52 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-16 18:52 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-16 18:52 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-16 18:52 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-16 18:52 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-16 18:52 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-16 18:52 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-16 18:52 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-16 18:52 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-16 18:52 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-16 18:52 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-16 18:52 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-16 18:52 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-16 18:52 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-16 18:52 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-16 18:52 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-06-16 18:52 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-16 18:52 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-16 18:52 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-16 18:52 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-16 18:52 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-16 18:52 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-16 18:52 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-16 18:52 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-16 18:52 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-16 18:52 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-16 18:52 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-16 18:52 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-16 18:52 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-16 18:52 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-16 18:52 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-16 18:52 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-06-16 18:52 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-06-16 18:52 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-06-16 18:52 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-06-16 18:52 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-06-16 18:52 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-06-16 18:52 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-06-16 18:52 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-06-16 18:52 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-06-16 18:52 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-06-16 18:52 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-16 18:52 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-06-16 18:52 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-06-16 18:52 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-06-16 18:52 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-06-16 18:52 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-06-16 18:52 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-06-16 18:52 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-06-16 18:52 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-06-16 18:52 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-06-16 18:52 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-06-16 18:52 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-06-16 18:49 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-06-16 18:49 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-06-15 16:26 - 2014-06-17 00:15 - 00000122 _____ () C:\Users\Theo\Desktop\to-do.txt

==================== One Month Modified Files and Folders =======

2014-07-09 14:32 - 2014-07-09 14:32 - 00010764 _____ () C:\Users\Theo\Desktop\FRST.txt
2014-07-09 14:32 - 2014-07-09 14:31 - 00000000 ____D () C:\FRST
2014-07-09 14:32 - 2012-04-10 07:42 - 01602251 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 14:31 - 2014-07-09 14:31 - 02084352 _____ (Farbar) C:\Users\Theo\Desktop\FRST64.exe
2014-07-09 14:27 - 2012-09-18 10:16 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-07-09 14:26 - 2014-07-08 15:53 - 00000112 _____ () C:\Windows\setupact.log
2014-07-09 14:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-09 01:23 - 2014-07-09 01:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 01:22 - 2014-07-09 01:22 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-09 01:21 - 2014-07-09 01:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Theo\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-08 19:01 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-08 19:01 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-08 18:55 - 2014-07-08 18:55 - 00064024 _____ () C:\Users\Theo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 15:53 - 2014-07-08 15:53 - 00294184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-08 15:53 - 2014-07-08 15:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-08 14:51 - 2014-07-08 13:58 - 00007600 _____ () C:\Users\Theo\AppData\Local\Resmon.ResmonCfg
2014-07-08 14:36 - 2011-10-19 06:24 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-07-08 14:35 - 2011-10-19 06:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-07-08 14:32 - 2012-04-10 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2014-07-08 14:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-08 14:22 - 2014-07-08 14:22 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\Windows Live Writer
2014-07-08 14:22 - 2014-07-08 14:22 - 00000000 ____D () C:\Users\Theo\AppData\Local\Windows Live Writer
2014-07-08 14:13 - 2013-01-14 12:57 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\HpUpdate
2014-07-08 14:13 - 2013-01-14 12:56 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-08 14:10 - 2013-01-14 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-08 14:04 - 2013-02-02 01:30 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-08 14:04 - 2013-02-02 01:29 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-08 14:03 - 2014-07-08 14:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-08 14:03 - 2014-06-04 20:57 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-08 14:03 - 2014-02-08 04:30 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-08 14:03 - 2013-04-09 15:24 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-08 14:03 - 2013-04-09 15:24 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-08 14:03 - 2013-02-02 01:29 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-08 14:03 - 2013-02-02 01:29 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-08 14:03 - 2013-02-02 01:29 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-08 14:03 - 2013-02-02 01:29 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-08 14:03 - 2013-02-02 01:29 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-08 14:00 - 2014-07-08 13:57 - 00002872 _____ () C:\Windows\system32\TmInstall.log
2014-07-08 13:59 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-08 13:57 - 2014-07-08 13:57 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-07-08 13:57 - 2011-10-19 06:36 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-07-08 01:07 - 2013-11-12 02:28 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\PunkBuster
2014-07-08 01:02 - 2012-04-10 07:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-08 00:50 - 2011-10-19 06:34 - 00000000 ____D () C:\ProgramData\Asus
2014-07-08 00:50 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-08 00:45 - 2011-10-19 06:26 - 00000000 ____D () C:\ProgramData\Deadtime Stories
2014-07-08 00:32 - 2012-04-10 07:57 - 00000000 ____D () C:\ProgramData\Temp
2014-07-08 00:14 - 2012-10-14 16:51 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\DVDVideoSoft
2014-07-06 15:15 - 2014-07-06 15:15 - 00000000 ____D () C:\Users\Theo\Documents\Anno 1404
2014-07-06 14:24 - 2012-10-24 17:53 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\Ubisoft
2014-07-06 14:05 - 2014-07-06 00:18 - 00000000 ____D () C:\Users\Theo\Desktop\ANNO 1404 (Download)
2014-07-06 03:56 - 2014-07-06 03:56 - 00001050 _____ () C:\Users\Theo\Documents\cc_20140706_035603.reg
2014-07-06 03:55 - 2014-07-06 03:55 - 00010966 _____ () C:\Users\Theo\Documents\cc_20140706_035548.reg
2014-07-06 03:51 - 2014-07-06 03:51 - 00152792 _____ () C:\Users\Theo\Documents\cc_20140706_035130.reg
2014-07-03 20:10 - 2013-06-24 15:14 - 00000000 ____D () C:\Windows\pss
2014-07-03 00:59 - 2011-02-19 06:24 - 00711078 _____ () C:\Windows\system32\perfh007.dat
2014-07-03 00:59 - 2011-02-19 06:24 - 00153526 _____ () C:\Windows\system32\perfc007.dat
2014-07-03 00:59 - 2009-07-14 07:13 - 01651576 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-02 01:33 - 2013-08-22 20:15 - 00000000 ____D () C:\ProgramData\Origin
2014-07-02 01:13 - 2013-08-22 20:34 - 00000000 ____D () C:\Users\Theo\Documents\FIFA 13
2014-07-01 21:24 - 2013-08-22 20:14 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-28 03:42 - 2012-04-10 07:54 - 00002466 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-06-26 19:01 - 2014-06-26 19:01 - 00000000 ____D () C:\Users\Theo\AppData\Local\PDF24
2014-06-23 18:49 - 2014-06-23 18:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 17:52 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2014-06-17 13:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-17 00:15 - 2014-06-15 16:26 - 00000122 _____ () C:\Users\Theo\Desktop\to-do.txt
2014-06-16 19:07 - 2013-04-03 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-16 19:07 - 2013-04-03 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-16 19:05 - 2013-08-21 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 18:55 - 2013-04-03 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Theo\AppData\Local\Temp\SRLDetectionLibrary6971179190119895152.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-09 00:05

