Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Firefox startet nicht mehr. (https://www.trojaner-board.de/155474-windows-7-firefox-startet-mehr.html)

Nicls 19.06.2014 23:49
Windows 7: Firefox startet nicht mehr.
 
Hallo liebe Helfer,


Firefox lässt sich nach Deinstallation und Neuinstallation nicht mehr starten. Folgende Fehlermeldung wird angezeigt:

Zitat:
Ihr Profil "Firefox" kann nicht geladen werden. Es ist möglicherweise nicht vorhanden oder ein Zugriff ist nicht möglich.
Ich habe das bereits gegooglet. Dabei bin ich auf das Problem gestoßen, dass ich nicht auf den Pfad: C:\Users\"Benutzername"\AppData\Roaming\Mozilla\Firefox zugreifen kann. Diesmal wurde folgende Fehlermeldung angezeigt:

Zitat:
Auf C:\Users\"Benutzername"\AppData\Roaming\Mozilla\Firefox kann nicht zugegriffen werden. Zugriff verweigert
Das habe ich natürlich sofort wieder gegooglet, wobei ich auf das Trojaner-board gestoßen bin.

FRST-Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by Niclas (administrator) on NICLAS-PC on 20-06-2014 00:10:04
Running from C:\Users\Niclas\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Acer\WDAgent\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Akamai Technologies, Inc.) C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Akamai Technologies, Inc.) C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Trend Micro Inc.) C:\Users\Niclas\Downloads\HiJackThis204.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508144 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-19] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-213224662-1072476941-1227045895-1000\...\Run: [RGSC] => D:\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-213224662-1072476941-1227045895-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-213224662-1072476941-1227045895-1000\...\MountPoints2: {3b00f8ab-53bb-11e3-9bb9-806e6f6e6963} - E:\AutoRun\AutoRunX\AutoRunX.exe
HKU\S-1-5-21-213224662-1072476941-1227045895-1001\...\MountPoints2: {3b00f8ab-53bb-11e3-9bb9-806e6f6e6963} - E:\AutoRun\AutoRunX\AutoRunX.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-23] (Client Connect LTD)
AppInit_DLLs:  C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-23] (Client Connect LTD)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M06BB1457-341F-4C44-9402-024D341504F1&SearchSource=55&CUI=&UM=5&UP=SP3316D1AE-4C2E-4221-8157-1D65F8AA1477&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD056B46C3EE8CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.1 - D:\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-23]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-19] (AVAST Software)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2497856 2014-05-23] (Client Connect LTD)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Acer\WDAgent\Ath_WlanAgent.exe [77824 2012-05-03] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-19] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-19] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S1 netfilter64; system32\drivers\netfilter64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-20 00:10 - 2014-06-20 00:10 - 00013510 _____ () C:\Users\Niclas\Downloads\FRST.txt
2014-06-20 00:09 - 2014-06-20 00:10 - 00000000 ____D () C:\FRST
2014-06-20 00:09 - 2014-06-20 00:09 - 02082304 _____ (Farbar) C:\Users\Niclas\Downloads\FRST64.exe
2014-06-20 00:09 - 2014-06-20 00:09 - 00000474 _____ () C:\Users\Niclas\Desktop\defogger_disable.log
2014-06-20 00:09 - 2014-06-20 00:09 - 00000000 _____ () C:\Users\Niclas\defogger_reenable
2014-06-20 00:08 - 2014-06-20 00:08 - 00050477 _____ () C:\Users\Niclas\Downloads\Defogger.exe
2014-06-20 00:06 - 2014-06-20 00:06 - 00003138 _____ () C:\Windows\System32\Tasks\{BECBBACC-41D4-401B-BC09-A0D738BC67C8}
2014-06-20 00:05 - 2014-06-20 00:05 - 00009455 _____ () C:\Users\Niclas\Downloads\hijackthis.log
2014-06-20 00:03 - 2014-06-20 00:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Niclas\Downloads\HiJackThis204.exe
2014-06-19 23:49 - 2014-06-19 23:49 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 23:49 - 2014-06-19 23:49 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 23:48 - 2014-06-19 23:48 - 00284288 _____ (Mozilla) C:\Users\Niclas\Downloads\Firefox Setup Stub 30.0.exe
2014-06-19 23:27 - 2014-06-19 23:27 - 29677544 _____ (Mozilla) C:\Users\Niclas\Downloads\Firefox_Setup_de30.0.exe
2014-06-19 23:17 - 2014-06-19 23:17 - 00000000 __SHD () C:\Users\Niclas\AppData\Local\EmieUserList
2014-06-19 23:17 - 2014-06-19 23:17 - 00000000 __SHD () C:\Users\Niclas\AppData\Local\EmieSiteList
2014-06-18 15:44 - 2014-06-18 15:44 - 00000000 ____D () C:\Users\Niclas\Desktop\Spiele
2014-06-18 15:43 - 2014-06-18 15:43 - 00000000 ____D () C:\Users\Niclas\Desktop\Programme
2014-06-18 15:40 - 2014-06-18 15:42 - 00000000 ____D () C:\Users\Niclas\Downloads\SEPA Ref.Nr.6100319358
2014-06-15 20:58 - 2014-06-15 21:13 - 63363736 _____ (Microsoft Corporation) C:\Users\Niclas\Downloads\PowerPointViewer.exe
2014-06-15 20:42 - 2014-06-15 20:42 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Apps\2.0
2014-06-15 20:20 - 2014-06-15 20:20 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-06-15 20:01 - 2014-06-15 20:12 - 63363736 _____ (Microsoft Corporation) C:\Users\Niclas\Downloads\PowerPointViewer2010.exe
2014-06-15 17:49 - 2014-06-15 17:49 - 00000603 _____ () C:\Users\Niclas\Desktop\WBStool8.lnk
2014-06-15 17:47 - 2014-06-15 17:47 - 00032021 _____ () C:\Users\Niclas\Downloads\Start.zip
2014-06-14 14:17 - 2014-06-14 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-14 14:17 - 2014-06-14 14:17 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-11 09:44 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 09:44 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 09:44 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 09:44 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 09:44 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 09:44 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 09:44 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 09:44 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 09:44 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 09:44 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 09:44 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 09:44 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 09:44 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 09:44 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 09:44 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 09:44 