Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Problem mit hxxp://admin.true-secure.com/securita.php/?id=4157983&bro=FF (https://www.trojaner-board.de/154535-problem-hxxp-admin-true-secure-com-securita-php-id-4157983-bro-ff.html)

Santana 29.05.2014 18:28
Problem mit hxxp://admin.true-secure.com/securita.php/?id=4157983&bro=FF
 
Liebe Community,

ich habe o.g. Problem, welches avast gemeldet und geblockt hat. Im Vorfeld habe ich bereits folgende Infos für Euch:

Ausgabe von FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by ****** (administrator) on REGINA-PC on 29-05-2014 17:51:49
Running from C:\Users\******\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBAgent.exe
(Thisisu) C:\Users\******\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-29] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBAgent.exe [2037072 2014-05-10] (Nero AG)
HKU\S-1-5-21-3492184576-273459616-3862360488-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fde.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
URLSearchHook: HKCU - (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - No File
SearchScopes: HKCU - {33CA35C9-04D0-45af-AED5-A938D3EAE75E} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
SearchScopes: HKCU - {AAE7B4C9-BB83-402c-A0E3-C282FD18D9A8} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\Users\******\AppData\LocalLow\systems ie bho\bho.dll ()
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: www.zeit.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Foxy Security - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\sys@foxysecurity.com [2014-05-29]
FF Extension: Ghostery - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\firefox@ghostery.com.xpi [2014-02-28]
FF Extension: DuckDuckGo Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-03-02]
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-02]
FF Extension: BetterPrivacy - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-03-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-28]

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-19] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-29] (AVAST Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
R2 NBService; C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe [265552 2014-05-10] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-19] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-05-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-19] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-19] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-19] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2010-05-20] (Windows (R) Codename Longhorn DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-29 17:26 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-29 17:26 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-29 17:26 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-29 17:26 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-29 17:26 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-29 17:26 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-29 17:24 - 2014-05-29 17:25 - 00000474 _____ () C:\Users\******\Downloads\defogger_disable.log
2014-05-29 17:24 - 2014-05-29 17:24 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-05-29 17:22 - 2014-05-29 17:22 - 00050477 _____ () C:\Users\******\Downloads\Defogger.exe
2014-05-29 17:04 - 2014-05-29 17:04 - 00001375 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-05-29 17:04 - 2014-05-29 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-29 17:02 - 2014-05-29 17:03 - 34131368 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-8u5-windows-x64.exe
2014-05-29 17:01 - 2014-05-29 17:01 - 39187992 _____ (Foxit Corporation ) C:\Users\******\Downloads\FoxitReader620.0429_enu_Setup.exe
2014-05-29 16:59 - 2014-05-29 16:59 - 00000922 _____ () C:\Users\Public\Desktop\AIMP3.lnk
2014-05-29 16:59 - 2014-05-29 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2014-05-29 16:58 - 2014-05-29 16:58 - 07681400 _____ (AIMP DevTeam) C:\Users\******\Downloads\aimp_3.55.1345.exe
2014-05-29 16:57 - 2014-05-29 16:57 - 00264757 _____ () C:\Users\******\Downloads\FHSetup.exe
2014-05-29 16:57 - 2014-05-29 16:57 - 00002016 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-05-29 16:57 - 2014-05-29 16:57 - 00001986 _____ () C:\Users\******\Desktop\Update Checker.lnk
2014-05-29 16:57 - 2014-05-29 16:57 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieUserList
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieSiteList
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 ____D () C:\Windows\pss
2014-05-29 16:49 - 2014-05-29 16:49 - 04748896 _____ (Piriform Ltd) C:\Users\******\Downloads\ccsetup414.exe
2014-05-29 16:47 - 2014-05-29 16:47 - 00003488 _____ () C:\Windows\System32\Tasks\****** NBAgent 15 0
2014-05-29 16:47 - 2014-05-29 16:47 - 00000000 ____D () C:\Users\******\Documents\Nero BackItUp Device Backup
2014-05-29 16:46 - 2014-05-29 16:46 - 00000000 ____D () C:\Users\******\AppData\Roaming\Nero
2014-05-29 16:45 - 2014-05-29 16:45 - 00002665 _____ () C:\Users\Public\Desktop\Nero BackItUp 2014.lnk
2014-05-29 16:45 - 2014-05-29 16:45 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-05-29 16:44 - 2014-05-29 16:46 - 00000000 ____D () C:\ProgramData\Nero
2014-05-29 16:44 - 2014-05-29 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-05-29 16:44 - 2014-05-29 16:45 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-05-29 16:43 - 2014-05-29 16:43 - 42441496 _____ (Nero AG) C:\Users\******\Downloads\Nero_BackItUp2014-15.0.04200_free.exe
2014-05-29 16:41 - 2014-05-29 17:51 - 00010746 _____ () C:\Users\******\Desktop\FRST.txt
2014-05-29 15:57 - 2014-05-29 15:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-29 15:55 - 2014-05-29 15:55 - 02347384 _____ (ESET) C:\Users\******\Desktop\esetsmartinstaller_deu.exe
2014-05-29 15:52 - 2014-05-29 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-29 15:50 - 2014-05-29 15:51 - 00002040 _____ () C:\Users\******\Desktop\Rkill.txt
2014-05-29 15:50 - 2014-05-29 15:50 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\******\Downloads\rkill.com
2014-05-29 15:48 - 2014-05-29 15:48 - 01016261 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2014-05-29 15:42 - 2014-05-29 15:42 - 00003026 _____ () C:\Users\******\Desktop\AdwCleaner[S1].txt
2014-05-29 15:33 - 2014-05-29 15:43 - 00000000 ____D () C:\AdwCleaner
2014-05-29 15:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-29 15:31 - 2014-05-29 15:31 - 01327971 _____ () C:\Users\******\Desktop\adwcleaner_3.211.exe
2014-05-29 15:20 - 2014-05-29 16:40 - 00025368 _____ () C:\Users\******\Desktop\Addition.txt
2014-05-29 15:19 - 2014-05-29 17:51 - 00000000 ____D () C:\FRST
2014-05-29 15:19 - 2014-05-29 16:40 - 00049629 _____ () C:\Users\******\Downloads\FRST.txt
2014-05-29 15:12 - 2014-05-29 15:12 - 02066944 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-05-29 14:54 - 2014-05-29 15:39 - 00000650 _____ () C:\Windows\PFRO.log
2014-05-29 14:52 - 2014-05-29 14:52 - 00001989 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-05-29 14:51 - 2014-05-29 14:51 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-29 14:51 - 2014-05-29 14:51 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-29 14:49 - 2014-05-29 14:49 - 133421120 _____ (AVAST Software) C:\Users\******\Downloads\avast_internet_security_setup.exe
2014-05-29 14:44 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-29 14:40 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-29 14:40 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-29 14:37 - 2014-05-29 14:37 - 00000000 ____D () C:\NVIDIA
2014-05-29 14:34 - 2014-05-29 16:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 14:34 - 2014-05-29 14:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-29 14:33 - 2014-05-29 15:42 - 00000000 ____D () C:\Users\******\Documents\Mein Steuer-Sparbuch Heute
2014-05-29 14:31 - 2014-05-29 17:47 - 00001196 _____ () C:\Windows\setupact.log
2014-05-29 14:31 - 2014-05-29 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-19 18:59 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-19 18:59 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-19 18:59 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-19 18:59 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-19 18:59 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-19 18:59 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-19 18:59 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-19 18:59 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-19 18:59 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-19 18:59 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-19 18:59 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-19 18:59 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-19 18:59 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-19 18:59 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-19 18:59 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-19 18:59 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-19 18:59 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-19 18:59 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-19 18:59 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-19 18:58 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-19 18:58 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-19 18:58 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-19 18:58 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-19 18:58 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-19 18:58 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-19 18:58 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-19 18:58 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-19 18:58 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-19 18:58 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-19 18:58 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-19 18:58 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-19 18:58 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-19 18:58 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-19 18:58 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-19 18:58 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-19 18:58 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-19 18:58 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-19 18:58 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-19 18:58 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-19 18:58 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-19 18:58 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-19 18:58 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-19 18:58 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-19 18:58 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-19 18:51 - 2014-05-19 18:52 - 00000000 ____D () C:\Users\******\AppData\Roaming\Security Systems
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\******\AppData\Roaming\Foxit Software
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-05-19 18:47 - 2014-05-19 18:47 - 00386904 _____ (Softonic ) C:\Users\******\Downloads\SoftonicDownloader_fuer_foxit-reader.exe
2014-05-19 18:31 - 2014-05-19 18:31 - 00000000 ____D () C:\Users\******\Documents\Steuer-Sparbuch
2014-05-19 18:00 - 2014-05-19 18:00 - 00000000 _____ () C:\Users\******\Sti_Trace.log
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\Users\******\AppData\Roaming\Buhl Data Service
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\Users\******\AppData\Local\Buhl Data Service
2014-05-19 15:30 - 2014-05-19 15:30 - 04745984 _____ (Piriform Ltd) C:\Users\******\Downloads\ccsetup413.exe
2014-05-19 15:19 - 2014-05-19 15:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-19 15:19 - 2014-05-19 15:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-05-19 15:16 - 2014-05-19 15:32 - 00000000 ____D () C:\Users\******\AppData\Roaming\Samsung
2014-05-19 15:16 - 2014-05-19 15:32 - 00000000 ____D () C:\Users\******\AppData\Local\Samsung
2014-05-19 15:16 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\******\Documents\samsung
2014-05-19 15:16 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-19 15:15 - 2014-05-19 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-05-19 15:15 - 2014-05-19 15:15 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-05-19 15:15 - 2014-04-11 10:39 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-05-19 15:15 - 2014-04-11 10:39 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-05-19 15:15 - 2014-04-11 10:39 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-05-19 15:15 - 2014-04-11 10:39 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-05-19 15:14 - 2014-05-19 15:32 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-19 15:14 - 2014-05-19 15:32 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-05-19 15:14 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-05-19 15:14 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-05-19 15:13 - 2014-05-19 15:13 - 00000000 ____D () C:\Users\******\AppData\Local\Downloaded Installations
2014-05-19 15:12 - 2014-05-19 15:13 - 75879368 _____ (Samsung Electronics Co., Ltd.) C:\Users\******\Downloads\KiesSetup263.exe
2014-05-19 15:10 - 2014-05-19 16:11 - 00000622 _____ () C:\Windows\wiso.ini
2014-05-19 15:10 - 2014-05-19 15:58 - 00000000 ____D () C:\Users\******\AppData\Local\Buhl
2014-05-19 15:10 - 2014-05-19 15:10 - 00002112 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-05-19 15:10 - 2014-05-19 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-05-19 15:09 - 2014-05-19 15:09 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-05-19 15:08 - 2014-05-19 15:10 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-05-19 14:54 - 2014-05-19 14:54 - 01038704 _____ (Amazon Services LLC) C:\Users\******\Downloads\WISO_Steuer_Sparbuch_2014_für_Steuerjahr_2013_Downloader.exe
2014-05-19 13:26 - 2014-05-19 13:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-19 13:19 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-19 13:19 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-19 13:19 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-19 13:19 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-19 13:19 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-19 13:19 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-19 13:19 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-19 13:19 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-19 13:19 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-19 13:19 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-19 13:19 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-19 13:19 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-19 13:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-19 13:19 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-19 13:19 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-19 13:19 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-19 13:19 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-19 13:19 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-19 13:19 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-19 13:19 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-19 13:18 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-19 13:18 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-19 13:12 - 2014-05-19 13:12 - 00000000 ____D () C:\Windows\Options
2014-05-19 13:12 - 2014-05-19 13:12 - 00000000 ____D () C:\ProgramData\TP-LINK
2014-05-19 13:12 - 2010-05-13 09:58 - 00007484 _____ () C:\Windows\system32\athurextx.cat
2014-05-19 13:12 - 2010-01-05 19:23 - 01847296 ____R (Atheros Communications, Inc.) C:\Windows\system32\athurx.sys
2014-05-19 13:12 - 2010-01-05 19:23 - 01847296 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athurx.sys