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by Theo at 2014-07-09 14:33:14
Running from C:\Users\Theo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.03.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Sonic Focus (HKLM-x32\...\{B0002707-4F7E-4745-88A7-852DA8A88635}) (Version: 1.0.0.5 - Synopsys )
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
AsusScr_K3 Series_ENG_Basic (HKLM-x32\...\AsusScr_K3 Series_ENG_Basic) (Version: 1.0.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software)
Die Siedler III Gold Edition (HKLM-x32\...\S3) (Version:  - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.0.0.0 - Electronic Arts)
Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{A9C5381E-F415-4EDC-95A2-9164218FEA8A}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Hilfe (HKLM-x32\...\{6B953497-169C-4929-9AA9-A9F510347468}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
NBA 2K11 (HKLM-x32\...\{81DD0597-29EB-4FA0-8223-4F41362B2E72}) (Version: 1.0.0 - 2K Sports)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA Grafiktreiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.70 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 310.70 (Version: 310.70 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.10.69 - Electronic Arts, Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6511 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.10 - ASUS)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)
System Requirements Lab (Test) (HKLM-x32\...\{9BFD3F1F-E5FD-4358-988F-FC9A9446286D}) (Version: 6.0.3.0 - Husdawg, LLC)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)

==================== Restore Points  =========================

06-07-2014 01:53:42 Removed Studie zur Verbesserung von HP Deskjet 3520 series Produkten
06-07-2014 12:00:59 Revo Uninstaller's restore point - ANNO 1404
06-07-2014 12:07:43 DirectX wurde installiert
07-07-2014 22:13:11 Revo Uninstaller's restore point - Free YouTube to MP3 Converter version 3.12.35.514
07-07-2014 22:22:12 Revo Uninstaller's restore point - Empire Earth + Art of Conquest
07-07-2014 22:24:40 Revo Uninstaller's restore point - Galapago
07-07-2014 22:25:07 Revo Uninstaller's restore point - Galapago
07-07-2014 22:27:18 Revo Uninstaller's restore point - Go Go Gourmet Chef of the Year
07-07-2014 22:29:35 Revo Uninstaller's restore point - World of Goo
07-07-2014 22:36:18 Revo Uninstaller's restore point - Turbo Fiesta
07-07-2014 22:38:07 Revo Uninstaller's restore point - Plants vs Zombies
07-07-2014 22:40:13 Revo Uninstaller's restore point - Mahjong Memoirs
07-07-2014 22:41:38 Revo Uninstaller's restore point - Dream Vacation Solitaire
07-07-2014 22:43:08 Revo Uninstaller's restore point - Dream Day First Home
07-07-2014 22:44:50 Revo Uninstaller's restore point - Deadtime Stories
07-07-2014 22:48:10 Revo Uninstaller's restore point - Bubbletown
07-07-2014 22:50:09 Revo Uninstaller's restore point - Game Park Console
07-07-2014 22:52:12 Revo Uninstaller's restore point - HP Photo Creations
07-07-2014 22:53:57 Revo Uninstaller's restore point - CyberLink LabelPrint
07-07-2014 22:54:24 Konfiguriert LabelPrint
07-07-2014 22:57:25 Revo Uninstaller's restore point - CyberLink Media Suite
07-07-2014 22:57:47 Konfiguriert PowerStarter
07-07-2014 23:00:10 Revo Uninstaller's restore point - CyberLink Power2Go
07-07-2014 23:00:36 Konfiguriert Power2Go
07-07-2014 23:05:02 Revo Uninstaller's restore point - PunkBuster Services
08-07-2014 09:13:49 Windows Update
08-07-2014 11:45:47 Die Service Pack-Sicherungsdateien wurden entfernt.
08-07-2014 12:02:13 avast! antivirus system restore point
08-07-2014 12:09:41 Revo Uninstaller's restore point - HP Update
08-07-2014 12:10:13 Removed HP Update.
08-07-2014 12:13:32 Revo Uninstaller's restore point - Futuremark SystemInfo
08-07-2014 12:13:43 Removed Futuremark SystemInfo
08-07-2014 12:18:31 Removed ASUS Live Update
08-07-2014 12:22:41 Revo Uninstaller's restore point - Windows Live Essentials
08-07-2014 12:24:13 Windows Live Essentials
08-07-2014 12:24:43 WLSetup
08-07-2014 12:31:41 Revo Uninstaller's restore point - ASUS FaceLogon
08-07-2014 12:31:58 Removed ASUS FaceLogon
08-07-2014 12:34:47 Revo Uninstaller's restore point - ASUS Live Update
08-07-2014 12:35:02 Removed ASUS Live Update
08-07-2014 12:37:06 Revo Uninstaller's restore point - Mozilla Maintenance Service

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04D9E493-8291-4E44-AC55-B5B7DCEF6BE4} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-07] (ASUS)
Task: {25100793-81CC-4104-B59F-4740EFFDEF92} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {267792BD-5D91-4ECD-A0A1-EB0B83CB5ED5} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {4391DA42-FF30-44A6-886F-561DF0D58628} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {788C665E-C287-4A29-BD8E-1676ED9E2D91} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1785932237-3895006296-647964263-1001
Task: {8083E896-91B2-433C-8EC3-44D91926F150} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-16] (ASUS)
Task: {91C5D93F-37CC-496E-8ABE-FCD7BD86EA69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {C2EE03C5-7FCD-41CA-81BE-BF9B52008091} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-22] (ASUS)
Task: {C7F6A1D7-7F14-419D-9BD2-AD12B33BEDC1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-08] (AVAST Software)

==================== Loaded Modules (whitelisted) =============

2012-04-10 07:50 - 2012-12-01 07:49 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-01-11 10:03 - 2011-07-26 09:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-08 14:03 - 2014-07-08 14:03 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-08 19:54 - 2014-07-08 19:54 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070801\algo.dll
2014-07-09 14:27 - 2014-07-09 14:27 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070900\algo.dll
2011-12-07 01:21 - 2011-12-07 01:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-06-23 18:48 - 2014-06-23 18:49 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2007-07-12 20:11 - 2007-07-12 20:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2014-07-08 14:03 - 2014-07-08 14:03 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:2CFBE2D1
AlternateDataStreams: C:\ProgramData\Temp:373C6DC2
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5216CD26
AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:77846FFE
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:8AD1F2E0
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
AlternateDataStreams: C:\ProgramData\Temp:FEF919E6

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^Theo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Intel(R) Turbo Boost Technology Monitor 2.0.lnk => C:\Windows\pss\Intel(R) Turbo Boost Technology Monitor 2.0.lnk.Startup
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: HP Deskjet 3520 series (NET) => "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2961G5T005SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Trend Micro Client Framework => "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
MSCONFIG\startupreg: Trend Micro Titanium => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
MSCONFIG\startupreg: VizorHtmlDialog.exe => "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2014 02:55:39 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-1785932237-3895006296-647964263-1001}/">.

Error: (07/07/2014 11:59:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1558
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (07/07/2014 02:42:19 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-1785932237-3895006296-647964263-1001}/">.