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 09:44 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 09:44 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 09:44 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 09:44 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 09:44 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 09:44 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 09:44 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 09:44 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 09:44 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 09:44 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 09:44 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 09:44 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 09:44 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 09:44 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 09:44 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 09:44 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 09:44 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 09:44 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 09:44 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 09:44 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 09:44 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 09:44 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 09:44 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 09:44 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 09:44 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 09:44 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 09:44 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 09:44 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 09:44 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 09:44 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 09:44 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 09:44 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 09:44 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 09:44 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 09:44 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 09:44 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 09:43 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 09:43 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 09:43 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 09:43 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 09:43 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 09:43 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 09:43 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 09:43 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 09:43 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 09:43 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 09:43 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 09:43 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 09:43 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 09:43 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 09:37 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 09:37 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 15:01 - 2014-06-19 23:06 - 00000000 ___RD () C:\Users\Niclas\Dropbox
2014-06-04 15:01 - 2014-06-04 15:01 - 00001041 _____ () C:\Users\Niclas\Desktop\Dropbox.lnk
2014-06-04 14:59 - 2014-06-19 23:06 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\DropboxMaster
2014-06-04 14:59 - 2014-06-04 14:59 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-04 14:58 - 2014-06-19 23:06 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dropbox
2014-06-04 14:58 - 2014-06-04 14:58 - 00318600 _____ (Dropbox, Inc.) C:\Users\Niclas\Downloads\DropboxInstaller.exe
2014-06-04 14:38 - 2014-06-04 14:38 - 00012623 _____ () C:\Users\Niclas\Documents\Erwartungen der Controller.odt
2014-05-27 19:00 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-27 19:00 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-26 20:24 - 2014-05-26 20:24 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup(2).exe
2014-05-26 20:23 - 2014-05-26 20:24 - 36830792 _____ () C:\Users\Niclas\Downloads\mp68-win-mg3200-1_02-ea32_2.exe
2014-05-26 20:20 - 2014-05-26 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
2014-05-26 20:20 - 2014-05-26 20:20 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-05-26 20:19 - 2014-05-26 20:20 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup(1).exe
2014-05-26 20:19 - 2014-05-26 20:19 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup.exe
2014-05-26 20:00 - 2014-05-26 20:00 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-05-26 20:00 - 2014-05-26 20:00 - 00000000 ____D () C:\Windows\system32\NV
2014-05-26 19:57 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-26 19:57 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-26 19:57 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-26 19:57 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-26 19:57 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-26 19:57 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-26 19:57 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-26 19:57 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-26 19:57 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-26 19:57 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-26 19:57 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-26 19:57 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-26 19:57 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-26 19:57 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-26 19:57 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-26 19:57 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-26 19:56 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-05-26 19:56 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-05-26 19:56 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-05-26 19:56 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-05-26 19:56 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-05-26 19:52 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-26 19:52 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-26 19:52 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-05-26 19:52 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-05-26 19:19 - 2014-06-11 12:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-26 19:19 - 2014-06-11 12:31 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-25 21:47 - 2014-06-15 18:05 - 00000000 ____D () C:\Users\Niclas\Documents\Consult One