==================== One Month Modified Files and Folders =======

2014-05-29 17:51 - 2014-05-29 16:41 - 00010746 _____ () C:\Users\******\Desktop\FRST.txt
2014-05-29 17:51 - 2014-05-29 15:19 - 00000000 ____D () C:\FRST
2014-05-29 17:50 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 17:50 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 17:47 - 2014-05-29 14:31 - 00001196 _____ () C:\Windows\setupact.log
2014-05-29 17:46 - 2014-02-28 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-29 17:46 - 2014-02-28 15:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-29 17:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 17:27 - 2014-02-28 14:47 - 01132360 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 17:25 - 2014-05-29 17:24 - 00000474 _____ () C:\Users\******\Downloads\defogger_disable.log
2014-05-29 17:24 - 2014-05-29 17:24 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-05-29 17:24 - 2014-02-28 14:51 - 00000000 ____D () C:\Users\******
2014-05-29 17:22 - 2014-05-29 17:22 - 00050477 _____ () C:\Users\******\Downloads\Defogger.exe
2014-05-29 17:04 - 2014-05-29 17:04 - 00001375 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-05-29 17:04 - 2014-05-29 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-29 17:03 - 2014-05-29 17:02 - 34131368 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-8u5-windows-x64.exe
2014-05-29 17:01 - 2014-05-29 17:01 - 39187992 _____ (Foxit Corporation ) C:\Users\******\Downloads\FoxitReader620.0429_enu_Setup.exe
2014-05-29 16:59 - 2014-05-29 16:59 - 00000922 _____ () C:\Users\Public\Desktop\AIMP3.lnk
2014-05-29 16:59 - 2014-05-29 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2014-05-29 16:59 - 2014-02-28 18:41 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2014-05-29 16:58 - 2014-05-29 16:58 - 07681400 _____ (AIMP DevTeam) C:\Users\******\Downloads\aimp_3.55.1345.exe
2014-05-29 16:57 - 2014-05-29 16:57 - 00264757 _____ () C:\Users\******\Downloads\FHSetup.exe
2014-05-29 16:57 - 2014-05-29 16:57 - 00002016 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-05-29 16:57 - 2014-05-29 16:57 - 00001986 _____ () C:\Users\******\Desktop\Update Checker.lnk
2014-05-29 16:57 - 2014-05-29 16:57 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieUserList
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieSiteList
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 ____D () C:\Windows\pss
2014-05-29 16:52 - 2014-02-28 15:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-29 16:52 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-29 16:51 - 2014-02-28 15:35 - 00000000 ____D () C:\Users\******\AppData\Local\Google
2014-05-29 16:50 - 2014-02-28 16:09 - 00000839 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-29 16:50 - 2014-02-28 16:09 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-29 16:49 - 2014-05-29 16:49 - 04748896 _____ (Piriform Ltd) C:\Users\******\Downloads\ccsetup414.exe
2014-05-29 16:47 - 2014-05-29 16:47 - 00003488 _____ () C:\Windows\System32\Tasks\****** NBAgent 15 0
2014-05-29 16:47 - 2014-05-29 16:47 - 00000000 ____D () C:\Users\******\Documents\Nero BackItUp Device Backup
2014-05-29 16:46 - 2014-05-29 16:46 - 00000000 ____D () C:\Users\******\AppData\Roaming\Nero
2014-05-29 16:46 - 2014-05-29 16:44 - 00000000 ____D () C:\ProgramData\Nero
2014-05-29 16:45 - 2014-05-29 16:45 - 00002665 _____ () C:\Users\Public\Desktop\Nero BackItUp 2014.lnk
2014-05-29 16:45 - 2014-05-29 16:45 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-05-29 16:45 - 2014-05-29 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-05-29 16:45 - 2014-05-29 16:44 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-05-29 16:43 - 2014-05-29 16:43 - 42441496 _____ (Nero AG) C:\Users\******\Downloads\Nero_BackItUp2014-15.0.04200_free.exe
2014-05-29 16:40 - 2014-05-29 15:20 - 00025368 _____ () C:\Users\******\Desktop\Addition.txt
2014-05-29 16:40 - 2014-05-29 15:19 - 00049629 _____ () C:\Users\******\Downloads\FRST.txt
2014-05-29 16:36 - 2014-02-28 16:07 - 00000000 ____D () C:\Users\******\AppData\Local\Thunderbird
2014-05-29 16:31 - 2014-05-29 14:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 16:06 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-05-29 16:06 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-05-29 16:06 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 15:57 - 2014-05-29 15:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-29 15:55 - 2014-05-29 15:55 - 02347384 _____ (ESET) C:\Users\******\Desktop\esetsmartinstaller_deu.exe
2014-05-29 15:52 - 2014-05-29 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-29 15:51 - 2014-05-29 15:50 - 00002040 _____ () C:\Users\******\Desktop\Rkill.txt
2014-05-29 15:50 - 2014-05-29 15:50 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\******\Downloads\rkill.com
2014-05-29 15:48 - 2014-05-29 15:48 - 01016261 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2014-05-29 15:43 - 2014-05-29 15:33 - 00000000 ____D () C:\AdwCleaner
2014-05-29 15:42 - 2014-05-29 15:42 - 00003026 _____ () C:\Users\******\Desktop\AdwCleaner[S1].txt
2014-05-29 15:42 - 2014-05-29 14:33 - 00000000 ____D () C:\Users\******\Documents\Mein Steuer-Sparbuch Heute
2014-05-29 15:39 - 2014-05-29 14:54 - 00000650 _____ () C:\Windows\PFRO.log
2014-05-29 15:31 - 2014-05-29 15:31 - 01327971 _____ () C:\Users\******\Desktop\adwcleaner_3.211.exe
2014-05-29 15:12 - 2014-05-29 15:12 - 02066944 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-05-29 14:55 - 2014-02-28 15:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-29 14:52 - 2014-05-29 14:52 - 00001989 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-05-29 14:52 - 2014-02-28 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-29 14:51 - 2014-05-29 14:51 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-29 14:51 - 2014-05-29 14:51 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-29 14:49 - 2014-05-29 14:49 - 133421120 _____ (AVAST Software) C:\Users\******\Downloads\avast_internet_security_setup.exe
2014-05-29 14:44 - 2014-02-28 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-29 14:44 - 2014-02-28 15:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-29 14:37 - 2014-05-29 14:37 - 00000000 ____D () C:\NVIDIA
2014-05-29 14:34 - 2014-05-29 14:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-29 14:33 - 2014-02-28 16:19 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-29 14:33 - 2014-02-28 16:19 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-29 14:31 - 2014-05-29 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-29 14:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-20 04:44 - 2014-05-29 14:40 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-05-29 14:40 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-20 04:44 - 2014-02-28 15:40 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-20 04:44 - 2014-02-28 15:40 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-20 04:44 - 2013-10-27 10:12 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 03:25 - 2014-02-28 15:40 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2014-02-28 15:40 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2014-02-28 15:40 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2014-02-28 15:40 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2014-02-28 15:40 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2014-02-28 15:40 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-20 01:10 - 2014-05-29 14:44 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-19 18:52 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\******\AppData\Roaming\Security Systems
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\******\AppData\Roaming\Foxit Software
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-05-19 18:47 - 2014-05-19 18:47 - 00386904 _____ (Softonic ) C:\Users\******\Downloads\SoftonicDownloader_fuer_foxit-reader.exe
2014-05-19 18:31 - 2014-05-19 18:31 - 00000000 ____D () C:\Users\******\Documents\Steuer-Sparbuch
2014-05-19 18:00 - 2014-05-19 18:00 - 00000000 _____ () C:\Users\******\Sti_Trace.log
2014-05-19 16:11 - 2014-05-19 15:10 - 00000622 _____ () C:\Windows\wiso.ini
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\Users\******\AppData\Roaming\Buhl Data Service
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\Users\******\AppData\Local\Buhl Data Service
2014-05-19 15:58 - 2014-05-19 15:10 - 00000000 ____D () C:\Users\******\AppData\Local\Buhl
2014-05-19 15:56 - 2014-02-28 18:41 - 00000000 ____D () C:\Users\******\AppData\Roaming\AIMP3
2014-05-19 15:56 - 2014-02-28 14:43 - 00000000 ____D () C:\Windows\Panther
2014-05-19 15:32 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\******\AppData\Roaming\Samsung
2014-05-19 15:32 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\******\AppData\Local\Samsung
2014-05-19 15:32 - 2014-05-19 15:14 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-19 15:32 - 2014-05-19 15:14 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-05-19 15:32 - 2014-02-28 15:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-19 15:30 - 2014-05-19 15:30 - 04745984 _____ (Piriform Ltd) C:\Users\******\Downloads\ccsetup413.exe
2014-05-19 15:19 - 2014-05-19 15:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-19 15:19 - 2014-05-19 15:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-05-19 15:16 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\******\Documents\samsung
2014-05-19 15:16 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-19 15:15 - 2014-05-19 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-05-19 15:15 - 2014-05-19 15:15 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-05-19 15:13 - 2014-05-19 15:13 - 00000000 ____D () C:\Users\******\AppData\Local\Downloaded Installations
2014-05-19 15:13 - 2014-05-19 15:12 - 75879368 _____ (Samsung Electronics Co., Ltd.) C:\Users\******\Downloads\KiesSetup263.exe
2014-05-19 15:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-19 15:10 - 2014-05-19 15:10 - 00002112 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-05-19 15:10 - 2014-05-19 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-05-19 15:10 - 2014-05-19 15:08 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-05-19 15:09 - 2014-05-19 15:09 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-05-19 14:54 - 2014-05-19 14:54 - 01038704 _____ (Amazon Services LLC) C:\Users\******\Downloads\WISO_Steuer_Sparbuch_2014_für_Steuerjahr_2013_Downloader.exe
2014-05-19 14:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-19 13:32 - 2014-02-28 15:35 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-19 13:32 - 2014-02-28 15:35 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-19 13:32 - 2014-02-28 15:35 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-19 13:30 - 2014-02-28 14:52 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 13:30 - 2014-02-28 14:52 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 13:26 - 2014-05-19 13:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-19 13:24 - 2014-02-28 19:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-19 13:21 - 2014-02-28 19:31 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-19 13:12 - 2014-05-19 13:12 - 00000000 ____D () C:\Windows\Options
2014-05-19 13:12 - 2014-05-19 13:12 - 00000000 ____D () C:\ProgramData\TP-LINK
2014-05-15 01:49 - 2014-02-28 15:40 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-09 08:14 - 2014-05-19 13:19 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-19 13:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 06:40 - 2014-05-29 17:26 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-29 17:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-29 17:26 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-29 17:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-29 17:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-29 17:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\******\AppData\Local\Temp\Foxit Updater.exe
C:\Users\******\AppData\Local\Temp\FoxySecuritySetup.exe
C:\Users\******\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\******\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\******\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\******\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 13:58

==================== End Of Log ============================
--- --- ---

--- --- ---


weiter gehts mit:

Ausgabe JRT:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by ****** at 2014-05-29 15:20:03
Running from C:\Users\******\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.14 - ASUSTeK)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1338, 31.01.2014 - AIMP DevTeam)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Browser Configuration Utility (HKLM-x32\...\{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}) (Version: 1.0.12.1 - DeviceVM, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
EPSON Attach To Email (HKLM-x32\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (x32 Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 1.80.00 - )
EPSON File Manager (HKLM-x32\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON PERFECTION V200 PHOTO Handbuch (HKLM-x32\...\EPSON PERFECTION V200 PHOTO Benutzerhandbuch) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM-x32\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.11.00 - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Foxy Security (HKLM-x32\...\Foxy Security) (Version:  - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7129 - MyHeritage.com)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{388B9059-5A66-41C5-9537-FDD8565AE011}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Restore Points  =========================

19-04-2014 19:43:07 Windows Update
19-05-2014 11:20:17 Windows Update
19-05-2014 13:08:59 Installiert WISO Steuer-Sparbuch 2014
19-05-2014 13:13:53 Installed Samsung Kies
19-05-2014 13:31:58 Removed Samsung Kies
19-05-2014 16:58:38 Windows Update
29-05-2014 12:37:49 Windows Update
29-05-2014 12:49:52 avast! antivirus system restore point
29-05-2014 12:51:48 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1EEC61A9-E197-4395-A59B-7AE3BF653C3C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {462A7822-E95C-4794-8DC2-B19277BDE2F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {4B65EB41-E310-4431-8CBA-207B96C16FB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-28] (Google Inc.)
Task: {7B85B6D5-1500-4BE4-8330-88FC47A7DF03} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-19] (AVAST Software)
Task: {D7A6FDA7-CC37-4002-B027-4C70BE1D6495} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-28] (Google Inc.)
Task: {D95672CA-3504-4D29-BF6D-6A53818CE151} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-29] (Adobe Systems Incorporated)
Task: {F8BC2DFC-3BE1-4F4E-8328-AA0B44BF3F39} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-28 15:40 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-11-03 11:30 - 2010-11-03 11:30 - 00918144 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
2010-12-02 04:15 - 2010-12-02 04:15 - 00915584 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
2014-02-28 15:23 - 2010-10-21 11:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2014-05-19 15:09 - 2014-04-23 15:03 - 01430320 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2014-05-29 14:33 - 2014-05-29 14:33 - 02259456 _____ () C:\Program Files\AVAST Software\Avast\defs\14052900\algo.dll
2014-02-28 15:23 - 2014-05-29 14:54 - 00019456 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2014-02-28 15:23 - 2010-06-29 04:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 09787184 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 00035632 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 00309040 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 00322864 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-05-19 15:09 - 2014-04-23 15:04 - 03807024 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 00136496 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 02703152 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 02001200 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 01929520 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 04321072 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-05-19 15:09 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-05-19 15:09 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-05-19 15:09 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 01562928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 05154096 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 01691440 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 01807152 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 01626416 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 01115440 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 01329456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 01257264 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 07326512 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 01285936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-05-19 15:09 - 2014-04-23 15:03 - 01330480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2014-05-19 18:52 - 2014-05-19 18:52 - 00374272 _____ () C:\Users\******\AppData\Roaming\BupSystem\sub\default.dll
2009-07-31 22:39 - 2009-07-31 22:39 - 00503202 _____ () C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
2014-02-28 15:35 - 2014-02-28 15:35 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-28 15:23 - 2010-12-02 18:28 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2014-02-28 15:23 - 2010-06-21 16:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2014-02-28 15:23 - 2009-08-12 21:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2014-02-28 15:23 - 2011-02-17 12:10 - 01035776 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2014-02-28 15:23 - 2010-11-19 11:53 - 00963584 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2014-02-28 15:24 - 2010-12-01 13:33 - 01244672 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2014-02-28 15:24 - 2011-01-06 11:38 - 01027072 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2014-02-28 15:23 - 2010-09-27 21:51 - 00881664 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2014-02-28 15:23 - 2010-09-27 21:51 - 01607168 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2014-02-28 15:23 - 2010-11-19 11:55 - 01246208 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2014-02-28 15:23 - 2010-08-06 19:11 - 00850944 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2014-02-28 15:23 - 2010-08-06 19:13 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2014-02-28 15:23 - 2010-08-23 04:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll
2014-02-28 15:23 - 2010-06-21 16:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
2014-04-19 22:28 - 2014-04-19 22:28 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-29 14:33 - 2014-05-29 14:33 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2014 02:55:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2014 02:41:54 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "H:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (05/29/2014 02:32:21 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/29/2014 02:32:21 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/29/2014 02:32:21 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/29/2014 02:32:21 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (05/29/2014 02:32:20 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/29/2014 02:32:20 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/29/2014 02:32:20 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/29/2014 02:32:19 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (05/29/2014 02:54:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (05/29/2014 02:32:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/29/2014 02:32:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (05/29/2014 02:31:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (05/19/2014 06:59:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (05/19/2014 06:52:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "BUP Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/19/2014 06:51:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Foxit Cloud Safe Update Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/19/2014 03:12:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (05/19/2014 02:40:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (05/19/2014 02:39:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}