Error: (07/07/2014 02:41:41 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/07/2014 02:41:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/07/2014 02:41:41 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/07/2014 02:41:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (07/07/2014 02:41:40 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/07/2014 02:41:40 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/07/2014 02:41:40 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (07/09/2014 02:28:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/09/2014 02:28:38 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/08/2014 03:55:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/08/2014 03:55:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/08/2014 02:47:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/08/2014 02:47:31 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/08/2014 02:02:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/08/2014 02:02:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/08/2014 11:10:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/08/2014 11:10:40 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (07/08/2014 02:55:39 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-1785932237-3895006296-647964263-1001}/

Error: (07/07/2014 11:59:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b155801cf9a29732664b3C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll09493901-0622-11e4-9c5c-c860005083fd

Error: (07/07/2014 02:42:19 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-1785932237-3895006296-647964263-1001}/

Error: (07/07/2014 02:41:41 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/07/2014 02:41:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/07/2014 02:41:41 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/07/2014 02:41:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (07/07/2014 02:41:40 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (07/07/2014 02:41:40 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/07/2014 02:41:40 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt


==================== Memory info =========================== 

Percentage of memory in use: 60%
Total physical RAM: 4008.14 MB
Available physical RAM: 1571.48 MB
Total Pagefile: 8014.47 MB
Available Pagefile: 5586.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:118.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:254.46 GB) (Free:210.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=186 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=254 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 10.07.2014, 11:45

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Tbsc · 10.07.2014, 12:46

Hey, habe den Windows Defender vergessen abzuschalten, hoffe das ist nicht problematisch. Unten das logfile.

Auch wurde mir beim letzten Start von Windows (vor ComoFix-Scan) angezeigt, dass Windows Bedrohliche Dateien gefunden und entfernt hat.

Code:

ATTFilter

ComboFix 14-07-08.04 - Theo 10.07.2014  13:31:41.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4008.2693 [GMT 2:00]
ausgeführt von:: c:\users\Theo\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-06-10 bis 2014-07-10  ))))))))))))))))))))))))))))))
.
.
2014-07-10 11:36 . 2014-07-10 11:36	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-07-10 11:36 . 2014-07-10 11:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-07-09 12:37 . 2014-05-30 08:08	210944	----a-w-	c:\windows\system32\wdigest.dll
2014-07-09 12:31 . 2014-07-09 12:34	--------	d-----w-	C:\FRST
2014-07-08 23:22 . 2014-07-08 23:23	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-08 23:22 . 2014-07-08 23:22	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-07-08 23:22 . 2014-07-08 23:22	--------	d-----w-	c:\programdata\Malwarebytes
2014-07-08 23:22 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-07-08 23:22 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-07-08 23:22 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-07-08 12:22 . 2014-07-08 12:22	--------	d-----w-	c:\users\Theo\AppData\Local\Windows Live Writer
2014-07-08 12:22 . 2014-07-08 12:22	--------	d-----w-	c:\users\Theo\AppData\Roaming\Windows Live Writer
2014-07-08 12:03 . 2014-07-08 12:03	43152	----a-w-	c:\windows\avastSS.scr
2014-07-08 09:14 . 2014-06-05 10:54	10779000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{96360984-3311-4D1F-AE6F-C8ED38472E5A}\mpengine.dll
2014-06-26 17:01 . 2014-06-26 17:01	--------	d-----w-	c:\users\Theo\AppData\Local\PDF24
2014-06-16 16:58 . 2013-12-21 09:39	600064	----a-w-	c:\windows\system32\vbscript.dll
2014-06-16 16:58 . 2013-12-21 07:56	523776	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-06-16 16:49 . 2014-02-04 02:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-06-16 16:49 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 01:02 . 2013-02-02 00:21	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-07-09 23:36 . 2014-02-08 00:57	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 23:36 . 2014-02-08 00:57	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 12:27 . 2012-09-18 08:16	45056	----a-w-	c:\windows\SysWow64\acovcnt.exe
2014-07-08 12:04 . 2013-02-01 23:29	427360	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-07-08 12:03 . 2014-02-08 02:30	92008	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-07-08 12:03 . 2013-04-09 13:24	224896	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-07-08 12:03 . 2013-02-01 23:29	1041168	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-07-08 12:03 . 2014-06-04 18:57	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-07-08 12:03 . 2013-04-09 13:24	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-07-08 12:03 . 2013-02-01 23:29	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-07-08 12:03 . 2013-02-01 23:29	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-07-08 12:03 . 2013-02-01 23:29	307344	----a-w-	c:\windows\system32\aswBoot.exe
2014-05-07 13:02 . 2014-06-04 19:30	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-25 15:44 . 2000-05-22 23:58	1070152	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"SonicMasterTray"="c:\program files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-08 4086432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-08 12:03	634872	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mStart Page = hxxp://isearch.brothersoft.com?f=afc
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xp603m.default\
FF - prefs.js: browser.startup.homepage - hxxps://posteo.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-S3 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1785932237-3895006296-647964263-1001\Software\SecuROM\License information*]
"datasecu"=hex:17,c7,46,5a,d6,74,7b,fa,56,7d,c2,6b,61,c4,dc,25,ac,60,02,ec,64,
   69,cc,86,20,32,4f,2b,34,6f,07,2d,68,92,e6,b2,e1,7d,88,c0,99,c6,2a,31,3d,b3,\
"rkeysecu"=hex:d2,14,9f,76,37,16,47,b6,11,fa,87,77,8d,88,12,6f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-07-10  13:38:28
ComboFix-quarantined-files.txt  2014-07-10 11:38
.
Vor Suchlauf: 12 Verzeichnis(se), 127.655.563.264 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 127.507.337.216 Bytes frei
.
- - End Of File - - 6F782151737979DFB58340BA74FC8F91

Danke für die Hilfe.

schrauber · 11.07.2014, 08:26

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Tbsc · 11.07.2014, 17:14

Hey,
bei Malwarebytes habe ich vom heutigen Tag kein Suchlauf-Protokoll drin gehabt, nur das unten eingefügte Protokoll des Updates. Ich habe zwar den Suchlauf heute durchgeführt, die gefundenen Elemente (13) in Quarantäne geschickt und den Laptop dann neu gestartet, aber danach war dort kein weiteres Suchlaufprotokoll, als das, was ich in der obrigen Antwort schon einmal gepostet habe.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 11.07.2014 17:25:47, SYSTEM, THEO-PC, Manual, Rootkit Database, 2014.7.7.1, 2014.7.9.1, 
Update, 11.07.2014 17:26:05, SYSTEM, THEO-PC, Manual, Malware Database, 2014.7.8.12, 2014.7.11.6, 

(end)

AdwCleaner-logfile

Code:

ATTFilter

# AdwCleaner v3.215 - Bericht erstellt am 11/07/2014 um 17:47:18
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Theo - THEO-PC
# Gestartet von : C:\Users\Theo\Desktop\adwcleaner_3.215.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\Theo\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Theo\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Theo\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Datei Gelöscht : C:\END

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Schlüssel Gelöscht : HKCU\Software\5b6d68ce06ebe41
Schlüssel Gelöscht : HKLM\SOFTWARE\5b6d68ce06ebe41
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xp603m.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2859 octets] - [11/07/2014 17:45:02]
AdwCleaner[S0].txt - [2603 octets] - [11/07/2014 17:47:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2663 octets] ##########