==================== One Month Modified Files and Folders =======

2014-06-20 00:10 - 2014-06-20 00:10 - 00013510 _____ () C:\Users\Niclas\Downloads\FRST.txt
2014-06-20 00:10 - 2014-06-20 00:09 - 00000000 ____D () C:\FRST
2014-06-20 00:09 - 2014-06-20 00:09 - 02082304 _____ (Farbar) C:\Users\Niclas\Downloads\FRST64.exe
2014-06-20 00:09 - 2014-06-20 00:09 - 00000474 _____ () C:\Users\Niclas\Desktop\defogger_disable.log
2014-06-20 00:09 - 2014-06-20 00:09 - 00000000 _____ () C:\Users\Niclas\defogger_reenable
2014-06-20 00:09 - 2013-11-22 16:25 - 00000000 ____D () C:\Users\Niclas
2014-06-20 00:08 - 2014-06-20 00:08 - 00050477 _____ () C:\Users\Niclas\Downloads\Defogger.exe
2014-06-20 00:06 - 2014-06-20 00:06 - 00003138 _____ () C:\Windows\System32\Tasks\{BECBBACC-41D4-401B-BC09-A0D738BC67C8}
2014-06-20 00:05 - 2014-06-20 00:05 - 00009455 _____ () C:\Users\Niclas\Downloads\hijackthis.log
2014-06-20 00:05 - 2014-06-20 00:03 - 00388608 _____ (Trend Micro Inc.) C:\Users\Niclas\Downloads\HiJackThis204.exe
2014-06-20 00:05 - 2013-11-22 16:25 - 00000000 ____D () C:\Users\Niclas\AppData\Local\VirtualStore
2014-06-19 23:49 - 2014-06-19 23:49 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 23:49 - 2014-06-19 23:49 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 23:48 - 2014-06-19 23:48 - 00284288 _____ (Mozilla) C:\Users\Niclas\Downloads\Firefox Setup Stub 30.0.exe
2014-06-19 23:39 - 2013-11-23 13:20 - 00000000 ____D () C:\Users\Niclas\AppData\Local\CrashDumps
2014-06-19 23:27 - 2014-06-19 23:27 - 29677544 _____ (Mozilla) C:\Users\Niclas\Downloads\Firefox_Setup_de30.0.exe
2014-06-19 23:17 - 2014-06-19 23:17 - 00000000 __SHD () C:\Users\Niclas\AppData\Local\EmieUserList
2014-06-19 23:17 - 2014-06-19 23:17 - 00000000 __SHD () C:\Users\Niclas\AppData\Local\EmieSiteList
2014-06-19 23:17 - 2013-11-23 13:26 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Mozilla
2014-06-19 23:06 - 2014-06-04 15:01 - 00000000 ___RD () C:\Users\Niclas\Dropbox
2014-06-19 23:06 - 2014-06-04 14:59 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\DropboxMaster
2014-06-19 23:06 - 2014-06-04 14:58 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dropbox
2014-06-19 23:06 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 23:06 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 23:02 - 2013-11-22 23:18 - 01829590 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 22:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-19 22:59 - 2009-07-14 06:51 - 00038727 _____ () C:\Windows\setupact.log
2014-06-18 15:44 - 2014-06-18 15:44 - 00000000 ____D () C:\Users\Niclas\Desktop\Spiele
2014-06-18 15:43 - 2014-06-18 15:43 - 00000000 ____D () C:\Users\Niclas\Desktop\Programme
2014-06-18 15:42 - 2014-06-18 15:40 - 00000000 ____D () C:\Users\Niclas\Downloads\SEPA Ref.Nr.6100319358
2014-06-17 13:02 - 2014-05-08 21:26 - 00000000 ____D () C:\temp
2014-06-17 13:02 - 2014-05-08 21:26 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-06-17 10:43 - 2010-11-21 08:50 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-06-17 10:43 - 2010-11-21 08:50 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-06-17 10:43 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-15 23:47 - 2009-07-14 06:45 - 00323288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-15 21:27 - 2013-11-23 13:01 - 00074760 _____ () C:\Users\Niclas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-15 21:13 - 2014-06-15 20:58 - 63363736 _____ (Microsoft Corporation) C:\Users\Niclas\Downloads\PowerPointViewer.exe
2014-06-15 20:55 - 2014-01-14 22:04 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-15 20:42 - 2014-06-15 20:42 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Apps\2.0
2014-06-15 20:20 - 2014-06-15 20:20 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-06-15 20:12 - 2014-06-15 20:01 - 63363736 _____ (Microsoft Corporation) C:\Users\Niclas\Downloads\PowerPointViewer2010.exe
2014-06-15 18:05 - 2014-05-25 21:47 - 00000000 ____D () C:\Users\Niclas\Documents\Consult One
2014-06-15 17:49 - 2014-06-15 17:49 - 00000603 _____ () C:\Users\Niclas\Desktop\WBStool8.lnk
2014-06-15 17:47 - 2014-06-15 17:47 - 00032021 _____ () C:\Users\Niclas\Downloads\Start.zip
2014-06-14 14:17 - 2014-06-14 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-14 14:17 - 2014-06-14 14:17 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-14 14:17 - 2014-01-14 13:39 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-11 21:34 - 2014-04-17 19:00 - 00000000 ____D () C:\Windows\rescache
2014-06-11 12:32 - 2014-05-26 19:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 12:31 - 2014-05-26 19:19 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 12:30 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 14:51 - 2013-11-23 13:17 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-08 11:13 - 2014-06-11 09:37 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 09:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 15:32 - 2013-11-23 13:36 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Adobe