Microsoft Office Sessions:
=========================
Error: (05/29/2014 02:55:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2014 02:41:54 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: H:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (05/29/2014 02:32:21 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/29/2014 02:32:21 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/29/2014 02:32:21 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/29/2014 02:32:21 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (05/29/2014 02:32:20 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (05/29/2014 02:32:20 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/29/2014 02:32:20 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (05/29/2014 02:32:19 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 4077.25 MB
Available physical RAM: 2434.75 MB
Total Pagefile: 8152.67 MB
Available Pagefile: 6190.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System-reserviert) (Fixed) (Total:515.79 GB) (Free:464.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:159.09 GB) (Free:158.96 GB) NTFS
Drive e: (Volume) (Fixed) (Total:256.63 GB) (Free:256.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: BB3026DC)
Partition 1: (Active) - (Size=516 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=159 GB) - (Type=05)
Partition 3: (Not Active) - (Size=257 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Die Ausgabe von GMER muss ich noch zippen und hochladen, weil sie zu groß ist und dass kriege ich jetzt nicht so schnell hin, aber ich hoffe, dass das heute noch klappt:crazy:

Santana 29.05.2014 18:42
Hier die Ausgabe von GMER als Zip-Datei im Anhang. Ich hoffe, dass das klappt; bin nicht gerade der Superuser;):crazy:

Vielen Dank schon mal im voraus für Eure Unterstützung bei der Lösung des Problems.

Es grüßt Santana

Santana 29.05.2014 19:02
Fast hätte ich das vergessen, hier ist das Ergebnis von

Eset:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=dafdc59e5069554784c429d4f043f0c6
# engine=18459
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-29 03:22:23
# local_time=2014-05-29 05:22:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 97 8889 7786027 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 6201 153006793 0 0
# scanned=163967
# found=3
# cleaned=0
# scan_time=4757
sh=B89EA0A2A74BF83394E3734F9C77A22345942043 ft=1 fh=2ce87ed2e8380392 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\++++++\Downloads\SoftonicDownloader_fuer_foxit-reader.exe"
sh=9AE45158D5CE5A4EAB834877A9B0AEAB284B7BFD ft=0 fh=0000000000000000 vn="Win32/TrojanNotifier.Small.A Trojaner" ac=I fn="H:\LwC\Users\Chefin\Downloads\FireDLL.dll.gz"
sh=C1FEF49C4D78D962BEB4E6CF060DEFCFF77DBF8D ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="H:\SANTANA-THINK\Backup Set 2013-02-10 194514\Backup Files 2013-02-10 194514\Backup files 1.zip"

schrauber 30.05.2014 15:02
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Santana 30.05.2014 21:56
Hi Schrauber,

habe gerade erst meine E-Mails gescheckt, deshalb melde ich mich erst jetzt. Danke, dass Du mich bei dem Problem unterstützt.

Hier die Ausgabe von Combofix

Code:
Combofix Logfile:

       
Code:

       
ComboFix 14-05-29.01 - ****** 30.05.2014  22:29:52.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4077.1958 [GMT 2:00]
ausgeführt von:: c:\users\******\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
H:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-28 bis 2014-05-30  ))))))))))))))))))))))))))))))
.
.
2014-05-30 20:33 . 2014-05-30 20:33        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-05-30 12:30 . 2014-04-30 23:20        10702536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDB9E84A-8F27-4B71-AC5E-5873D6F2257A}\mpengine.dll
2014-05-30 12:28 . 2014-05-30 12:28        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2014-05-30 12:28 . 2014-05-30 12:28        --------        d-----w-        c:\program files (x86)\Common Files\Java
2014-05-30 12:27 . 2014-05-30 12:27        313256        ----a-w-        c:\windows\system32\javaws.exe
2014-05-30 12:27 . 2014-05-30 12:27        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-30 12:27 . 2014-05-30 12:27        191400        ----a-w-        c:\windows\system32\javaw.exe
2014-05-30 12:27 . 2014-05-30 12:27        190888        ----a-w-        c:\windows\system32\java.exe
2014-05-30 12:27 . 2014-05-30 12:27        --------        d-----w-        c:\program files\Java
2014-05-29 17:07 . 2014-05-29 17:07        --------        d-----w-        c:\program files (x86)\7-Zip
2014-05-29 15:26 . 2014-05-06 04:40        23544320        ----a-w-        c:\windows\system32\mshtml.dll
2014-05-29 15:26 . 2014-05-06 03:00        84992        ----a-w-        c:\windows\system32\mshtmled.dll
2014-05-29 15:26 . 2014-05-06 04:17        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-05-29 15:26 . 2014-05-06 03:07        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-05-29 14:57 . 2014-05-29 14:57        --------        d-----w-        c:\program files (x86)\FileHippo.com
2014-05-29 14:52 . 2014-05-29 14:52        --------        d-sh--w-        c:\users\******\AppData\Local\EmieUserList
2014-05-29 14:52 . 2014-05-29 14:52        --------        d-sh--w-        c:\users\******\AppData\Local\EmieSiteList
2014-05-29 14:46 . 2014-05-29 14:46        --------        d-----w-        c:\users\******\AppData\Roaming\Nero
2014-05-29 14:45 . 2014-05-29 14:45        --------        d-----w-        c:\program files (x86)\Common Files\Nero
2014-05-29 14:44 . 2014-05-29 14:45        --------        d-----w-        c:\program files (x86)\Nero
2014-05-29 14:44 . 2014-05-29 14:46        --------        d-----w-        c:\programdata\Nero
2014-05-29 13:57 . 2014-05-29 13:57        --------        d-----w-        c:\program files (x86)\ESET
2014-05-29 13:33 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\SysWow64\sqlite3.dll
2014-05-29 13:33 . 2014-05-29 15:56        --------        d-----w-        C:\AdwCleaner
2014-05-29 13:19 . 2014-05-29 15:52        --------        d-----w-        C:\FRST
2014-05-29 12:51 . 2014-05-29 12:51        28184        ----a-w-        c:\windows\system32\drivers\aswKbd.sys
2014-05-29 12:51 . 2014-05-29 12:51        447888        ----a-w-        c:\windows\system32\drivers\aswNdisFlt.sys
2014-05-29 12:44 . 2014-05-19 23:10        601432        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2014-05-29 12:37 . 2014-05-29 12:37        --------        d-----w-        C:\NVIDIA
2014-05-19 16:58 . 2014-03-06 08:59        66048        ----a-w-        c:\windows\system32\iesetup.dll
2014-05-19 16:51 . 2014-05-19 16:52        --------        d-----w-        c:\users\******\AppData\Roaming\Security Systems
2014-05-19 16:51 . 2014-05-19 16:51        --------        d-----w-        c:\users\Public\Foxit Software
2014-05-19 16:51 . 2014-05-19 16:51        --------        d-----w-        c:\users\******\AppData\Roaming\Foxit Software
2014-05-19 16:51 . 2014-05-19 16:51        --------        d-----w-        c:\program files (x86)\Foxit Software
2014-05-19 14:06 . 2014-05-19 14:06        --------        d-----w-        c:\users\******\AppData\Roaming\Buhl Data Service
2014-05-19 14:06 . 2014-05-19 14:06        --------        d-----w-        c:\users\******\AppData\Local\Buhl Data Service
2014-05-19 13:16 . 2014-05-19 13:32        --------        d-----w-        c:\users\******\AppData\Local\Samsung
2014-05-19 13:16 . 2014-05-19 13:32        --------        d-----w-        c:\users\******\AppData\Roaming\Samsung
2014-05-19 13:15 . 2014-04-11 08:39        708168        ----a-w-        c:\windows\system32\WinUSBCoInstaller.dll
2014-05-19 13:15 . 2014-04-11 08:39        1490656        ----a-w-        c:\windows\system32\WdfCoInstaller01007.dll
2014-05-19 13:15 . 2014-04-11 08:39        206080        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2014-05-19 13:15 . 2014-04-11 08:39        110336        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2014-05-19 13:15 . 2014-05-19 13:15        --------        d-----w-        c:\program files (x86)\MyFree Codec
2014-05-19 13:14 . 2013-12-30 08:53        144664        ----a-w-        c:\windows\SysWow64\secman.dll
2014-05-19 13:14 . 2013-12-30 08:53        4659712        ----a-w-        c:\windows\SysWow64\Redemption.dll
2014-05-19 13:14 . 2014-05-19 13:32        --------        d-----w-        c:\program files (x86)\Samsung
2014-05-19 13:14 . 2014-05-19 13:32        --------        d-----w-        c:\programdata\Samsung
2014-05-19 13:13 . 2014-05-19 13:13        --------        d-----w-        c:\users\******\AppData\Local\Downloaded Installations
2014-05-19 13:10 . 2014-05-19 13:58        --------        d-----w-        c:\users\******\AppData\Local\Buhl
2014-05-19 13:09 . 2014-05-19 13:09        --------        d-----w-        c:\program files (x86)\WISO
2014-05-19 13:08 . 2014-05-19 13:10        --------        d-----w-        c:\programdata\Buhl Data Service GmbH
2014-05-19 11:26 . 2014-05-19 11:26        --------        d-s---w-        c:\windows\system32\CompatTel
2014-05-19 11:18 . 2014-03-04 14:35        1885472        ----a-w-        c:\windows\system32\nvdispco6433523.dll
2014-05-19 11:18 . 2014-03-04 14:35        1516488        ----a-w-        c:\windows\system32\nvdispgenco6433523.dll
2014-05-19 11:12 . 2014-05-19 11:12        --------        d-----w-        c:\windows\Options
2014-05-19 11:12 . 2010-01-05 17:23        1847296        ----a-w-        c:\windows\system32\drivers\athurx.sys
2014-05-19 11:12 . 2010-01-05 17:23        1847296        ----a-r-        c:\windows\system32\athurx.sys
2014-05-19 11:12 . 2014-05-19 11:12        --------        d-----w-        c:\programdata\TP-LINK
2014-05-19 11:08 . 2014-05-19 11:08        --------        d-----w-        c:\users\******\AppData\Local\Diagnostics
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-29 12:33 . 2014-02-28 14:19        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-29 12:33 . 2014-02-28 14:19        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-20 02:44 . 2014-02-28 15:36        952952        ----a-w-        c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2014-02-28 15:36        3109248        ----a-w-        c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2014-02-28 15:36        2730208        ----a-w-        c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2014-02-28 15:36        18531568        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2014-02-28 15:36        16003912        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-02-28 15:36        14434704        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2014-02-28 13:40        61216        ----a-w-        c:\windows\system32\OpenCL.dll
2014-05-20 02:44 . 2014-02-28 13:40        52056        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2014-05-20 01:25 . 2014-02-28 13:40        6769096        ----a-w-        c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2014-02-28 13:40        3514144        ----a-w-        c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2014-02-28 13:40        927520        ----a-w-        c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2014-02-28 13:40        62808        ----a-w-        c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2014-02-28 13:40        387528        ----a-w-        c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2014-02-28 13:40        2560968        ----a-w-        c:\windows\system32\nvsvcr.dll
2014-05-19 11:32 . 2014-02-28 13:35        423240        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-05-19 11:32 . 2014-02-28 13:35        1039096        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2014-05-19 11:32 . 2014-02-28 13:35        85328        ----a-w-        c:\windows\system32\drivers\aswstm.sys
2014-05-19 11:21 . 2014-02-28 17:31        93223848        ----a-w-        c:\windows\system32\MRT.exe
2014-05-14 23:49 . 2014-02-28 13:40        3774821        ----a-w-        c:\windows\system32\nvcoproc.bin
2014-04-19 19:32 . 2014-04-19 19:32        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-04-19 19:32 . 2014-02-28 13:35        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-04-19 19:32 . 2014-02-28 13:35        208416        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-04-19 19:32 . 2014-02-28 13:35        79184        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-04-19 19:32 . 2014-02-28 13:35        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-04-19 19:32 . 2014-02-28 13:35        334648        ----a-w-        c:\windows\system32\aswBoot.exe
2014-04-19 19:31 . 2014-04-19 19:31        43152        ----a-w-        c:\windows\avastSS.scr
2014-03-31 07:35 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-03-04 09:44 . 2014-04-19 19:42        362496        ----a-w-        c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-19 19:42        243712        ----a-w-        c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-19 19:42        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-19 19:42        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-19 19:42        1163264        ----a-w-        c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-19 19:42        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-19 19:42        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-19 19:42        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-19 19:42        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-19 19:42        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-19 19:42        2048        ----a-w-        c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-29 3888648]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-02-03 2092032]
"NBAgent"="c:\program files (x86)\Nero\Nero 2014\Nero BackItUp\NBAgent.exe" [2014-05-10 2037072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-17 224128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"20140529"="c:\program files\AVAST Software\Avast\setup\emupdate\e9f3a4f8-c6bb-4ba5-ad81-577002a5bdf5.exe" [2014-05-30 183208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-28 12:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-19 19:32        290888        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fde.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - www.zeit.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-30  22:35:33
ComboFix-quarantined-files.txt  2014-05-30 20:35
.
Vor Suchlauf: 12 Verzeichnis(se), 494.550.089.728 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 494.230.175.744 Bytes frei
.
- - End Of File - - 997692187A8C0480039028CCEAFBD06D