JRT-logfile

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Theo on 11.07.2014 at 17:52:52,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1785932237-3895006296-647964263-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A84EC40C-8D72-4753-92EF-BA4BA6DC7809}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{0F9D585B-354C-4DF1-8FB7-ECE103794215}
Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{1F8DD64C-5FFD-4201-AAC8-3CE5C6D12DAA}
Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{2FA3F3D1-5FAA-4614-BA9A-1AF8A594F30F}
Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{44147B6E-979B-4AF1-B6EA-84379AB0CEA1}
Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{4CDC1BA9-C345-4B04-B18E-7E153949E367}
Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{5385704E-95FB-457C-9D65-EF49137F4629}
Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{647FE59A-C985-478B-80C2-E989C9D6DE5E}
Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{733EDB95-596C-478E-8DA6-55F6C0217738}
Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{7A0EFFE7-A5A0-4E44-B36E-53936701202C}
Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{7B54AF36-5177-47C2-9087-15E79D42C7B1}
Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{91297C27-4D8D-4BDF-9FFF-14FC88590868}
Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{AA670DEE-4557-4386-944C-CA40A7B70A81}
Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{E4677C83-D959-4D87-AFD6-C924603B9771}
Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{E4B1C662-2C07-46B5-97A2-1100739D5C31}
Successfully deleted: [Empty Folder] C:\Users\Theo\appdata\local\{FDB07166-7ABD-4042-8C23-C3D75B5A7D7A}



~~~ FireFox

Emptied folder: C:\Users\Theo\AppData\Roaming\mozilla\firefox\profiles\c7xp603m.default\minidumps [94 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.07.2014 at 17:59:37,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und hier noch das FRST-logfile.

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Theo (administrator) on THEO-PC on 11-07-2014 18:08:09
Running from C:\Users\Theo\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [100112 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-19] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-22] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: c:\Windows\System32\nvinitx.dll => c:\Windows\System32\nvinitx.dll [245432 2012-12-03] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xp603m.default
FF Homepage: https://posteo.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xp603m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-10]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-01-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-02]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-10-21] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-10-21] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-11 18:05 - 2014-07-11 18:08 - 00010021 _____ () C:\Users\Theo\Desktop\FRST.txt
2014-07-11 18:04 - 2014-07-11 18:08 - 00000000 ____D () C:\Users\Theo\Desktop\FRST-OlderVersion
2014-07-11 17:59 - 2014-07-11 17:59 - 00002901 _____ () C:\Users\Theo\Desktop\JRT.txt
2014-07-11 17:52 - 2014-07-11 17:52 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 17:51 - 2014-07-11 17:51 - 01016261 _____ (Thisisu) C:\Users\Theo\Desktop\JRT.exe
2014-07-11 17:45 - 2014-07-11 17:47 - 00000000 ____D () C:\AdwCleaner
2014-07-11 17:41 - 2014-07-11 17:41 - 01348263 _____ () C:\Users\Theo\Desktop\adwcleaner_3.215.exe
2014-07-11 17:40 - 2014-07-11 17:40 - 00000258 _____ () C:\Users\Theo\Desktop\mbma.txt
2014-07-11 17:35 - 2014-07-11 17:48 - 00001706 _____ () C:\Windows\PFRO.log
2014-07-11 17:12 - 2014-07-11 17:48 - 00000168 _____ () C:\Windows\setupact.log
2014-07-11 17:12 - 2014-07-11 17:13 - 00294184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 17:12 - 2014-07-11 17:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-10 22:29 - 2014-07-10 22:29 - 00000000 ____D () C:\Users\Theo\Documents\web_of_trust_wot-20131118-fx
2014-07-10 22:29 - 2014-07-10 22:29 - 00000000 ____D () C:\Users\Theo\Documents\noscript-2.6.8.33.xpi
2014-07-10 21:56 - 2014-07-10 23:07 - 00064024 _____ () C:\Users\Theo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-10 13:38 - 2014-07-10 13:38 - 00010839 _____ () C:\ComboFix.txt
2014-07-10 13:15 - 2014-07-10 13:38 - 00000000 ____D () C:\Qoobox
2014-07-10 13:15 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-10 13:15 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-10 13:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-10 13:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-10 13:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-10 13:15 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-10 13:15 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-10 13:15 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-10 13:14 - 2014-07-10 13:37 - 00000000 ____D () C:\Windows\erdnt
2014-07-10 13:06 - 2014-07-10 13:06 - 05217324 ____R (Swearware) C:\Users\Theo\Desktop\ComboFix.exe
2014-07-09 14:40 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 14:40 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 14:40 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 14:40 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 14:40 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 14:40 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 14:40 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 14:40 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 14:40 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 14:40 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 14:40 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 14:40 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 14:40 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 14:40 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 14:40 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 14:40 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 14:40 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 14:40 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 14:40 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 14:40 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 14:40 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 14:40 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 14:37 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 14:37 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 14:37 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 14:37 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 14:37 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 14:37 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 14:37 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 14:37 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 14:37 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 14:37 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 14:37 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 14:37 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 14:37 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 14:37 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 14:37 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 14:37 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 14:37 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 14:33 - 2014-07-09 14:34 - 00026488 _____ () C:\Users\Theo\Desktop\Addition.txt
2014-07-09 14:31 - 2014-07-11 18:08 - 00000000 ____D () C:\FRST
2014-07-09 14:31 - 2014-07-11 18:04 - 02084864 _____ (Farbar) C:\Users\Theo\Desktop\FRST64.exe
2014-07-09 01:22 - 2014-07-11 17:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 01:22 - 2014-07-09 01:22 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-09 01:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-09 01:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-09 01:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-09 01:21 - 2014-07-09 01:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Theo\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-08 14:22 - 2014-07-08 14:22 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\Windows Live Writer
2014-07-08 14:22 - 2014-07-08 14:22 - 00000000 ____D () C:\Users\Theo\AppData\Local\Windows Live Writer
2014-07-08 14:03 - 2014-07-08 14:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-08 13:58 - 2014-07-08 14:51 - 00007600 _____ () C:\Users\Theo\AppData\Local\Resmon.ResmonCfg
2014-07-08 13:57 - 2014-07-08 14:00 - 00002872 _____ () C:\Windows\system32\TmInstall.log
2014-07-08 13:57 - 2014-07-08 13:57 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-07-06 15:15 - 2014-07-06 15:15 - 00000000 ____D () C:\Users\Theo\Documents\Anno 1404
2014-07-06 03:56 - 2014-07-06 03:56 - 00001050 _____ () C:\Users\Theo\Documents\cc_20140706_035603.reg
2014-07-06 03:55 - 2014-07-06 03:55 - 00010966 _____ () C:\Users\Theo\Documents\cc_20140706_035548.reg