2014-06-04 15:01 - 2014-06-04 15:01 - 00001041 _____ () C:\Users\Niclas\Desktop\Dropbox.lnk
2014-06-04 14:59 - 2014-06-04 14:59 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-04 14:58 - 2014-06-04 14:58 - 00318600 _____ (Dropbox, Inc.) C:\Users\Niclas\Downloads\DropboxInstaller.exe
2014-06-04 14:38 - 2014-06-04 14:38 - 00012623 _____ () C:\Users\Niclas\Documents\Erwartungen der Controller.odt
2014-06-02 16:37 - 2014-05-08 21:25 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-30 12:21 - 2014-06-11 09:44 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 09:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 09:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 09:44 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 09:44 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 09:44 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 09:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 09:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 09:44 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 09:44 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 09:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 09:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 09:44 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 09:44 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 09:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 09:44 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 09:44 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 09:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 09:44 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 09:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 09:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 09:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 09:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 09:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 09:44 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 09:44 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 09:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 09:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 09:44 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 09:44 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 09:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 09:44 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 09:44 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 09:44 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 09:44 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 09:44 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 09:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 09:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 09:44 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 09:44 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 09:44 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 09:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 09:44 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 09:44 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 09:44 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 09:44 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 09:44 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 09:44 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 09:44 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 09:44 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 09:44 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 09:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-26 20:24 - 2014-05-26 20:24 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup(2).exe
2014-05-26 20:24 - 2014-05-26 20:23 - 36830792 _____ () C:\Users\Niclas\Downloads\mp68-win-mg3200-1_02-ea32_2.exe
2014-05-26 20:20 - 2014-05-26 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
2014-05-26 20:20 - 2014-05-26 20:20 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-05-26 20:20 - 2014-05-26 20:19 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup(1).exe
2014-05-26 20:19 - 2014-05-26 20:19 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup.exe
2014-05-26 20:00 - 2014-05-26 20:00 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-05-26 20:00 - 2014-05-26 20:00 - 00000000 ____D () C:\Windows\system32\NV
2014-05-26 20:00 - 2013-11-23 12:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-26 20:00 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-26 19:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-26 12:48 - 2013-11-23 18:35 - 00000000 ____D () C:\Users\Niclas\AppData\Local\PMB Files
2014-05-21 12:43 - 2014-05-08 21:25 - 00000000 ____D () C:\Program Files\002