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber 31.05.2014 15:42
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Santana 31.05.2014 16:36
Hallo Schrauber,

auf geht's

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 31.05.2014
Suchlauf-Zeit: 16:50:43
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.31.05
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ******

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 264729
Verstrichene Zeit: 4 Min, 24 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 4
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}, In Quarantäne, [61901a3d9fdc989e40c2281c29d93ec2],
Trojan.BHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}, In Quarantäne, [61901a3d9fdc989e40c2281c29d93ec2],
Trojan.BHO, HKU\S-1-5-21-3492184576-273459616-3862360488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}, In Quarantäne, [61901a3d9fdc989e40c2281c29d93ec2],
Trojan.BHO, HKU\S-1-5-21-3492184576-273459616-3862360488-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}, In Quarantäne, [61901a3d9fdc989e40c2281c29d93ec2],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 2
Trojan.BHO, C:\Users\******\AppData\LocalLow\systems ie bho\bho.dll, In Quarantäne, [61901a3d9fdc989e40c2281c29d93ec2],
PUP.Optional.Softonic.A, C:\Users\******\Downloads\SoftonicDownloader_fuer_foxit-reader.exe, In Quarantäne, [35bc0c4ba5d68ea8024676ab1ee36e92],

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by ****** on 31.05.2014 at 17:17:37,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3492184576-273459616-3862360488-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\3ybwinz6.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2014 at 17:22:22,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
# AdwCleaner v3.211 - Bericht erstellt am 31/05/2014 um 17:11:02
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ****** - ******-PC
# Gestartet von : C:\Users\******\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3029 octets] - [29/05/2014 15:33:13]
AdwCleaner[R1].txt - [3118 octets] - [29/05/2014 15:35:33]
AdwCleaner[R2].txt - [1182 octets] - [29/05/2014 15:43:05]
AdwCleaner[R3].txt - [1171 octets] - [29/05/2014 17:55:44]
AdwCleaner[R4].txt - [1231 octets] - [31/05/2014 17:09:54]
AdwCleaner[S0].txt - [354 octets] - [29/05/2014 15:34:49]
AdwCleaner[S1].txt - [3026 octets] - [29/05/2014 15:35:51]
AdwCleaner[S2].txt - [1153 octets] - [31/05/2014 17:11:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1213 octets] ##########
und das frische FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by ****** (administrator) on REGINA-PC on 31-05-2014 17:26:59
Running from C:\Users\******\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-29] (AVAST Software)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBAgent.exe [2037072 2014-05-10] (Nero AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKU\S-1-5-21-3492184576-273459616-3862360488-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {33CA35C9-04D0-45af-AED5-A938D3EAE75E} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
SearchScopes: HKCU - {AAE7B4C9-BB83-402c-A0E3-C282FD18D9A8} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: www.zeit.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Foxy Security - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\sys@foxysecurity.com [2014-05-29]
FF Extension: Ghostery - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\firefox@ghostery.com.xpi [2014-02-28]
FF Extension: DuckDuckGo Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-03-02]
FF Extension: Deutsch (DE) Language Pack - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-05-29]
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-02]
FF Extension: BetterPrivacy - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-03-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-28]

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-19] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-29] (AVAST Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
R2 NBService; C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe [265552 2014-05-10] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-19] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-05-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-19] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-19] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-19] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2010-05-20] (Windows (R) Codename Longhorn DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-31 17:26 - 2014-05-31 17:26 - 00011442 _____ () C:\Users\******\Desktop\FRST.txt
2014-05-31 17:22 - 2014-05-31 17:23 - 00001557 _____ () C:\Users\******\Desktop\JRT.txt
2014-05-31 17:17 - 2014-05-31 17:17 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 17:16 - 2014-05-31 17:16 - 00001293 _____ () C:\Users\******\Desktop\AdwCleaner.txt
2014-05-31 17:07 - 2014-05-31 17:08 - 00002205 _____ () C:\Users\******\Desktop\mbam.txt
2014-05-31 16:49 - 2014-05-31 17:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 16:48 - 2014-05-31 16:48 - 00001119 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-31 16:48 - 2014-05-31 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-31 16:48 - 2014-05-31 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-31 16:48 - 2014-05-31 16:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-31 16:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-31 16:48 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-31 16:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-31 16:47 - 2014-05-31 16:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-30 22:35 - 2014-05-30 22:35 - 00018270 _____ () C:\ComboFix.txt
2014-05-30 22:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-30 22:29 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-30 22:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-30 22:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-30 22:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-30 22:29 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-30 22:29 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-30 22:29 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-30 22:28 - 2014-05-30 22:35 - 00000000 ____D () C:\Qoobox
2014-05-30 22:28 - 2014-05-30 22:34 - 00000000 ____D () C:\Windows\erdnt
2014-05-30 22:26 - 2014-05-30 22:26 - 05203398 ____R (Swearware) C:\Users\******\Desktop\ComboFix.exe
2014-05-30 14:28 - 2014-05-30 14:28 - 22155104 _____ (Mozilla) C:\Users\******\Downloads\Thunderbird Setup 24.5.0.exe
2014-05-30 14:28 - 2014-05-30 14:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-30 14:27 - 2014-05-30 14:27 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-30 14:27 - 2014-05-30 14:27 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-30 14:27 - 2014-05-30 14:27 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-30 14:27 - 2014-05-30 14:27 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-30 14:27 - 2014-05-30 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-30 14:27 - 2014-05-30 14:27 - 00000000 ____D () C:\Program Files\Java
2014-05-30 14:26 - 2014-05-30 14:26 - 34131368 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-8u5-windows-x64(1).exe
2014-05-29 19:37 - 2014-05-29 19:37 - 00000168 _____ () C:\Users\******\Desktop\defogger_reenable.zip
2014-05-29 19:37 - 2014-05-29 19:37 - 00000168 _____ () C:\Users\******\defogger_reenable.zip
2014-05-29 19:07 - 2014-05-29 19:07 - 01110476 _____ () C:\Users\******\Downloads\7z920(2).exe
2014-05-29 19:07 - 2014-05-29 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-29 19:07 - 2014-05-29 19:07 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-29 18:56 - 2014-05-29 18:56 - 01110476 _____ () C:\Users\******\Downloads\7z920(1).exe
2014-05-29 18:44 - 2014-05-29 18:44 - 01110476 _____ () C:\Users\******\Downloads\7z920.exe
2014-05-29 18:26 - 2014-05-29 18:27 - 00289308 _____ () C:\Users\******\Desktop\defogger_disable.log
2014-05-29 18:00 - 2014-05-29 18:00 - 00380416 _____ () C:\Users\******\Downloads\Gmer-19357.exe
2014-05-29 17:26 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-29 17:26 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-29 17:26 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-29 17:26 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-29 17:26 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-29 17:26 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-29 17:24 - 2014-05-29 17:25 - 00000474 _____ () C:\Users\******\Downloads\defogger_disable.log
2014-05-29 17:24 - 2014-05-29 17:24 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-05-29 17:22 - 2014-05-29 17:22 - 00050477 _____ () C:\Users\******\Downloads\Defogger.exe
2014-05-29 17:04 - 2014-05-29 17:04 - 00001375 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-05-29 17:04 - 2014-05-29 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-29 17:02 - 2014-05-29 17:03 - 34131368 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-8u5-windows-x64.exe
2014-05-29 17:01 - 2014-05-29 17:01 - 39187992 _____ (Foxit Corporation ) C:\Users\******\Downloads\FoxitReader620.0429_enu_Setup.exe
2014-05-29 16:59 - 2014-05-29 16:59 - 00000922 _____ () C:\Users\Public\Desktop\AIMP3.lnk
2014-05-29 16:59 - 2014-05-29 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2014-05-29 16:58 - 2014-05-29 16:58 - 07681400 _____ (AIMP DevTeam) C:\Users\******\Downloads\aimp_3.55.1345.exe
2014-05-29 16:57 - 2014-05-29 16:57 - 00264757 _____ () C:\Users\******\Downloads\FHSetup.exe
2014-05-29 16:57 - 2014-05-29 16:57 - 00002016 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-05-29 16:57 - 2014-05-29 16:57 - 00001986 _____ () C:\Users\******\Desktop\Update Checker.lnk
2014-05-29 16:57 - 2014-05-29 16:57 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieUserList
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieSiteList
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 ____D () C:\Windows\pss
2014-05-29 16:49 - 2014-05-29 16:49 - 04748896 _____ (Piriform Ltd) C:\Users\******\Downloads\ccsetup414.exe
2014-05-29 16:47 - 2014-05-29 16:47 - 00003488 _____ () C:\Windows\System32\Tasks\****** NBAgent 15 0
2014-05-29 16:47 - 2014-05-29 16:47 - 00000000 ____D () C:\Users\******\Documents\Nero BackItUp Device Backup
2014-05-29 16:46 - 2014-05-29 16:46 - 00000000 ____D () C:\Users\******\AppData\Roaming\Nero
2014-05-29 16:45 - 2014-05-29 16:45 - 00002665 _____ () C:\Users\Public\Desktop\Nero BackItUp 2014.lnk
2014-05-29 16:45 - 2014-05-29 16:45 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-05-29 16:44 - 2014-05-29 16:46 - 00000000 ____D () C:\ProgramData\Nero
2014-05-29 16:44 - 2014-05-29 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-05-29 16:44 - 2014-05-29 16:45 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-05-29 16:43 - 2014-05-29 16:43 - 42441496 _____ (Nero AG) C:\Users\******\Downloads\Nero_BackItUp2014-15.0.04200_free.exe
2014-05-29 15:57 - 2014-05-29 15:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-29 15:55 - 2014-05-29 15:55 - 02347384 _____ (ESET) C:\Users\******\Desktop\esetsmartinstaller_deu.exe
2014-05-29 15:52 - 2014-05-29 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-29 15:50 - 2014-05-29 15:51 - 00002040 _____ () C:\Users\******\Desktop\Rkill.txt
2014-05-29 15:50 - 2014-05-29 15:50 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\******\Downloads\rkill.com
2014-05-29 15:48 - 2014-05-29 15:48 - 01016261 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2014-05-29 15:33 - 2014-05-31 17:11 - 00000000 ____D () C:\AdwCleaner
2014-05-29 15:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-29 15:31 - 2014-05-29 15:31 - 01327971 _____ () C:\Users\******\Desktop\adwcleaner_3.211.exe
2014-05-29 15:19 - 2014-05-31 17:26 - 00000000 ____D () C:\FRST
2014-05-29 15:19 - 2014-05-29 16:40 - 00049629 _____ () C:\Users\******\Downloads\FRST.txt
2014-05-29 15:12 - 2014-05-29 15:12 - 02066944 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-05-29 14:54 - 2014-05-31 17:12 - 00002962 _____ () C:\Windows\PFRO.log
2014-05-29 14:52 - 2014-05-29 14:52 - 00001989 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-05-29 14:51 - 2014-05-29 14:51 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-29 14:51 - 2014-05-29 14:51 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-29 14:49 - 2014-05-29 14:49 - 133421120 _____ (AVAST Software) C:\Users\******\Downloads\avast_internet_security_setup.exe
2014-05-29 14:44 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-29 14:40 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-29 14:40 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-29 14:37 - 2014-05-29 14:37 - 00000000 ____D () C:\NVIDIA
2014-05-29 14:34 - 2014-05-31 16:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 14:34 - 2014-05-29 14:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-29 14:33 - 2014-05-29 15:42 - 00000000 ____D () C:\Users\******\Documents\Mein Steuer-Sparbuch Heute
2014-05-29 14:31 - 2014-05-31 17:14 - 00002260 _____ () C:\Windows\setupact.log
2014-05-29 14:31 - 2014-05-29 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-19 18:59 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-19 18:59 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-19 18:59 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-19 18:59 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-19 18:59 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-19 18:59 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-19 18:59 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-19 18:59 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-19 18:59 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-19 18:59 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-19 18:59 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-19 18:59 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-19 18:59 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-19 18:59 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-19 18:59 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-19 18:59 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-19 18:59 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-19 18:59 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-19 18:59 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-19 18:58 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-19 18:58 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-19 18:58 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-19 18:58 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-19 18:58 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-19 18:58 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-19 18:58 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-19 18:58 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-19 18:58 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-19 18:58 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-19 18:58 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-19 18:58 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-19 18:58 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-19 18:58 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-19 18:58 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-19 18:58 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-19 18:58 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-19 18:58 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-19 18:58 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-19 18:58 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-19 18:58 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-19 18:58 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-19 18:58 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-19 18:58 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-19 18:58 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-19 18:51 - 2014-05-19 18:52 - 00000000 ____D () C:\Users\******\AppData\Roaming\Security Systems
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\******\AppData\Roaming\Foxit Software
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-05-19 18:31 - 2014-05-19 18:31 - 00000000 ____D () C:\Users\******\Documents\Steuer-Sparbuch
2014-05-19 18:00 - 2014-05-19 18:00 - 00000000 _____ () C:\Users\******\Sti_Trace.log
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\Users\******\AppData\Roaming\Buhl Data Service
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\Users\******\AppData\Local\Buhl Data Service
2014-05-19 15:30 - 2014-05-19 15:30 - 04745984 _____ (Piriform Ltd) C:\Users\******\Downloads\ccsetup413.exe
2014-05-19 15:19 - 2014-05-19 15:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-19 15:19 - 2014-05-19 15:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-05-19 15:16 - 2014-05-19 15:32 - 00000000 ____D () C:\Users\******\AppData\Roaming\Samsung
2014-05-19 15:16 - 2014-05-19 15:32 - 00000000 ____D () C:\Users\******\AppData\Local\Samsung
2014-05-19 15:16 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\******\Documents\samsung
2014-05-19 15:16 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-19 15:15 - 2014-05-19 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-05-19 15:15 - 2014-04-11 10:39 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-05-19 15:15 - 2014-04-11 10:39 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-05-19 15:15 - 2014-04-11 10:39 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-05-19 15:15 - 2014-04-11 10:39 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-05-19 15:14 - 2014-05-19 15:32 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-19 15:14 - 2014-05-19 15:32 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-05-19 15:14 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-05-19 15:14 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-05-19 15:13 - 2014-05-19 15:13 - 00000000 ____D () C:\Users\******\AppData\Local\Downloaded Installations
2014-05-19 15:12 - 2014-05-19 15:13 - 75879368 _____ (Samsung Electronics Co., Ltd.) C:\Users\******\Downloads\KiesSetup263.exe
2014-05-19 15:10 - 2014-05-19 16:11 - 00000622 _____ () C:\Windows\wiso.ini
2014-05-19 15:10 - 2014-05-19 15:58 - 00000000 ____D () C:\Users\******\AppData\Local\Buhl
2014-05-19 15:10 - 2014-05-19 15:10 - 00002112 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-05-19 15:10 - 2014-05-19 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-05-19 15:09 - 2014-05-19 15:09 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-05-19 15:08 - 2014-05-19 15:10 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-05-19 14:54 - 2014-05-19 14:54 - 01038704 _____ (Amazon Services LLC) C:\Users\******\Downloads\WISO_Steuer_Sparbuch_2014_für_Steuerjahr_2013_Downloader.exe
2014-05-19 13:26 - 2014-05-19 13:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-19 13:19 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-19 13:19 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-19 13:19 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-19 13:19 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-19 13:19 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-19 13:19 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-19 13:19 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-19 13:19 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-19 13:19 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-19 13:19 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-19 13:19 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-19 13:19 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-19 13:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-19 13:19 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-19 13:19 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-19 13:19 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-19 13:19 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-19 13:19 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-19 13:19 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-19 13:19 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-19 13:18 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-19 13:18 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-19 13:12 - 2014-05-19 13:12 - 00000000 ____D () C:\Windows\Options
2014-05-19 13:12 - 2014-05-19 13:12 - 00000000 ____D () C:\ProgramData\TP-LINK
2014-05-19 13:12 - 2010-05-13 09:58 - 00007484 _____ () C:\Windows\system32\athurextx.cat
2014-05-19 13:12 - 2010-01-05 19:23 - 01847296 ____R (Atheros Communications, Inc.) C:\Windows\system32\athurx.sys
2014-05-19 13:12 - 2010-01-05 19:23 - 01847296 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athurx.sys