2014-07-06 03:51 - 2014-07-06 03:51 - 00152792 _____ () C:\Users\Theo\Documents\cc_20140706_035130.reg
2014-07-06 00:18 - 2014-07-06 14:05 - 00000000 ____D () C:\Users\Theo\Desktop\ANNO 1404 (Download)
2014-06-26 19:01 - 2014-06-26 19:01 - 00000000 ____D () C:\Users\Theo\AppData\Local\PDF24
2014-06-23 18:48 - 2014-06-23 18:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 18:58 - 2013-12-21 11:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-16 18:58 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-16 18:52 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-16 18:52 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-16 18:52 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-16 18:52 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-16 18:52 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-16 18:52 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-16 18:52 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-16 18:52 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-16 18:52 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-16 18:52 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-16 18:52 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-16 18:52 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-16 18:52 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-16 18:52 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-16 18:52 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-16 18:52 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-16 18:52 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-16 18:52 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-16 18:52 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-16 18:52 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-16 18:52 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-16 18:52 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-16 18:52 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-16 18:52 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-06-16 18:52 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-06-16 18:52 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-06-16 18:52 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-06-16 18:52 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-06-16 18:52 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-06-16 18:52 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-06-16 18:52 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-06-16 18:52 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-06-16 18:52 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-06-16 18:52 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-06-16 18:52 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-06-16 18:52 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-06-16 18:52 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-06-16 18:52 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-06-16 18:52 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-06-16 18:52 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-06-16 18:52 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-06-16 18:49 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-06-16 18:49 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-06-15 16:26 - 2014-06-17 00:15 - 00000122 _____ () C:\Users\Theo\Desktop\to-do.txt

==================== One Month Modified Files and Folders =======

2014-07-11 18:08 - 2014-07-11 18:05 - 00010021 _____ () C:\Users\Theo\Desktop\FRST.txt
2014-07-11 18:08 - 2014-07-11 18:04 - 00000000 ____D () C:\Users\Theo\Desktop\FRST-OlderVersion
2014-07-11 18:08 - 2014-07-09 14:31 - 00000000 ____D () C:\FRST
2014-07-11 18:04 - 2014-07-09 14:31 - 02084864 _____ (Farbar) C:\Users\Theo\Desktop\FRST64.exe
2014-07-11 17:59 - 2014-07-11 17:59 - 00002901 _____ () C:\Users\Theo\Desktop\JRT.txt
2014-07-11 17:56 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-11 17:56 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-11 17:54 - 2012-04-10 07:42 - 01768814 _____ () C:\Windows\WindowsUpdate.log
2014-07-11 17:52 - 2014-07-11 17:52 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 17:51 - 2014-07-11 17:51 - 01016261 _____ (Thisisu) C:\Users\Theo\Desktop\JRT.exe
2014-07-11 17:49 - 2012-09-18 10:16 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-07-11 17:48 - 2014-07-11 17:35 - 00001706 _____ () C:\Windows\PFRO.log
2014-07-11 17:48 - 2014-07-11 17:12 - 00000168 _____ () C:\Windows\setupact.log
2014-07-11 17:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-11 17:47 - 2014-07-11 17:45 - 00000000 ____D () C:\AdwCleaner
2014-07-11 17:41 - 2014-07-11 17:41 - 01348263 _____ () C:\Users\Theo\Desktop\adwcleaner_3.215.exe
2014-07-11 17:40 - 2014-07-11 17:40 - 00000258 _____ () C:\Users\Theo\Desktop\mbma.txt
2014-07-11 17:39 - 2014-07-09 01:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 17:35 - 2013-01-22 18:34 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2014-07-11 17:13 - 2014-07-11 17:12 - 00294184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 17:12 - 2014-07-11 17:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-10 23:07 - 2014-07-10 21:56 - 00064024 _____ () C:\Users\Theo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-10 22:29 - 2014-07-10 22:29 - 00000000 ____D () C:\Users\Theo\Documents\web_of_trust_wot-20131118-fx
2014-07-10 22:29 - 2014-07-10 22:29 - 00000000 ____D () C:\Users\Theo\Documents\noscript-2.6.8.33.xpi
2014-07-10 21:46 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2014-07-10 13:38 - 2014-07-10 13:38 - 00010839 _____ () C:\ComboFix.txt
2014-07-10 13:38 - 2014-07-10 13:15 - 00000000 ____D () C:\Qoobox
2014-07-10 13:38 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-10 13:37 - 2014-07-10 13:14 - 00000000 ____D () C:\Windows\erdnt
2014-07-10 13:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-10 13:06 - 2014-07-10 13:06 - 05217324 ____R (Swearware) C:\Users\Theo\Desktop\ComboFix.exe
2014-07-10 12:16 - 2013-08-21 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:35 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 03:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:02 - 2013-02-02 02:21 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 01:36 - 2014-02-08 02:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 01:36 - 2014-02-08 02:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 14:34 - 2014-07-09 14:33 - 00026488 _____ () C:\Users\Theo\Desktop\Addition.txt
2014-07-09 01:22 - 2014-07-09 01:22 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-09 01:21 - 2014-07-09 01:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Theo\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-08 14:51 - 2014-07-08 13:58 - 00007600 _____ () C:\Users\Theo\AppData\Local\Resmon.ResmonCfg
2014-07-08 14:36 - 2011-10-19 06:24 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-07-08 14:35 - 2011-10-19 06:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-07-08 14:32 - 2012-04-10 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2014-07-08 14:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-08 14:22 - 2014-07-08 14:22 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\Windows Live Writer
2014-07-08 14:22 - 2014-07-08 14:22 - 00000000 ____D () C:\Users\Theo\AppData\Local\Windows Live Writer
2014-07-08 14:13 - 2013-01-14 12:57 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\HpUpdate
2014-07-08 14:13 - 2013-01-14 12:56 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-08 14:10 - 2013-01-14 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-08 14:04 - 2013-02-02 01:30 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-08 14:04 - 2013-02-02 01:29 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-08 14:03 - 2014-07-08 14:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-08 14:03 - 2014-06-04 20:57 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-08 14:03 - 2014-02-08 04:30 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-08 14:03 - 2013-04-09 15:24 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-08 14:03 - 2013-04-09 15:24 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-08 14:03 - 2013-02-02 01:29 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-08 14:03 - 2013-02-02 01:29 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-08 14:03 - 2013-02-02 01:29 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-08 14:03 - 2013-02-02 01:29 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-08 14:03 - 2013-02-02 01:29 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-08 14:00 - 2014-07-08 13:57 - 00002872 _____ () C:\Windows\system32\TmInstall.log
2014-07-08 13:59 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-08 13:57 - 2014-07-08 13:57 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-07-08 13:57 - 2011-10-19 06:36 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-07-08 01:07 - 2013-11-12 02:28 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\PunkBuster