Some content of TEMP:
====================
C:\Users\Niclas\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Niclas\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Niclas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfgrjqp.dll
C:\Users\Niclas\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Niclas\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Niclas\AppData\Local\Temp\nsb9A07.exe
C:\Users\Niclas\AppData\Local\Temp\nsb9DFE.exe
C:\Users\Niclas\AppData\Local\Temp\nseDA7A.exe
C:\Users\Niclas\AppData\Local\Temp\nsg8E41.exe
C:\Users\Niclas\AppData\Local\Temp\nsj3911.exe
C:\Users\Niclas\AppData\Local\Temp\nsk26B6.exe
C:\Users\Niclas\AppData\Local\Temp\nsp2B1A.exe
C:\Users\Niclas\AppData\Local\Temp\nstDE32.exe
C:\Users\Niclas\AppData\Local\Temp\nsu3598.exe
C:\Users\Niclas\AppData\Local\Temp\nsw8A5A.exe
C:\Users\Niclas\AppData\Local\Temp\nsz3CCA.exe
C:\Users\Niclas\AppData\Local\Temp\nszEB50.exe
C:\Users\Niclas\AppData\Local\Temp\sp-downloader.exe
C:\Users\Niclas\AppData\Local\Temp\SPSetup.exe
C:\Users\Niclas\AppData\Local\Temp\swt-win32-3349.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-11 21:27

==================== End Of Log ============================
Addition-Logfile
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by Niclas at 2014-06-20 00:11:36
Running from C:\Users\Niclas\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

4Videosoft Blu-ray Player 6.1.20 (HKLM-x32\...\{35920572-E9B4-4607-BFB5-BFC3965BA546}_is1) (Version: 6.1.20 - 4Videosoft Studio)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2011 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetLink Controller (HKLM\...\{519882EC-2207-4B57-9824-2560FFD36589}) (Version: 15.4.8.2 - Broadcom Corporation)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
DriverTuner 3.5.0.1 (HKLM-x32\...\DriverTuner_is1) (Version: 3.5.0.1 - LionSea Software co., ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.3 - Dropbox, Inc.)
ETDWare PS/2-X64 11.6.22.201_WHQL (HKLM\...\Elantech) (Version: 11.6.22.201 - ELAN Microelectronic Corp.)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3089 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.12 - Acer Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MinGW 5.0.0 (HKLM-x32\...\MinGW) (Version: 5.0.0 - MinGW)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.08 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.28130 - Realtek Semiconductor Corp.)
rrsavings (HKLM\...\rrsavings) (Version: 2.0.1 - rrsavings) <==== ATTENTION
RrSavings (x32 Version: 1.0.0.0 - RrSavings) Hidden <==== ATTENTION
SciTE Text Editor (HKLM\...\{1DEB2B95-76A9-4962-A66F-57780FF0827F}) (Version: 3.3.0 - ebswift.com)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.3.38 - Client Connect LTD) <==== ATTENTION
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Solid Edge ST6 (HKLM-x32\...\{E7AA3093-4539-45AB-9BFC-7FD7D2D174FB}) (Version: 106.00.00100 - Siemens)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Restore Points  =========================

19-06-2014 21:26:28 Microsoft PowerPoint Viewer wird entfernt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {96D927FD-6427-461B-A830-780BD87F2187} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-19] (AVAST Software)

==================== Loaded Modules (whitelisted) =============

2013-11-23 12:49 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-06-19 21:11 - 2014-06-19 18:13 - 02783232 _____ () C:\Program Files\AVAST Software\Avast\defs\14061901\algo.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-23 12:47 - 2013-01-23 09:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-11-23 13:14 - 2013-11-23 13:14 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-19 23:05 - 2014-06-19 23:05 - 00043008 _____ () c:\users\niclas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfgrjqp.dll
2014-06-04 14:59 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Niclas\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: netfilter64
Description: netfilter64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: netfilter64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2014 11:39:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17126, Zeitstempel: 0x53882e30
Name des fehlerhaften Moduls: aswWebRepIE.dll, Version: 9.0.2011.70, Zeitstempel: 0x52af2632
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00027a0b
ID des fehlerhaften Prozesses: 0x1598
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (06/19/2014 11:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 09:17:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

Error: (06/19/2014 09:17:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997

Error: (06/19/2014 09:17:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/19/2014 09:17:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (06/19/2014 09:17:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (06/19/2014 09:17:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/19/2014 03:05:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (06/19/2014 03:05:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23462472