==================== One Month Modified Files and Folders =======

2014-05-31 17:27 - 2014-05-31 17:26 - 00011442 _____ () C:\Users\******\Desktop\FRST.txt
2014-05-31 17:26 - 2014-05-29 15:19 - 00000000 ____D () C:\FRST
2014-05-31 17:23 - 2014-05-31 17:22 - 00001557 _____ () C:\Users\******\Desktop\JRT.txt
2014-05-31 17:21 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 17:21 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 17:17 - 2014-05-31 17:17 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 17:16 - 2014-05-31 17:16 - 00001293 _____ () C:\Users\******\Desktop\AdwCleaner.txt
2014-05-31 17:14 - 2014-05-29 14:31 - 00002260 _____ () C:\Windows\setupact.log
2014-05-31 17:12 - 2014-05-29 14:54 - 00002962 _____ () C:\Windows\PFRO.log
2014-05-31 17:12 - 2014-02-28 15:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-31 17:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 17:11 - 2014-05-29 15:33 - 00000000 ____D () C:\AdwCleaner
2014-05-31 17:11 - 2014-02-28 14:47 - 01203378 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 17:08 - 2014-05-31 17:07 - 00002205 _____ () C:\Users\******\Desktop\mbam.txt
2014-05-31 17:04 - 2014-05-31 16:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 16:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2014-05-31 16:48 - 2014-05-31 16:48 - 00001119 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-31 16:48 - 2014-05-31 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-31 16:48 - 2014-05-31 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-31 16:48 - 2014-05-31 16:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-31 16:47 - 2014-05-31 16:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-31 16:31 - 2014-05-29 14:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 23:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-30 22:35 - 2014-05-30 22:35 - 00018270 _____ () C:\ComboFix.txt
2014-05-30 22:35 - 2014-05-30 22:28 - 00000000 ____D () C:\Qoobox
2014-05-30 22:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-30 22:34 - 2014-05-30 22:28 - 00000000 ____D () C:\Windows\erdnt
2014-05-30 22:34 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-30 22:26 - 2014-05-30 22:26 - 05203398 ____R (Swearware) C:\Users\******\Desktop\ComboFix.exe
2014-05-30 22:22 - 2014-02-28 15:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-30 22:20 - 2014-02-28 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-30 14:28 - 2014-05-30 14:28 - 22155104 _____ (Mozilla) C:\Users\******\Downloads\Thunderbird Setup 24.5.0.exe
2014-05-30 14:28 - 2014-05-30 14:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-30 14:27 - 2014-05-30 14:27 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-30 14:27 - 2014-05-30 14:27 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-30 14:27 - 2014-05-30 14:27 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-30 14:27 - 2014-05-30 14:27 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-30 14:27 - 2014-05-30 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-30 14:27 - 2014-05-30 14:27 - 00000000 ____D () C:\Program Files\Java
2014-05-30 14:26 - 2014-05-30 14:26 - 34131368 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-8u5-windows-x64(1).exe
2014-05-29 19:37 - 2014-05-29 19:37 - 00000168 _____ () C:\Users\******\Desktop\defogger_reenable.zip
2014-05-29 19:37 - 2014-05-29 19:37 - 00000168 _____ () C:\Users\******\defogger_reenable.zip
2014-05-29 19:37 - 2014-02-28 14:51 - 00000000 ____D () C:\Users\******
2014-05-29 19:07 - 2014-05-29 19:07 - 01110476 _____ () C:\Users\******\Downloads\7z920(2).exe
2014-05-29 19:07 - 2014-05-29 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-29 19:07 - 2014-05-29 19:07 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-29 18:56 - 2014-05-29 18:56 - 01110476 _____ () C:\Users\******\Downloads\7z920(1).exe
2014-05-29 18:44 - 2014-05-29 18:44 - 01110476 _____ () C:\Users\******\Downloads\7z920.exe
2014-05-29 18:27 - 2014-05-29 18:26 - 00289308 _____ () C:\Users\******\Desktop\defogger_disable.log
2014-05-29 18:00 - 2014-05-29 18:00 - 00380416 _____ () C:\Users\******\Downloads\Gmer-19357.exe
2014-05-29 17:25 - 2014-05-29 17:24 - 00000474 _____ () C:\Users\******\Downloads\defogger_disable.log
2014-05-29 17:24 - 2014-05-29 17:24 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-05-29 17:22 - 2014-05-29 17:22 - 00050477 _____ () C:\Users\******\Downloads\Defogger.exe
2014-05-29 17:04 - 2014-05-29 17:04 - 00001375 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-05-29 17:04 - 2014-05-29 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-29 17:03 - 2014-05-29 17:02 - 34131368 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-8u5-windows-x64.exe
2014-05-29 17:01 - 2014-05-29 17:01 - 39187992 _____ (Foxit Corporation ) C:\Users\******\Downloads\FoxitReader620.0429_enu_Setup.exe
2014-05-29 16:59 - 2014-05-29 16:59 - 00000922 _____ () C:\Users\Public\Desktop\AIMP3.lnk
2014-05-29 16:59 - 2014-05-29 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2014-05-29 16:59 - 2014-02-28 18:41 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2014-05-29 16:58 - 2014-05-29 16:58 - 07681400 _____ (AIMP DevTeam) C:\Users\******\Downloads\aimp_3.55.1345.exe
2014-05-29 16:57 - 2014-05-29 16:57 - 00264757 _____ () C:\Users\******\Downloads\FHSetup.exe
2014-05-29 16:57 - 2014-05-29 16:57 - 00002016 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-05-29 16:57 - 2014-05-29 16:57 - 00001986 _____ () C:\Users\******\Desktop\Update Checker.lnk
2014-05-29 16:57 - 2014-05-29 16:57 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieUserList
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieSiteList
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 ____D () C:\Windows\pss
2014-05-29 16:52 - 2014-02-28 15:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-29 16:52 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-29 16:51 - 2014-02-28 15:35 - 00000000 ____D () C:\Users\******\AppData\Local\Google
2014-05-29 16:50 - 2014-02-28 16:09 - 00000839 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-29 16:50 - 2014-02-28 16:09 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-29 16:49 - 2014-05-29 16:49 - 04748896 _____ (Piriform Ltd) C:\Users\******\Downloads\ccsetup414.exe
2014-05-29 16:47 - 2014-05-29 16:47 - 00003488 _____ () C:\Windows\System32\Tasks\****** NBAgent 15 0
2014-05-29 16:47 - 2014-05-29 16:47 - 00000000 ____D () C:\Users\******\Documents\Nero BackItUp Device Backup
2014-05-29 16:46 - 2014-05-29 16:46 - 00000000 ____D () C:\Users\******\AppData\Roaming\Nero
2014-05-29 16:46 - 2014-05-29 16:44 - 00000000 ____D () C:\ProgramData\Nero
2014-05-29 16:45 - 2014-05-29 16:45 - 00002665 _____ () C:\Users\Public\Desktop\Nero BackItUp 2014.lnk
2014-05-29 16:45 - 2014-05-29 16:45 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-05-29 16:45 - 2014-05-29 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-05-29 16:45 - 2014-05-29 16:44 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-05-29 16:43 - 2014-05-29 16:43 - 42441496 _____ (Nero AG) C:\Users\******\Downloads\Nero_BackItUp2014-15.0.04200_free.exe
2014-05-29 16:40 - 2014-05-29 15:19 - 00049629 _____ () C:\Users\******\Downloads\FRST.txt
2014-05-29 16:36 - 2014-02-28 16:07 - 00000000 ____D () C:\Users\******\AppData\Local\Thunderbird
2014-05-29 16:06 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-05-29 16:06 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-05-29 16:06 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 15:57 - 2014-05-29 15:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-29 15:55 - 2014-05-29 15:55 - 02347384 _____ (ESET) C:\Users\******\Desktop\esetsmartinstaller_deu.exe
2014-05-29 15:52 - 2014-05-29 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-29 15:51 - 2014-05-29 15:50 - 00002040 _____ () C:\Users\******\Desktop\Rkill.txt
2014-05-29 15:50 - 2014-05-29 15:50 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\******\Downloads\rkill.com
2014-05-29 15:48 - 2014-05-29 15:48 - 01016261 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2014-05-29 15:42 - 2014-05-29 14:33 - 00000000 ____D () C:\Users\******\Documents\Mein Steuer-Sparbuch Heute
2014-05-29 15:31 - 2014-05-29 15:31 - 01327971 _____ () C:\Users\******\Desktop\adwcleaner_3.211.exe
2014-05-29 15:12 - 2014-05-29 15:12 - 02066944 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-05-29 14:52 - 2014-05-29 14:52 - 00001989 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-05-29 14:52 - 2014-02-28 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-29 14:51 - 2014-05-29 14:51 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-29 14:51 - 2014-05-29 14:51 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-29 14:49 - 2014-05-29 14:49 - 133421120 _____ (AVAST Software) C:\Users\******\Downloads\avast_internet_security_setup.exe
2014-05-29 14:44 - 2014-02-28 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-29 14:44 - 2014-02-28 15:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-29 14:37 - 2014-05-29 14:37 - 00000000 ____D () C:\NVIDIA
2014-05-29 14:34 - 2014-05-29 14:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-29 14:33 - 2014-02-28 16:19 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-29 14:33 - 2014-02-28 16:19 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-29 14:31 - 2014-05-29 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-29 14:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-20 04:44 - 2014-05-29 14:40 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-05-29 14:40 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-20 04:44 - 2014-02-28 15:40 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-20 04:44 - 2014-02-28 15:40 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-20 04:44 - 2013-10-27 10:12 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 03:25 - 2014-02-28 15:40 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2014-02-28 15:40 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2014-02-28 15:40 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2014-02-28 15:40 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2014-02-28 15:40 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2014-02-28 15:40 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-20 01:10 - 2014-05-29 14:44 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-19 18:52 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\******\AppData\Roaming\Security Systems
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\******\AppData\Roaming\Foxit Software
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-05-19 18:31 - 2014-05-19 18:31 - 00000000 ____D () C:\Users\******\Documents\Steuer-Sparbuch
2014-05-19 18:00 - 2014-05-19 18:00 - 00000000 _____ () C:\Users\******\Sti_Trace.log
2014-05-19 16:11 - 2014-05-19 15:10 - 00000622 _____ () C:\Windows\wiso.ini
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\Users\******\AppData\Roaming\Buhl Data Service
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\Users\******\AppData\Local\Buhl Data Service
2014-05-19 15:58 - 2014-05-19 15:10 - 00000000 ____D () C:\Users\******\AppData\Local\Buhl
2014-05-19 15:56 - 2014-02-28 18:41 - 00000000 ____D () C:\Users\******\AppData\Roaming\AIMP3
2014-05-19 15:56 - 2014-02-28 14:43 - 00000000 ____D () C:\Windows\Panther
2014-05-19 15:32 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\******\AppData\Roaming\Samsung
2014-05-19 15:32 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\******\AppData\Local\Samsung
2014-05-19 15:32 - 2014-05-19 15:14 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-19 15:32 - 2014-05-19 15:14 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-05-19 15:32 - 2014-02-28 15:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-19 15:30 - 2014-05-19 15:30 - 04745984 _____ (Piriform Ltd) C:\Users\******\Downloads\ccsetup413.exe
2014-05-19 15:19 - 2014-05-19 15:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-19 15:19 - 2014-05-19 15:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-05-19 15:16 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\******\Documents\samsung
2014-05-19 15:16 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-19 15:15 - 2014-05-19 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-05-19 15:13 - 2014-05-19 15:13 - 00000000 ____D () C:\Users\******\AppData\Local\Downloaded Installations
2014-05-19 15:13 - 2014-05-19 15:12 - 75879368 _____ (Samsung Electronics Co., Ltd.) C:\Users\******\Downloads\KiesSetup263.exe
2014-05-19 15:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-19 15:10 - 2014-05-19 15:10 - 00002112 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-05-19 15:10 - 2014-05-19 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-05-19 15:10 - 2014-05-19 15:08 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-05-19 15:09 - 2014-05-19 15:09 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-05-19 14:54 - 2014-05-19 14:54 - 01038704 _____ (Amazon Services LLC) C:\Users\******\Downloads\WISO_Steuer_Sparbuch_2014_für_Steuerjahr_2013_Downloader.exe
2014-05-19 13:32 - 2014-02-28 15:35 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-19 13:32 - 2014-02-28 15:35 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-19 13:32 - 2014-02-28 15:35 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-19 13:30 - 2014-02-28 14:52 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 13:30 - 2014-02-28 14:52 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 13:26 - 2014-05-19 13:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-19 13:24 - 2014-02-28 19:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-19 13:21 - 2014-02-28 19:31 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-19 13:12 - 2014-05-19 13:12 - 00000000 ____D () C:\Windows\Options
2014-05-19 13:12 - 2014-05-19 13:12 - 00000000 ____D () C:\ProgramData\TP-LINK
2014-05-15 01:49 - 2014-02-28 15:40 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-12 07:26 - 2014-05-31 16:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-31 16:48 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-31 16:48 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 08:14 - 2014-05-19 13:19 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-19 13:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 06:40 - 2014-05-29 17:26 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-29 17:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-29 17:26 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-29 17:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-29 17:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-29 17:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-30 15:29