2014-07-08 01:02 - 2012-04-10 07:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-08 00:50 - 2011-10-19 06:34 - 00000000 ____D () C:\ProgramData\Asus
2014-07-08 00:50 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-08 00:45 - 2011-10-19 06:26 - 00000000 ____D () C:\ProgramData\Deadtime Stories
2014-07-08 00:32 - 2012-04-10 07:57 - 00000000 ____D () C:\ProgramData\Temp
2014-07-08 00:14 - 2012-10-14 16:51 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\DVDVideoSoft
2014-07-06 15:15 - 2014-07-06 15:15 - 00000000 ____D () C:\Users\Theo\Documents\Anno 1404
2014-07-06 14:24 - 2012-10-24 17:53 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\Ubisoft
2014-07-06 14:05 - 2014-07-06 00:18 - 00000000 ____D () C:\Users\Theo\Desktop\ANNO 1404 (Download)
2014-07-06 03:56 - 2014-07-06 03:56 - 00001050 _____ () C:\Users\Theo\Documents\cc_20140706_035603.reg
2014-07-06 03:55 - 2014-07-06 03:55 - 00010966 _____ () C:\Users\Theo\Documents\cc_20140706_035548.reg
2014-07-06 03:51 - 2014-07-06 03:51 - 00152792 _____ () C:\Users\Theo\Documents\cc_20140706_035130.reg
2014-07-03 20:10 - 2013-06-24 15:14 - 00000000 ____D () C:\Windows\pss
2014-07-03 00:59 - 2011-02-19 06:24 - 00711078 _____ () C:\Windows\system32\perfh007.dat
2014-07-03 00:59 - 2011-02-19 06:24 - 00153526 _____ () C:\Windows\system32\perfc007.dat
2014-07-03 00:59 - 2009-07-14 07:13 - 01651576 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-02 01:33 - 2013-08-22 20:15 - 00000000 ____D () C:\ProgramData\Origin
2014-07-02 01:13 - 2013-08-22 20:34 - 00000000 ____D () C:\Users\Theo\Documents\FIFA 13
2014-07-01 21:24 - 2013-08-22 20:14 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-28 03:42 - 2012-04-10 07:54 - 00002466 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-06-26 19:01 - 2014-06-26 19:01 - 00000000 ____D () C:\Users\Theo\AppData\Local\PDF24
2014-06-23 18:49 - 2014-06-23 18:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 04:12 - 2014-07-09 14:40 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 04:12 - 2014-07-09 14:40 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 04:12 - 2014-07-09 14:40 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 04:11 - 2014-07-09 14:40 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 04:11 - 2014-07-09 14:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 04:11 - 2014-07-09 14:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 04:09 - 2014-07-09 14:40 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 02:53 - 2014-07-09 14:40 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:53 - 2014-07-09 14:40 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 02:53 - 2014-07-09 14:40 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 02:53 - 2014-07-09 14:40 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 02:53 - 2014-07-09 14:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 02:53 - 2014-07-09 14:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 02:52 - 2014-07-09 14:40 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 02:33 - 2014-07-09 14:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 02:30 - 2014-07-09 14:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 04:18 - 2014-07-09 14:40 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 14:40 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 14:40 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 13:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-17 00:15 - 2014-06-15 16:26 - 00000122 _____ () C:\Users\Theo\Desktop\to-do.txt
2014-06-16 19:07 - 2013-04-03 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-16 19:07 - 2013-04-03 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-16 18:55 - 2013-04-03 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Theo\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-09 00:05

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

schrauber · 12.07.2014, 15:45

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Tbsc · 12.07.2014, 20:56

Hey,

Probleme soweit keine, allerdings hat ESET 3 infizierte Dateien gefunden. Die stammen anscheinend von einer Toolbar, von der ich noch nie was gehört habe.

ESET-logfile

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=eb3bf9b44c7eb240a2883cfa76eeba37
# engine=19148
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-12 07:42:16
# local_time=2014-07-12 09:42:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 370640 169618226 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 102169 156823986 0 0
# scanned=146550
# found=3
# cleaned=0
# scan_time=3775
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=2BDB1008EBF1D7AECB44EE532E024CBAF9C80666 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Theo\AppData\Local\CRE\jndeiekmdhemaggmkgljlpdeaomeplbp.crx"
sh=64AC7AAD1FF357D84BA287892B7E95099CC43F40 ft=1 fh=710ded7bacb8d5d1 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\extensions\{94193c2f-e73f-4feb-b393-2b95f0a01430}\Plugins\npConduitFirefoxPlugin.dll"

SecurityCheck-logfile

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 60  
 Adobe Flash Player 14.0.0.145  
 Mozilla Firefox (30.0) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

und das FRST-logfile.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Theo (administrator) on THEO-PC on 12-07-2014 21:52:32
Running from C:\Users\Theo\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [100112 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-19] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-22] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: c:\Windows\System32\nvinitx.dll => c:\Windows\System32\nvinitx.dll [245432 2012-12-03] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xp603m.default
FF Homepage: https://posteo.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xp603m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-10]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-01-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-02]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-10-21] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-10-21] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-12 21:45 - 2014-07-12 21:45 - 00854390 _____ () C:\Users\Theo\Desktop\SecurityCheck.exe
2014-07-12 21:03 - 2014-07-12 21:03 - 00008224 _____ () C:\Users\Theo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-12 20:36 - 2014-07-12 20:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-12 20:34 - 2014-07-12 20:34 - 02347384 _____ (ESET) C:\Users\Theo\Desktop\esetsmartinstaller_deu.exe
2014-07-11 19:36 - 2014-07-11 19:36 - 00001686 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-07-11 19:36 - 2014-07-11 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-07-11 19:36 - 2014-07-11 19:36 - 00000000 ____D () C:\Program Files\Defraggler
2014-07-11 19:30 - 2014-07-11 19:30 - 04362512 _____ (Piriform Ltd) C:\Users\Theo\Desktop\dfsetup218.exe
2014-07-11 18:05 - 2014-07-12 21:52 - 00010166 _____ () C:\Users\Theo\Desktop\FRST.txt
2014-07-11 18:04 - 2014-07-11 18:08 - 00000000 ____D () C:\Users\Theo\Desktop\FRST-OlderVersion
2014-07-11 17:59 - 2014-07-11 17:59 - 00002901 _____ () C:\Users\Theo\Desktop\JRT.txt
2014-07-11 17:52 - 2014-07-11 17:52 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 17:51 - 2014-07-11 17:51 - 01016261 _____ (Thisisu) C:\Users\Theo\Desktop\JRT.exe
2014-07-11 17:45 - 2014-07-11 17:47 - 00000000 ____D () C:\AdwCleaner
2014-07-11 17:41 - 2014-07-11 17:41 - 01348263 _____ () C:\Users\Theo\Desktop\adwcleaner_3.215.exe
2014-07-11 17:40 - 2014-07-11 17:40 - 00000258 _____ () C:\Users\Theo\Desktop\mbma.txt
2014-07-10 22:29 - 2014-07-10 22:29 - 00000000 ____D () C:\Users\Theo\Documents\web_of_trust_wot-20131118-fx
2014-07-10 22:29 - 2014-07-10 22:29 - 00000000 ____D () C:\Users\Theo\Documents\noscript-2.6.8.33.xpi
2014-07-10 13:38 - 2014-07-10 13:38 - 00010839 _____ () C:\ComboFix.txt
2014-07-10 13:15 - 2014-07-10 13:38 - 00000000 ____D () C:\Qoobox
2014-07-10 13:15 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-10 13:15 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-10 13:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-10 13:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-10 13:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-10 13:15 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-10 13:15 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-10 13:15 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-10 13:14 - 2014-07-10 13:37 - 00000000 ____D () C:\Windows\erdnt
2014-07-10 13:06 - 2014-07-10 13:06 - 05217324 ____R (Swearware) C:\Users\Theo\Desktop\ComboFix.exe