System errors:
=============
Error: (06/19/2014 10:59:37 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 9
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (06/19/2014 10:59:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
netfilter64

Error: (06/18/2014 10:43:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
netfilter64

Error: (06/18/2014 06:00:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
netfilter64

Error: (06/18/2014 04:11:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
netfilter64

Error: (06/18/2014 03:54:05 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 9
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (06/18/2014 03:53:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
netfilter64

Error: (06/18/2014 03:45:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/17/2014 11:27:01 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/17/2014 10:36:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
netfilter64


Microsoft Office Sessions:
=========================
Error: (06/19/2014 11:39:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30aswWebRepIE.dll9.0.2011.7052af2632c000000500027a0b159801cf8c06e6844103C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files\AVAST Software\Avast\aswWebRepIE.dll3d9a5cb0-f7fa-11e3-b788-3c77e626cad0

Error: (06/19/2014 11:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 09:17:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997

Error: (06/19/2014 09:17:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997

Error: (06/19/2014 09:17:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/19/2014 09:17:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (06/19/2014 09:17:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (06/19/2014 09:17:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/19/2014 03:05:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (06/19/2014 03:05:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23462472


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 16264.36 MB
Available physical RAM: 13086.39 MB
Total Pagefile: 32526.9 MB
Available Pagefile: 29263.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.73 GB) (Free:5.52 GB) NTFS
Drive d: () (Fixed) (Total:882.68 GB) (Free:843.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E398F0FB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=883 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Gmer-Logfile
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-20 00:39:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006e ATA_____ rev.0002 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Niclas\AppData\Local\Temp\uwdiqpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                    fffff800031f0000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                                                    fffff800031f002f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Windows\system32\wininit.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                            000000007783ef8d 1 byte [62]
.text    C:\Windows\system32\services.exe[764] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                            000000007783ef8d 1 byte [62]
.text    C:\Windows\system32\winlogon.exe[844] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                            000000007783ef8d 1 byte [62]
.text    C:\Windows\system32\nvvsvc.exe[144] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                              000000007783ef8d 1 byte [62]
.text    C:\Windows\System32\svchost.exe[612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                            000000007783ef8d 1 byte [62]
.text    C:\Windows\system32\svchost.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                            000000007783ef8d 1 byte [62]
.text    C:\Windows\system32\svchost.exe[892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                            000000007783ef8d 1 byte [62]
.text    C:\Windows\system32\WLANExt.exe[1320] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                            000000007783ef8d 1 byte [62]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                  000000007783ef8d 1 byte [62]
.text    C:\Windows\system32\nvvsvc.exe[1544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                            000000007783ef8d 1 byte [62]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                              000000007583a2fd 1 byte [62]
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                              000000007583a2fd 1 byte [62]
.text    C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2036] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                          000000007583a2fd 1 byte [62]
.text    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[1216] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                      000000007783ef8d 1 byte [62]
.text    C:\Program Files (x86)\Acer\WDAgent\Ath_WlanAgent.exe[2180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                      000000007583a2fd 1 byte [62]
.text    C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[3760] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                          000000007583a2fd 1 byte [62]
.text    C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                        0000000075c81465 2 bytes [C8, 75]
.text    C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                        0000000075c814bb 2 bytes [C8, 75]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3808] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                    000000007583a2fd 1 byte [62]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  0000000075c81465 2 bytes [C8, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                  0000000075c814bb 2 bytes [C8, 75]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                            000000007583a2fd 1 byte [62]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3952] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                  000000007583a2fd 1 byte [62]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                0000000075c81465 2 bytes [C8, 75]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                0000000075c814bb 2 bytes [C8, 75]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4072] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        000000007783ef8d 1 byte [62]