==================== End Of Log ============================
--- --- ---


Bin ich schon clean;)

schrauber 01.06.2014 14:13

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Santana 01.06.2014 20:00
Hallo Schrauben ,

eset online scanner läuft schon seit über 5 Stunden und hat leider bereits 4 infizierte Dateien gefunden, alle auf meiner externen Festplatte in Backups meines Notebooks.
Soll ich weiter laufen lassen? Wenn ja, kann ich Dir die Ergebnisse erst morgen posten.

Viele Grüße Santana

schrauber 02.06.2014 18:34
Ja mach mal, dann weisste auch was auf deinen Externen abgeht.

Santana 02.06.2014 19:04
Hallo Schrauber,

hier sind die Logfiles

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=dafdc59e5069554784c429d4f043f0c6
# engine=18459
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-29 03:22:23
# local_time=2014-05-29 05:22:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 97 8889 7786027 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 6201 153006793 0 0
# scanned=163967
# found=3
# cleaned=0
# scan_time=4757
sh=B89EA0A2A74BF83394E3734F9C77A22345942043 ft=1 fh=2ce87ed2e8380392 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\SoftonicDownloader_fuer_foxit-reader.exe"
sh=9AE45158D5CE5A4EAB834877A9B0AEAB284B7BFD ft=0 fh=0000000000000000 vn="Win32/TrojanNotifier.Small.A Trojaner" ac=I fn="H:\LwC\Users\Chefin\Downloads\FireDLL.dll.gz"
sh=C1FEF49C4D78D962BEB4E6CF060DEFCFF77DBF8D ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="H:\SANTANA-THINK\Backup Set 2013-02-10 194514\Backup Files 2013-02-10 194514\Backup files 1.zip"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=dafdc59e5069554784c429d4f043f0c6
# engine=18498
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-01 07:37:32
# local_time=2014-06-01 09:37:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 97 170200 8060536 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 90100 153281302 0 0
# scanned=166101
# found=4
# cleaned=0
# scan_time=21704
sh=9AE45158D5CE5A4EAB834877A9B0AEAB284B7BFD ft=0 fh=0000000000000000 vn="Win32/TrojanNotifier.Small.A Trojaner" ac=I fn="H:\LwC\Users\Chefin\Downloads\FireDLL.dll.gz"
sh=C1FEF49C4D78D962BEB4E6CF060DEFCFF77DBF8D ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="H:\SANTANA-THINK\Backup Set 2013-02-10 194514\Backup Files 2013-02-10 194514\Backup files 1.zip"
sh=103F4B8CE1456B04E870BD581625480690C86C3D ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="H:\SANTANA-THINK\Backup Set 2013-02-10 194514\Backup Files 2013-02-10 194514\Backup files 24.zip"
sh=49A9F8AEE3DACEC3D6E85733A97F45A193075E41 ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="H:\SANTANA-THINK\Backup Set 2013-02-10 194514\Backup Files 2013-02-10 194514\Backup files 26.zip"
Code:
Results of screen317's Security Check version 0.99.83 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0   
 Secunia PSI (3.0.0.9016) 
 Java 7 Update 51 
 Java version out of Date!
 Adobe Flash Player 13.0.0.214 
 Mozilla Firefox (29.0.1)
 Mozilla Thunderbird (24.5.0)
````````Process Check: objlist.exe by Laurent```````` 
 WinPatrol winpatrol.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast afwServ.exe 
 AVAST Software Avast avastui.exe 
 BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by ****** (administrator) on ******-PC on 01-06-2014 21:56:01
Running from C:\Users\******\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBAgent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-29] (AVAST Software)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBAgent.exe [2037072 2014-05-10] (Nero AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKU\S-1-5-21-3492184576-273459616-3862360488-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {AAE7B4C9-BB83-402c-A0E3-C282FD18D9A8} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKCU - {33CA35C9-04D0-45af-AED5-A938D3EAE75E} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
SearchScopes: HKCU - {AAE7B4C9-BB83-402c-A0E3-C282FD18D9A8} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: www.zeit.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Foxy Security - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\sys@foxysecurity.com [2014-05-29]
FF Extension: WOT - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-05-31]
FF Extension: Ghostery - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\firefox@ghostery.com.xpi [2014-02-28]
FF Extension: DuckDuckGo Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-03-02]
FF Extension: Deutsch (DE) Language Pack - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-05-29]
FF Extension: NoScript - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-31]
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-02]
FF Extension: BetterPrivacy - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\3ybwinz6.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-03-02]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-28]

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-19] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-29] (AVAST Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NBService; C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe [265552 2014-05-10] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-19] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-05-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-19] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2010-05-20] (Windows (R) Codename Longhorn DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-01 21:54 - 2014-06-01 21:55 - 02067456 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-06-01 21:46 - 2014-06-01 21:46 - 00001133 _____ () C:\Users\******\Desktop\checkup.txt
2014-06-01 15:30 - 2014-06-01 15:30 - 00854367 _____ () C:\Users\******\Desktop\SecurityCheck.exe
2014-05-31 18:28 - 2014-05-31 18:28 - 00001086 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-05-31 18:28 - 2014-05-31 18:28 - 00000000 ____D () C:\Users\******\AppData\Local\Secunia PSI
2014-05-31 18:28 - 2014-05-31 18:28 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-05-31 18:26 - 2014-05-31 18:27 - 05329480 _____ (Secunia) C:\Users\******\Downloads\PSISetup_3.0.0.9016.exe
2014-05-31 18:17 - 2014-05-31 18:17 - 00448512 _____ (OldTimer Tools) C:\Users\******\Downloads\TFC.exe
2014-05-31 18:11 - 2014-05-31 18:11 - 00000000 ____D () C:\Users\******\AppData\Roaming\WinPatrol
2014-05-31 18:11 - 2014-05-31 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-05-31 18:11 - 2014-05-31 18:11 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-31 18:11 - 2014-05-31 18:11 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-05-31 18:10 - 2014-05-31 18:10 - 01130536 _____ (BillP Studios) C:\Users\******\Downloads\wpsetup.exe
2014-05-31 18:06 - 2014-05-31 18:08 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-31 18:06 - 2014-05-31 18:07 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-05-31 18:06 - 2014-05-31 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-05-31 18:06 - 2014-05-31 18:06 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-31 18:06 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-05-31 17:26 - 2014-06-01 21:56 - 00013531 _____ () C:\Users\******\Desktop\FRST.txt
2014-05-31 17:22 - 2014-05-31 17:23 - 00001557 _____ () C:\Users\******\Desktop\JRT.txt
2014-05-31 17:17 - 2014-05-31 17:17 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 17:16 - 2014-05-31 17:16 - 00001293 _____ () C:\Users\******\Desktop\AdwCleaner.txt
2014-05-31 17:07 - 2014-05-31 17:08 - 00002205 _____ () C:\Users\******\Desktop\mbam.txt
2014-05-31 16:49 - 2014-06-01 15:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 16:48 - 2014-05-31 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-31 16:48 - 2014-05-31 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-31 16:48 - 2014-05-31 16:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-31 16:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-31 16:48 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-31 16:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-31 16:47 - 2014-05-31 16:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-30 22:35 - 2014-05-30 22:35 - 00018270 _____ () C:\ComboFix.txt
2014-05-30 22:35 - 2014-05-30 22:35 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-30 22:35 - 2014-05-30 22:35 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-30 22:35 - 2014-05-30 22:35 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-30 22:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-30 22:29 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-30 22:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-30 22:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-30 22:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-30 22:29 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-30 22:29 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-30 22:29 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-30 22:28 - 2014-05-30 22:35 - 00000000 ____D () C:\Qoobox
2014-05-30 22:28 - 2014-05-30 22:34 - 00000000 ____D () C:\Windows\erdnt
2014-05-30 14:28 - 2014-05-30 14:28 - 22155104 _____ (Mozilla) C:\Users\******\Downloads\Thunderbird Setup 24.5.0.exe
2014-05-30 14:28 - 2014-05-30 14:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-30 14:27 - 2014-05-30 14:27 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-30 14:27 - 2014-05-30 14:27 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-30 14:27 - 2014-05-30 14:27 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-30 14:27 - 2014-05-30 14:27 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-30 14:27 - 2014-05-30 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-30 14:27 - 2014-05-30 14:27 - 00000000 ____D () C:\Program Files\Java
2014-05-30 14:26 - 2014-05-30 14:26 - 34131368 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-8u5-windows-x64(1).exe
2014-05-29 19:37 - 2014-05-29 19:37 - 00000168 _____ () C:\Users\******\defogger_reenable.zip
2014-05-29 19:07 - 2014-05-29 19:07 - 01110476 _____ () C:\Users\******\Downloads\7z920(2).exe
2014-05-29 19:07 - 2014-05-29 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-29 19:07 - 2014-05-29 19:07 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-29 18:56 - 2014-05-29 18:56 - 01110476 _____ () C:\Users\******\Downloads\7z920(1).exe
2014-05-29 18:44 - 2014-05-29 18:44 - 01110476 _____ () C:\Users\******\Downloads\7z920.exe
2014-05-29 18:00 - 2014-05-29 18:00 - 00380416 _____ () C:\Users\******\Downloads\Gmer-19357.exe
2014-05-29 17:26 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-29 17:26 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-29 17:26 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-29 17:26 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-29 17:26 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-29 17:26 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-29 17:24 - 2014-05-29 17:25 - 00000474 _____ () C:\Users\******\Downloads\defogger_disable.log
2014-05-29 17:24 - 2014-05-29 17:24 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-05-29 17:22 - 2014-05-29 17:22 - 00050477 _____ () C:\Users\******\Downloads\Defogger.exe
2014-05-29 17:04 - 2014-05-29 17:04 - 00001375 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-05-29 17:04 - 2014-05-29 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-29 17:02 - 2014-05-29 17:03 - 34131368 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-8u5-windows-x64.exe
2014-05-29 17:01 - 2014-05-29 17:01 - 39187992 _____ (Foxit Corporation ) C:\Users\******\Downloads\FoxitReader620.0429_enu_Setup.exe
2014-05-29 16:59 - 2014-05-29 16:59 - 00000922 _____ () C:\Users\Public\Desktop\AIMP3.lnk
2014-05-29 16:59 - 2014-05-29 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2014-05-29 16:58 - 2014-05-29 16:58 - 07681400 _____ (AIMP DevTeam) C:\Users\******\Downloads\aimp_3.55.1345.exe
2014-05-29 16:57 - 2014-05-31 18:31 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-05-29 16:57 - 2014-05-29 16:57 - 00264757 _____ () C:\Users\******\Downloads\FHSetup.exe
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieUserList
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieSiteList
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 ____D () C:\Windows\pss
2014-05-29 16:49 - 2014-05-29 16:49 - 04748896 _____ (Piriform Ltd) C:\Users\******\Downloads\ccsetup414.exe
2014-05-29 16:47 - 2014-05-29 16:47 - 00003488 _____ () C:\Windows\System32\Tasks\****** NBAgent 15 0
2014-05-29 16:47 - 2014-05-29 16:47 - 00000000 ____D () C:\Users\******\Documents\Nero BackItUp Device Backup
2014-05-29 16:46 - 2014-05-29 16:46 - 00000000 ____D () C:\Users\******\AppData\Roaming\Nero
2014-05-29 16:45 - 2014-05-29 16:45 - 00002665 _____ () C:\Users\Public\Desktop\Nero BackItUp 2014.lnk
2014-05-29 16:45 - 2014-05-29 16:45 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-05-29 16:44 - 2014-05-29 16:46 - 00000000 ____D () C:\ProgramData\Nero
2014-05-29 16:44 - 2014-05-29 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-05-29 16:44 - 2014-05-29 16:45 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-05-29 16:43 - 2014-05-29 16:43 - 42441496 _____ (Nero AG) C:\Users\******\Downloads\Nero_BackItUp2014-15.0.04200_free.exe