2014-07-09 14:40 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 14:40 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 14:40 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 14:40 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 14:40 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 14:40 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 14:40 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 14:40 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 14:40 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 14:40 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 14:40 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 14:40 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 14:40 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 14:40 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 14:40 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 14:40 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 14:40 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 14:40 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 14:40 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 14:40 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 14:40 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 14:40 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 14:40 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 14:40 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 14:37 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 14:37 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 14:37 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 14:37 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 14:37 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 14:37 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 14:37 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 14:37 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 14:37 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 14:37 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 14:37 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 14:37 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 14:37 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 14:37 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 14:37 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 14:37 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 14:37 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 14:33 - 2014-07-09 14:34 - 00026488 _____ () C:\Users\Theo\Desktop\Addition.txt
2014-07-09 14:31 - 2014-07-12 21:52 - 00000000 ____D () C:\FRST
2014-07-09 14:31 - 2014-07-11 18:04 - 02084864 _____ (Farbar) C:\Users\Theo\Desktop\FRST64.exe
2014-07-09 01:22 - 2014-07-11 18:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 01:22 - 2014-07-09 01:22 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-09 01:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-09 01:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-09 01:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-09 01:21 - 2014-07-09 01:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Theo\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-08 14:22 - 2014-07-08 14:22 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\Windows Live Writer
2014-07-08 14:22 - 2014-07-08 14:22 - 00000000 ____D () C:\Users\Theo\AppData\Local\Windows Live Writer
2014-07-08 14:03 - 2014-07-08 14:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-08 13:58 - 2014-07-08 14:51 - 00007600 _____ () C:\Users\Theo\AppData\Local\Resmon.ResmonCfg
2014-07-08 13:57 - 2014-07-08 14:00 - 00002872 _____ () C:\Windows\system32\TmInstall.log
2014-07-08 13:57 - 2014-07-08 13:57 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-07-06 15:15 - 2014-07-06 15:15 - 00000000 ____D () C:\Users\Theo\Documents\Anno 1404
2014-07-06 03:56 - 2014-07-06 03:56 - 00001050 _____ () C:\Users\Theo\Documents\cc_20140706_035603.reg
2014-07-06 03:55 - 2014-07-06 03:55 - 00010966 _____ () C:\Users\Theo\Documents\cc_20140706_035548.reg
2014-07-06 03:51 - 2014-07-06 03:51 - 00152792 _____ () C:\Users\Theo\Documents\cc_20140706_035130.reg
2014-07-06 00:18 - 2014-07-06 14:05 - 00000000 ____D () C:\Users\Theo\Downloads\ANNO 1404 (Download)
2014-06-26 19:01 - 2014-06-26 19:01 - 00000000 ____D () C:\Users\Theo\AppData\Local\PDF24
2014-06-23 18:48 - 2014-06-23 18:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 18:58 - 2013-12-21 11:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-16 18:58 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-16 18:52 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-16 18:52 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-16 18:52 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-16 18:52 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-16 18:52 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-16 18:52 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-16 18:52 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-16 18:52 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-16 18:52 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-16 18:52 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-16 18:52 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-16 18:52 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-16 18:52 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-16 18:52 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-16 18:52 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-16 18:52 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-16 18:52 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-16 18:52 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-16 18:52 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-16 18:52 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-16 18:52 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-16 18:52 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-06-16 18:52 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-16 18:52 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-16 18:52 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-16 18:52 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-06-16 18:52 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-06-16 18:52 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-06-16 18:52 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-06-16 18:52 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-06-16 18:52 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-06-16 18:52 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-06-16 18:52 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-06-16 18:52 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-06-16 18:52 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-06-16 18:52 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-06-16 18:52 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-06-16 18:52 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-06-16 18:52 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-06-16 18:52 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-06-16 18:52 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-06-16 18:52 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-06-16 18:52 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-06-16 18:52 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-06-16 18:49 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-06-16 18:49 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-06-15 16:26 - 2014-06-17 00:15 - 00000122 _____ () C:\Users\Theo\Desktop\to-do.txt

==================== One Month Modified Files and Folders =======

2014-07-12 21:53 - 2014-07-11 18:05 - 00010166 _____ () C:\Users\Theo\Desktop\FRST.txt
2014-07-12 21:52 - 2014-07-09 14:31 - 00000000 ____D () C:\FRST
2014-07-12 21:45 - 2014-07-12 21:45 - 00854390 _____ () C:\Users\Theo\Desktop\SecurityCheck.exe
2014-07-12 21:03 - 2014-07-12 21:03 - 00008224 _____ () C:\Users\Theo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-12 20:36 - 2014-07-12 20:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-12 20:34 - 2014-07-12 20:34 - 02347384 _____ (ESET) C:\Users\Theo\Desktop\esetsmartinstaller_deu.exe
2014-07-12 20:16 - 2012-04-10 07:42 - 01795202 _____ () C:\Windows\WindowsUpdate.log
2014-07-12 15:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-12 14:53 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-12 14:53 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 14:47 - 2013-02-02 01:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-12 14:47 - 2012-09-18 10:16 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-07-12 14:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-11 19:36 - 2014-07-11 19:36 - 00001686 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-07-11 19:36 - 2014-07-11 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-07-11 19:36 - 2014-07-11 19:36 - 00000000 ____D () C:\Program Files\Defraggler
2014-07-11 19:30 - 2014-07-11 19:30 - 04362512 _____ (Piriform Ltd) C:\Users\Theo\Desktop\dfsetup218.exe
2014-07-11 18:37 - 2014-07-09 01:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 18:08 - 2014-07-11 18:04 - 00000000 ____D () C:\Users\Theo\Desktop\FRST-OlderVersion