.text    C:\Windows\System32\rundll32.exe[1084] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                          000000007783ef8d 1 byte [62]
.text    C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                      000007fefda82db0 5 bytes JMP 000007fffda70180
.text    C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                  000007fefda837d0 7 bytes JMP 000007fffda700d8
.text    C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                    000007fefda88ef0 6 bytes JMP 000007fffda70148
.text    C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                000007fefda9af60 5 bytes JMP 000007fffda70110
.text    C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                000007feff9689e0 8 bytes JMP 000007fffda701f0
.text    C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                              000007feff96be40 8 bytes JMP 000007fffda701b8
.text    C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                                                                                                      000007fef4badc88 5 bytes JMP 000007fff4b800d8
.text    C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                                                                                                      000007fef4bade10 5 bytes JMP 000007fff4b80110
.text    C:\Windows\Explorer.EXE[148] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                    000000007783ef8d 1 byte [62]
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1004] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                      000000007583a2fd 1 byte [62]
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                    0000000075c81465 2 bytes [C8, 75]
.text    C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                    0000000075c814bb 2 bytes [C8, 75]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[3524] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                    000000007583a2fd 1 byte [62]
.text    C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                  0000000075c81465 2 bytes [C8, 75]
.text    C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                  0000000075c814bb 2 bytes [C8, 75]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe[2732] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                              000000007583a2fd 1 byte [62]
.text    C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                            0000000075c81465 2 bytes [C8, 75]
.text    C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                          0000000075c814bb 2 bytes [C8, 75]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[288] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                          000000007583a2fd 1 byte [62]
.text    C:\Program Files\Elantech\ETDCtrl.exe[1164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                      000000007783ef8d 1 byte [62]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4100] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                            000000007783ef8d 1 byte [62]
.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                            000000007783ef8d 1 byte [62]
.text    C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe[4336] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                    000000007583a2fd 1 byte [62]
.text    C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                  0000000075c81465 2 bytes [C8, 75]
.text    C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                0000000075c814bb 2 bytes [C8, 75]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe[4552] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                    000000007583a2fd 1 byte [62]
.text    C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                  0000000075c81465 2 bytes [C8, 75]
.text    C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe[4552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                0000000075c814bb 2 bytes [C8, 75]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Dolby PCEE4\pcee4.exe[4740] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                                                                                  000000007783ef8d 1 byte [62]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                    000000007783ef8d 1 byte [62]
.text    C:\Program Files\AVAST Software\Avast\AvastUI.exe[4804] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                          000000007583a2fd 1 byte [62]
.text    C:\Program Files\Elantech\ETDCtrlHelper.exe[4932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                000000007783ef8d 1 byte [62]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[4124] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                            000000007583a2fd 1 byte [62]
.text    C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3560] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                    000000007583a2fd 1 byte [62]
.text    C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3560] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                  0000000075c81465 2 bytes [C8, 75]
.text    C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3560] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                0000000075c814bb 2 bytes [C8, 75]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\OpenOffice 4\program\swriter.exe[6996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                    000000007583a2fd 1 byte [62]
.text    C:\Program Files (x86)\OpenOffice 4\program\soffice.exe[8032] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                    000000007583a2fd 1 byte [62]
.text    C:\Program Files (x86)\OpenOffice 4\program\soffice.bin[6472] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                    000000007583a2fd 1 byte [62]
.text    C:\Program Files (x86)\OpenOffice 4\program\soffice.bin[6472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                  0000000075c81465 2 bytes [C8, 75]
.text    C:\Program Files (x86)\OpenOffice 4\program\soffice.bin[6472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                0000000075c814bb 2 bytes [C8, 75]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Users\Niclas\Downloads\Gmer-19357.exe[6156] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                  000000007583a2fd 1 byte [62]
---- Processes - GMER 2.1 ----