2014-05-29 15:57 - 2014-05-29 15:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-29 15:55 - 2014-05-29 15:55 - 02347384 _____ (ESET) C:\Users\******\Desktop\esetsmartinstaller_deu.exe
2014-05-29 15:52 - 2014-05-29 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-29 15:50 - 2014-05-29 15:50 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\******\Downloads\rkill.com
2014-05-29 15:33 - 2014-05-31 17:11 - 00000000 ____D () C:\AdwCleaner
2014-05-29 15:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-29 15:19 - 2014-06-01 21:56 - 00000000 ____D () C:\FRST
2014-05-29 15:19 - 2014-05-29 16:40 - 00049629 _____ () C:\Users\******\Downloads\FRST.txt
2014-05-29 14:54 - 2014-06-01 15:19 - 00003774 _____ () C:\Windows\PFRO.log
2014-05-29 14:51 - 2014-05-29 14:51 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-29 14:51 - 2014-05-29 14:51 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-29 14:49 - 2014-05-29 14:49 - 133421120 _____ (AVAST Software) C:\Users\******\Downloads\avast_internet_security_setup.exe
2014-05-29 14:44 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-29 14:40 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-29 14:40 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-29 14:40 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-29 14:37 - 2014-05-29 14:37 - 00000000 ____D () C:\NVIDIA
2014-05-29 14:34 - 2014-06-01 21:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 14:34 - 2014-05-29 14:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-29 14:33 - 2014-05-29 15:42 - 00000000 ____D () C:\Users\******\Documents\Mein Steuer-Sparbuch Heute
2014-05-29 14:31 - 2014-06-01 15:24 - 00004018 _____ () C:\Windows\setupact.log
2014-05-29 14:31 - 2014-05-29 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-19 18:59 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-19 18:59 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-19 18:59 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-19 18:59 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-19 18:59 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-19 18:59 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-19 18:59 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-19 18:59 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-19 18:59 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-19 18:59 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-19 18:59 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-19 18:59 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-19 18:59 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-19 18:59 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-19 18:59 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-19 18:59 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-19 18:59 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-19 18:59 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-19 18:59 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-19 18:58 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-19 18:58 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-19 18:58 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-19 18:58 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-19 18:58 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-19 18:58 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-19 18:58 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-19 18:58 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-19 18:58 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-19 18:58 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-19 18:58 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-19 18:58 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-19 18:58 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-19 18:58 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-19 18:58 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-19 18:58 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-19 18:58 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-19 18:58 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-19 18:58 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-19 18:58 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-19 18:58 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-19 18:58 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-19 18:58 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-19 18:58 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-19 18:58 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-19 18:51 - 2014-05-19 18:52 - 00000000 ____D () C:\Users\******\AppData\Roaming\Security Systems
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\******\AppData\Roaming\Foxit Software
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-05-19 18:31 - 2014-05-19 18:31 - 00000000 ____D () C:\Users\******\Documents\Steuer-Sparbuch
2014-05-19 18:00 - 2014-05-19 18:00 - 00000000 _____ () C:\Users\******\Sti_Trace.log
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\Users\******\AppData\Roaming\Buhl Data Service
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\Users\******\AppData\Local\Buhl Data Service
2014-05-19 15:30 - 2014-05-19 15:30 - 04745984 _____ (Piriform Ltd) C:\Users\******\Downloads\ccsetup413.exe
2014-05-19 15:19 - 2014-05-19 15:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-19 15:19 - 2014-05-19 15:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-05-19 15:16 - 2014-05-19 15:32 - 00000000 ____D () C:\Users\******\AppData\Roaming\Samsung
2014-05-19 15:16 - 2014-05-19 15:32 - 00000000 ____D () C:\Users\******\AppData\Local\Samsung
2014-05-19 15:16 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\******\Documents\samsung
2014-05-19 15:16 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-19 15:15 - 2014-05-19 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-05-19 15:15 - 2014-04-11 10:39 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-05-19 15:15 - 2014-04-11 10:39 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-05-19 15:15 - 2014-04-11 10:39 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-05-19 15:15 - 2014-04-11 10:39 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-05-19 15:14 - 2014-05-19 15:32 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-19 15:14 - 2014-05-19 15:32 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-05-19 15:14 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-05-19 15:14 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-05-19 15:13 - 2014-05-19 15:13 - 00000000 ____D () C:\Users\******\AppData\Local\Downloaded Installations
2014-05-19 15:12 - 2014-05-19 15:13 - 75879368 _____ (Samsung Electronics Co., Ltd.) C:\Users\******\Downloads\KiesSetup263.exe
2014-05-19 15:10 - 2014-05-19 16:11 - 00000622 _____ () C:\Windows\wiso.ini
2014-05-19 15:10 - 2014-05-19 15:58 - 00000000 ____D () C:\Users\******\AppData\Local\Buhl
2014-05-19 15:10 - 2014-05-19 15:10 - 00002112 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-05-19 15:10 - 2014-05-19 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-05-19 15:09 - 2014-05-19 15:09 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-05-19 15:08 - 2014-05-19 15:10 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-05-19 14:54 - 2014-05-19 14:54 - 01038704 _____ (Amazon Services LLC) C:\Users\******\Downloads\WISO_Steuer_Sparbuch_2014_für_Steuerjahr_2013_Downloader.exe
2014-05-19 13:26 - 2014-05-19 13:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-19 13:19 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-19 13:19 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-19 13:19 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-19 13:19 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-19 13:19 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-19 13:19 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-19 13:19 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-19 13:19 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-19 13:19 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-19 13:19 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-19 13:19 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-19 13:19 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-19 13:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-19 13:19 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-19 13:19 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-19 13:19 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-19 13:19 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-19 13:19 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-19 13:19 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-19 13:19 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-19 13:19 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-19 13:19 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-19 13:19 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-19 13:18 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-05-19 13:18 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-05-19 13:12 - 2014-05-19 13:12 - 00000000 ____D () C:\Windows\Options
2014-05-19 13:12 - 2014-05-19 13:12 - 00000000 ____D () C:\ProgramData\TP-LINK
2014-05-19 13:12 - 2010-05-13 09:58 - 00007484 _____ () C:\Windows\system32\athurextx.cat
2014-05-19 13:12 - 2010-01-05 19:23 - 01847296 ____R (Atheros Communications, Inc.) C:\Windows\system32\athurx.sys
2014-05-19 13:12 - 2010-01-05 19:23 - 01847296 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athurx.sys

==================== One Month Modified Files and Folders =======

2014-06-01 21:56 - 2014-05-31 17:26 - 00013531 _____ () C:\Users\******\Desktop\FRST.txt
2014-06-01 21:56 - 2014-05-29 15:19 - 00000000 ____D () C:\FRST
2014-06-01 21:56 - 2014-02-28 14:51 - 00000000 ____D () C:\Users\******\AppData\Local\Temp
2014-06-01 21:55 - 2014-06-01 21:54 - 02067456 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-06-01 21:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-01 21:46 - 2014-06-01 21:46 - 00001133 _____ () C:\Users\******\Desktop\checkup.txt
2014-06-01 21:31 - 2014-05-29 14:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 15:55 - 2014-05-31 16:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 15:30 - 2014-06-01 15:30 - 00854367 _____ () C:\Users\******\Desktop\SecurityCheck.exe
2014-06-01 15:27 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-06-01 15:27 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-06-01 15:27 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-01 15:27 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-01 15:27 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-01 15:24 - 2014-05-29 14:31 - 00004018 _____ () C:\Windows\setupact.log
2014-06-01 15:19 - 2014-05-29 14:54 - 00003774 _____ () C:\Windows\PFRO.log
2014-06-01 15:19 - 2014-02-28 15:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-01 15:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 20:35 - 2014-02-28 14:47 - 01258612 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 18:31 - 2014-05-29 16:57 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-05-31 18:28 - 2014-05-31 18:28 - 00001086 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-05-31 18:28 - 2014-05-31 18:28 - 00000000 ____D () C:\Users\******\AppData\Local\Secunia PSI
2014-05-31 18:28 - 2014-05-31 18:28 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-05-31 18:28 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-31 18:27 - 2014-05-31 18:26 - 05329480 _____ (Secunia) C:\Users\******\Downloads\PSISetup_3.0.0.9016.exe
2014-05-31 18:17 - 2014-05-31 18:17 - 00448512 _____ (OldTimer Tools) C:\Users\******\Downloads\TFC.exe
2014-05-31 18:11 - 2014-05-31 18:11 - 00000000 ____D () C:\Users\******\AppData\Roaming\WinPatrol
2014-05-31 18:11 - 2014-05-31 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-05-31 18:11 - 2014-05-31 18:11 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-31 18:11 - 2014-05-31 18:11 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-05-31 18:10 - 2014-05-31 18:10 - 01130536 _____ (BillP Studios) C:\Users\******\Downloads\wpsetup.exe
2014-05-31 18:08 - 2014-05-31 18:06 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-31 18:07 - 2014-05-31 18:06 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-05-31 18:06 - 2014-05-31 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-05-31 18:06 - 2014-05-31 18:06 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-31 17:23 - 2014-05-31 17:22 - 00001557 _____ () C:\Users\******\Desktop\JRT.txt
2014-05-31 17:17 - 2014-05-31 17:17 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 17:16 - 2014-05-31 17:16 - 00001293 _____ () C:\Users\******\Desktop\AdwCleaner.txt
2014-05-31 17:11 - 2014-05-29 15:33 - 00000000 ____D () C:\AdwCleaner
2014-05-31 17:08 - 2014-05-31 17:07 - 00002205 _____ () C:\Users\******\Desktop\mbam.txt