2014-07-11 18:04 - 2014-07-09 14:31 - 02084864 _____ (Farbar) C:\Users\Theo\Desktop\FRST64.exe
2014-07-11 17:59 - 2014-07-11 17:59 - 00002901 _____ () C:\Users\Theo\Desktop\JRT.txt
2014-07-11 17:52 - 2014-07-11 17:52 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 17:51 - 2014-07-11 17:51 - 01016261 _____ (Thisisu) C:\Users\Theo\Desktop\JRT.exe
2014-07-11 17:47 - 2014-07-11 17:45 - 00000000 ____D () C:\AdwCleaner
2014-07-11 17:41 - 2014-07-11 17:41 - 01348263 _____ () C:\Users\Theo\Desktop\adwcleaner_3.215.exe
2014-07-11 17:40 - 2014-07-11 17:40 - 00000258 _____ () C:\Users\Theo\Desktop\mbma.txt
2014-07-11 17:35 - 2013-01-22 18:34 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2014-07-10 22:29 - 2014-07-10 22:29 - 00000000 ____D () C:\Users\Theo\Documents\web_of_trust_wot-20131118-fx
2014-07-10 22:29 - 2014-07-10 22:29 - 00000000 ____D () C:\Users\Theo\Documents\noscript-2.6.8.33.xpi
2014-07-10 21:46 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2014-07-10 13:38 - 2014-07-10 13:38 - 00010839 _____ () C:\ComboFix.txt
2014-07-10 13:38 - 2014-07-10 13:15 - 00000000 ____D () C:\Qoobox
2014-07-10 13:38 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-10 13:37 - 2014-07-10 13:14 - 00000000 ____D () C:\Windows\erdnt
2014-07-10 13:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-10 13:06 - 2014-07-10 13:06 - 05217324 ____R (Swearware) C:\Users\Theo\Desktop\ComboFix.exe
2014-07-10 12:16 - 2013-08-21 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:35 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 03:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:02 - 2013-02-02 02:21 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 01:36 - 2014-02-08 02:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 01:36 - 2014-02-08 02:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 14:34 - 2014-07-09 14:33 - 00026488 _____ () C:\Users\Theo\Desktop\Addition.txt
2014-07-09 01:22 - 2014-07-09 01:22 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-09 01:22 - 2014-07-09 01:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-09 01:21 - 2014-07-09 01:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Theo\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-08 14:51 - 2014-07-08 13:58 - 00007600 _____ () C:\Users\Theo\AppData\Local\Resmon.ResmonCfg
2014-07-08 14:36 - 2011-10-19 06:24 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-07-08 14:35 - 2011-10-19 06:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-07-08 14:32 - 2012-04-10 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2014-07-08 14:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-08 14:22 - 2014-07-08 14:22 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\Windows Live Writer
2014-07-08 14:22 - 2014-07-08 14:22 - 00000000 ____D () C:\Users\Theo\AppData\Local\Windows Live Writer
2014-07-08 14:13 - 2013-01-14 12:57 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\HpUpdate
2014-07-08 14:13 - 2013-01-14 12:56 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-08 14:10 - 2013-01-14 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-08 14:04 - 2013-02-02 01:29 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-08 14:03 - 2014-07-08 14:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-08 14:03 - 2014-06-04 20:57 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-08 14:03 - 2014-02-08 04:30 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-08 14:03 - 2013-04-09 15:24 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-08 14:03 - 2013-04-09 15:24 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-08 14:03 - 2013-02-02 01:29 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-08 14:03 - 2013-02-02 01:29 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-08 14:03 - 2013-02-02 01:29 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-08 14:03 - 2013-02-02 01:29 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-08 14:00 - 2014-07-08 13:57 - 00002872 _____ () C:\Windows\system32\TmInstall.log
2014-07-08 13:59 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-08 13:57 - 2014-07-08 13:57 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-07-08 13:57 - 2011-10-19 06:36 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-07-08 01:07 - 2013-11-12 02:28 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\PunkBuster
2014-07-08 01:02 - 2012-04-10 07:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-08 00:50 - 2011-10-19 06:34 - 00000000 ____D () C:\ProgramData\Asus
2014-07-08 00:50 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-08 00:45 - 2011-10-19 06:26 - 00000000 ____D () C:\ProgramData\Deadtime Stories
2014-07-08 00:32 - 2012-04-10 07:57 - 00000000 ____D () C:\ProgramData\Temp
2014-07-08 00:14 - 2012-10-14 16:51 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\DVDVideoSoft
2014-07-06 15:15 - 2014-07-06 15:15 - 00000000 ____D () C:\Users\Theo\Documents\Anno 1404
2014-07-06 14:24 - 2012-10-24 17:53 - 00000000 ____D () C:\Users\Theo\AppData\Roaming\Ubisoft
2014-07-06 14:05 - 2014-07-06 00:18 - 00000000 ____D () C:\Users\Theo\Downloads\ANNO 1404 (Download)
2014-07-06 03:56 - 2014-07-06 03:56 - 00001050 _____ () C:\Users\Theo\Documents\cc_20140706_035603.reg
2014-07-06 03:55 - 2014-07-06 03:55 - 00010966 _____ () C:\Users\Theo\Documents\cc_20140706_035548.reg
2014-07-06 03:51 - 2014-07-06 03:51 - 00152792 _____ () C:\Users\Theo\Documents\cc_20140706_035130.reg
2014-07-03 20:10 - 2013-06-24 15:14 - 00000000 ____D () C:\Windows\pss
2014-07-03 00:59 - 2011-02-19 06:24 - 00711078 _____ () C:\Windows\system32\perfh007.dat
2014-07-03 00:59 - 2011-02-19 06:24 - 00153526 _____ () C:\Windows\system32\perfc007.dat
2014-07-03 00:59 - 2009-07-14 07:13 - 01651576 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-02 01:33 - 2013-08-22 20:15 - 00000000 ____D () C:\ProgramData\Origin
2014-07-02 01:13 - 2013-08-22 20:34 - 00000000 ____D () C:\Users\Theo\Documents\FIFA 13
2014-07-01 21:24 - 2013-08-22 20:14 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-28 03:42 - 2012-04-10 07:54 - 00002466 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-06-26 19:01 - 2014-06-26 19:01 - 00000000 ____D () C:\Users\Theo\AppData\Local\PDF24
2014-06-23 18:49 - 2014-06-23 18:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 04:12 - 2014-07-09 14:40 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 04:12 - 2014-07-09 14:40 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 04:12 - 2014-07-09 14:40 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 04:11 - 2014-07-09 14:40 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 04:11 - 2014-07-09 14:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 04:11 - 2014-07-09 14:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 04:10 - 2014-07-09 14:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 04:09 - 2014-07-09 14:40 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 02:53 - 2014-07-09 14:40 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:53 - 2014-07-09 14:40 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 02:53 - 2014-07-09 14:40 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 02:53 - 2014-07-09 14:40 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 02:53 - 2014-07-09 14:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 02:53 - 2014-07-09 14:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 02:52 - 2014-07-09 14:40 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 02:52 - 2014-07-09 14:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 02:33 - 2014-07-09 14:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 02:30 - 2014-07-09 14:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 04:18 - 2014-07-09 14:40 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 14:40 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 14:40 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 00:15 - 2014-06-15 16:26 - 00000122 _____ () C:\Users\Theo\Desktop\to-do.txt
2014-06-16 19:07 - 2013-04-03 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-16 19:07 - 2013-04-03 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-16 18:55 - 2013-04-03 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-09 00:05

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Vielen Dank nochmal für die Hilfe!!

schrauber · 13.07.2014, 15:05

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Tbsc · 14.07.2014, 11:15

Hey, hat alles geklappt.

Noch einmal vielen Dank für die umfassende und schnelle Hilfestellung bei Bereinigung des Laptops von Malware und ähnlichem!

Grüße!

schrauber · 14.07.2014, 17:59

Gern Geschehen

14.07.2014, 17:59	#12
schrauber /// the machine /// TB-Ausbilder	Malwarebytes-Systemscan: Wie mit Ergebnis (19 Bedrohungen) umgehen? Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Malwarebytes-Systemscan: Wie mit Ergebnis (19 Bedrohungen) umgehen?

Log-Analyse und Auswertung: Malwarebytes-Systemscan: Wie mit Ergebnis (19 Bedrohungen) umgehen?