2014-05-31 17:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2014-05-31 16:48 - 2014-05-31 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-31 16:48 - 2014-05-31 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-31 16:48 - 2014-05-31 16:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-31 16:47 - 2014-05-31 16:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-30 23:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-30 22:35 - 2014-05-30 22:35 - 00018270 _____ () C:\ComboFix.txt
2014-05-30 22:35 - 2014-05-30 22:35 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-30 22:35 - 2014-05-30 22:35 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-30 22:35 - 2014-05-30 22:35 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-30 22:35 - 2014-05-30 22:28 - 00000000 ____D () C:\Qoobox
2014-05-30 22:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-30 22:34 - 2014-05-30 22:28 - 00000000 ____D () C:\Windows\erdnt
2014-05-30 22:34 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-30 22:22 - 2014-02-28 15:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-30 22:20 - 2014-02-28 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-30 14:28 - 2014-05-30 14:28 - 22155104 _____ (Mozilla) C:\Users\******\Downloads\Thunderbird Setup 24.5.0.exe
2014-05-30 14:28 - 2014-05-30 14:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-30 14:27 - 2014-05-30 14:27 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-30 14:27 - 2014-05-30 14:27 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-30 14:27 - 2014-05-30 14:27 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-30 14:27 - 2014-05-30 14:27 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-30 14:27 - 2014-05-30 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-30 14:27 - 2014-05-30 14:27 - 00000000 ____D () C:\Program Files\Java
2014-05-30 14:26 - 2014-05-30 14:26 - 34131368 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-8u5-windows-x64(1).exe
2014-05-29 19:37 - 2014-05-29 19:37 - 00000168 _____ () C:\Users\******\defogger_reenable.zip
2014-05-29 19:37 - 2014-02-28 14:51 - 00000000 ____D () C:\Users\******
2014-05-29 19:07 - 2014-05-29 19:07 - 01110476 _____ () C:\Users\******\Downloads\7z920(2).exe
2014-05-29 19:07 - 2014-05-29 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-29 19:07 - 2014-05-29 19:07 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-29 18:56 - 2014-05-29 18:56 - 01110476 _____ () C:\Users\******\Downloads\7z920(1).exe
2014-05-29 18:44 - 2014-05-29 18:44 - 01110476 _____ () C:\Users\******\Downloads\7z920.exe
2014-05-29 18:00 - 2014-05-29 18:00 - 00380416 _____ () C:\Users\******\Downloads\Gmer-19357.exe
2014-05-29 17:25 - 2014-05-29 17:24 - 00000474 _____ () C:\Users\******\Downloads\defogger_disable.log
2014-05-29 17:24 - 2014-05-29 17:24 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-05-29 17:22 - 2014-05-29 17:22 - 00050477 _____ () C:\Users\******\Downloads\Defogger.exe
2014-05-29 17:04 - 2014-05-29 17:04 - 00001375 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-05-29 17:04 - 2014-05-29 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-05-29 17:03 - 2014-05-29 17:02 - 34131368 _____ (Oracle Corporation) C:\Users\******\Downloads\jre-8u5-windows-x64.exe
2014-05-29 17:01 - 2014-05-29 17:01 - 39187992 _____ (Foxit Corporation ) C:\Users\******\Downloads\FoxitReader620.0429_enu_Setup.exe
2014-05-29 16:59 - 2014-05-29 16:59 - 00000922 _____ () C:\Users\Public\Desktop\AIMP3.lnk
2014-05-29 16:59 - 2014-05-29 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2014-05-29 16:59 - 2014-02-28 18:41 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2014-05-29 16:58 - 2014-05-29 16:58 - 07681400 _____ (AIMP DevTeam) C:\Users\******\Downloads\aimp_3.55.1345.exe
2014-05-29 16:57 - 2014-05-29 16:57 - 00264757 _____ () C:\Users\******\Downloads\FHSetup.exe
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieUserList
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieSiteList
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 ____D () C:\Windows\pss
2014-05-29 16:52 - 2014-02-28 15:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-29 16:51 - 2014-02-28 15:35 - 00000000 ____D () C:\Users\******\AppData\Local\Google
2014-05-29 16:49 - 2014-05-29 16:49 - 04748896 _____ (Piriform Ltd) C:\Users\******\Downloads\ccsetup414.exe
2014-05-29 16:47 - 2014-05-29 16:47 - 00003488 _____ () C:\Windows\System32\Tasks\****** NBAgent 15 0
2014-05-29 16:47 - 2014-05-29 16:47 - 00000000 ____D () C:\Users\******\Documents\Nero BackItUp Device Backup
2014-05-29 16:46 - 2014-05-29 16:46 - 00000000 ____D () C:\Users\******\AppData\Roaming\Nero
2014-05-29 16:46 - 2014-05-29 16:44 - 00000000 ____D () C:\ProgramData\Nero
2014-05-29 16:45 - 2014-05-29 16:45 - 00002665 _____ () C:\Users\Public\Desktop\Nero BackItUp 2014.lnk
2014-05-29 16:45 - 2014-05-29 16:45 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-05-29 16:45 - 2014-05-29 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-05-29 16:45 - 2014-05-29 16:44 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-05-29 16:43 - 2014-05-29 16:43 - 42441496 _____ (Nero AG) C:\Users\******\Downloads\Nero_BackItUp2014-15.0.04200_free.exe
2014-05-29 16:40 - 2014-05-29 15:19 - 00049629 _____ () C:\Users\******\Downloads\FRST.txt
2014-05-29 16:36 - 2014-02-28 16:07 - 00000000 ____D () C:\Users\******\AppData\Local\Thunderbird
2014-05-29 15:57 - 2014-05-29 15:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-29 15:55 - 2014-05-29 15:55 - 02347384 _____ (ESET) C:\Users\******\Desktop\esetsmartinstaller_deu.exe
2014-05-29 15:52 - 2014-05-29 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-29 15:50 - 2014-05-29 15:50 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\******\Downloads\rkill.com
2014-05-29 15:42 - 2014-05-29 14:33 - 00000000 ____D () C:\Users\******\Documents\Mein Steuer-Sparbuch Heute
2014-05-29 14:52 - 2014-02-28 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-29 14:51 - 2014-05-29 14:51 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-05-29 14:51 - 2014-05-29 14:51 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-05-29 14:49 - 2014-05-29 14:49 - 133421120 _____ (AVAST Software) C:\Users\******\Downloads\avast_internet_security_setup.exe
2014-05-29 14:44 - 2014-02-28 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-29 14:44 - 2014-02-28 15:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-29 14:44 - 2014-02-28 14:32 - 00000000 ____D () C:\Temp
2014-05-29 14:37 - 2014-05-29 14:37 - 00000000 ____D () C:\NVIDIA
2014-05-29 14:34 - 2014-05-29 14:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-29 14:33 - 2014-02-28 16:19 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-29 14:33 - 2014-02-28 16:19 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-29 14:31 - 2014-05-29 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-29 14:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-20 04:44 - 2014-05-29 14:40 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-05-29 14:40 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-20 04:44 - 2014-05-29 14:40 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2014-02-28 17:36 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-20 04:44 - 2014-02-28 15:40 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-20 04:44 - 2014-02-28 15:40 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-20 04:44 - 2013-10-27 10:12 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 03:25 - 2014-02-28 15:40 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2014-02-28 15:40 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2014-02-28 15:40 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2014-02-28 15:40 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2014-02-28 15:40 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2014-02-28 15:40 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-20 01:10 - 2014-05-29 14:44 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-19 18:52 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\******\AppData\Roaming\Security Systems
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\******\AppData\Roaming\Foxit Software
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-05-19 18:51 - 2014-05-19 18:51 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-05-19 18:31 - 2014-05-19 18:31 - 00000000 ____D () C:\Users\******\Documents\Steuer-Sparbuch
2014-05-19 18:00 - 2014-05-19 18:00 - 00000000 _____ () C:\Users\******\Sti_Trace.log
2014-05-19 16:11 - 2014-05-19 15:10 - 00000622 _____ () C:\Windows\wiso.ini
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\Users\******\AppData\Roaming\Buhl Data Service
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\Users\******\AppData\Local\Buhl Data Service
2014-05-19 15:58 - 2014-05-19 15:10 - 00000000 ____D () C:\Users\******\AppData\Local\Buhl
2014-05-19 15:56 - 2014-02-28 18:41 - 00000000 ____D () C:\Users\******\AppData\Roaming\AIMP3
2014-05-19 15:56 - 2014-02-28 14:43 - 00000000 ____D () C:\Windows\Panther
2014-05-19 15:32 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\******\AppData\Roaming\Samsung
2014-05-19 15:32 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\******\AppData\Local\Samsung
2014-05-19 15:32 - 2014-05-19 15:14 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-19 15:32 - 2014-05-19 15:14 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-05-19 15:32 - 2014-02-28 15:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-19 15:30 - 2014-05-19 15:30 - 04745984 _____ (Piriform Ltd) C:\Users\******\Downloads\ccsetup413.exe
2014-05-19 15:19 - 2014-05-19 15:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-19 15:19 - 2014-05-19 15:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-05-19 15:16 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\******\Documents\samsung
2014-05-19 15:16 - 2014-05-19 15:16 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-19 15:15 - 2014-05-19 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-05-19 15:13 - 2014-05-19 15:13 - 00000000 ____D () C:\Users\******\AppData\Local\Downloaded Installations
2014-05-19 15:13 - 2014-05-19 15:12 - 75879368 _____ (Samsung Electronics Co., Ltd.) C:\Users\******\Downloads\KiesSetup263.exe
2014-05-19 15:10 - 2014-05-19 15:10 - 00002112 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2014.lnk
2014-05-19 15:10 - 2014-05-19 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2014
2014-05-19 15:10 - 2014-05-19 15:08 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-05-19 15:09 - 2014-05-19 15:09 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-05-19 14:54 - 2014-05-19 14:54 - 01038704 _____ (Amazon Services LLC) C:\Users\******\Downloads\WISO_Steuer_Sparbuch_2014_für_Steuerjahr_2013_Downloader.exe
2014-05-19 13:32 - 2014-02-28 15:35 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-19 13:32 - 2014-02-28 15:35 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-19 13:32 - 2014-02-28 15:35 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-19 13:30 - 2014-02-28 14:52 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 13:30 - 2014-02-28 14:52 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 13:26 - 2014-05-19 13:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-19 13:24 - 2014-02-28 19:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-19 13:21 - 2014-02-28 19:31 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-19 13:12 - 2014-05-19 13:12 - 00000000 ____D () C:\Windows\Options
2014-05-19 13:12 - 2014-05-19 13:12 - 00000000 ____D () C:\ProgramData\TP-LINK
2014-05-15 01:49 - 2014-02-28 15:40 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-12 07:26 - 2014-05-31 16:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-31 16:48 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-31 16:48 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 08:14 - 2014-05-19 13:19 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-19 13:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 06:40 - 2014-05-29 17:26 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-29 17:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-29 17:26 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-29 17:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-29 17:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-29 17:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-30 15:29

==================== End Of Log ============================
--- --- ---

--- --- ---


Viele Grüße Santana

schrauber 03.06.2014 18:37
Backup auf H löschen.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Santana 03.06.2014 19:59
Hallo Schrauber,

hab alles so gemacht, wie Du gesagt hast und Deine Tipps werde ich auf jeden Fall beachten. Eine Frage habe ich noch. Was ist mit den Registrierungsschlüsseleinträgen, die malwarebytes beanstandet hat? Muss da noch was unternommern werden?

Ansonsten ist soweit alles klar. Backup ist gelöscht, war sowieso nicht mehr aktuell.

Tausend Dank für Deine Zeit und Hilfe. :dankeschoen:

Viele Grüße Santana

schrauber 04.06.2014 18:32
Zitat:
Was ist mit den Registrierungsschlüsseleinträgen, die Malwarebytes beanstandet hat?
kannste löschen.

Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55