Library  C:\Users\Niclas\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3560](2014-06-04 12:59:41)                                                0000000004040000
Library  c:\users\niclas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfgrjqp.dll (*** suspicious ***) @ C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3560](2014-06-19 21:05:59)  0000000003d90000
Library  C:\Users\Niclas\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3560](2014-06-04 12:59:40)                                                      00000000643f0000
Library  C:\Users\Niclas\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3560] (ICU Data DLL/The ICU Project)(2014-06-04 12:59:40)                        0000000063a60000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3c77e626cad0                                                                                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3c77e626cad0 (not active ControlSet)                                                                                                                       

---- EOF - GMER 2.1 ----
defogger_disable-Logfile:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:09 on 20/06/2014 (Niclas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Vielen Dank

Nicls

schrauber 20.06.2014 05:58
hi,

Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Nicls 20.06.2014 12:03
Hi Schrauber,

danke für deine Hilfe.
Ich bin deinen Anweisungen gefolgt.
Im Revo Uninstaller habe ich das Programm rrsavings nicht gefunden und habe deshalb mit Schritt 2 weitergemacht.

Hier ist der Combofix.txt:
Code:
ComboFix 14-06-19.01 - Niclas 20.06.2014  12:44:07.1.8 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.16264.13657 [GMT 2:00]
ausgeführt von:: c:\users\Niclas\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\EULA.txt
c:\program files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat
c:\program files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files (x86)\SearchProtect\UI\bin\cltmngui.exe
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png
c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js
c:\program files (x86)\SearchProtect\UI\dialogs\style.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-05-20 bis 2014-06-20  ))))))))))))))))))))))))))))))
.
.
2014-06-20 10:51 . 2014-06-20 10:51        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2014-06-20 10:51 . 2014-06-20 10:51        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-06-20 10:49 . 2014-06-20 10:49        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7485A5D3-ECFA-4E33-B5FF-C3E6B145F173}\offreg.dll
2014-06-20 10:35 . 2014-06-05 10:54        10779000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7485A5D3-ECFA-4E33-B5FF-C3E6B145F173}\mpengine.dll
2014-06-20 10:24 . 2014-06-20 10:24        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-06-20 10:23 . 2014-06-20 10:23        --------        d-----w-        c:\users\Niclas\AppData\Local\Adobe
2014-06-19 22:09 . 2014-06-19 22:12        --------        d-----w-        C:\FRST
2014-06-19 21:49 . 2014-06-19 21:49        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2014-06-19 21:17 . 2014-06-19 21:17        --------        d-sh--w-        c:\users\Niclas\AppData\Local\EmieUserList
2014-06-19 21:17 . 2014-06-19 21:17        --------        d-sh--w-        c:\users\Niclas\AppData\Local\EmieSiteList
2014-06-15 18:42 . 2014-06-15 18:42        --------        d-----w-        c:\users\Niclas\AppData\Local\Apps
2014-06-15 18:20 . 2014-06-15 18:20        --------        d-----w-        c:\program files (x86)\MSECache
2014-06-14 12:17 . 2014-06-14 12:17        --------        d-----w-        c:\program files\McAfee Security Scan
2014-06-11 07:43 . 2014-04-25 02:34        801280        ----a-w-        c:\windows\system32\usp10.dll
2014-06-11 07:37 . 2014-06-08 09:13        506368        ----a-w-        c:\windows\system32\aepdu.dll
2014-06-11 07:37 . 2014-06-08 09:08        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-06-04 13:01 . 2014-06-20 10:28        --------        d-----r-        c:\users\Niclas\Dropbox
2014-06-04 12:58 . 2014-06-20 10:28        --------        d-----w-        c:\users\Niclas\AppData\Roaming\Dropbox
2014-05-27 17:00 . 2014-01-09 02:22        5694464        ----a-w-        c:\windows\SysWow64\mstscax.dll
2014-05-27 17:00 . 2014-01-03 22:44        6574592        ----a-w-        c:\windows\system32\mstscax.dll
2014-05-26 18:20 . 2014-05-26 18:20        --------        d-----w-        c:\program files (x86)\DriverTuner
2014-05-26 18:00 . 2014-05-26 18:00        --------        d-----w-        c:\windows\SysWow64\NV
2014-05-26 18:00 . 2014-05-26 18:00        --------        d-----w-        c:\windows\system32\NV
2014-05-26 17:56 . 2012-08-23 14:10        19456        ----a-w-        c:\windows\system32\drivers\rdpvideominiport.sys
2014-05-26 17:56 . 2012-08-23 14:08        30208        ----a-w-        c:\windows\system32\drivers\TsUsbGD.sys
2014-05-26 17:56 . 2012-08-23 11:12        192000        ----a-w-        c:\windows\SysWow64\rdpendp_winip.dll
2014-05-26 17:56 . 2012-08-23 14:13        243200        ----a-w-        c:\windows\system32\rdpudd.dll
2014-05-26 17:56 . 2012-08-23 10:51        228864        ----a-w-        c:\windows\system32\rdpendp_winip.dll
2014-05-26 17:52 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll
2014-05-26 17:52 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2014-05-26 17:52 . 2013-09-25 02:23        1030144        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-05-26 17:52 . 2013-09-25 01:57        792576        ----a-w-        c:\windows\SysWow64\TSWorkspace.dll
2014-05-26 17:19 . 2014-06-11 10:32        --------        d-----w-        c:\windows\system32\MRT
2014-05-26 17:05 . 2014-05-26 17:05        --------        d-----w-        c:\users\Niclas\AppData\Local\ElevatedDiagnostics
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-19 23:43 . 2013-11-23 11:35        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-19 23:43 . 2013-11-23 11:35        699056        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-12 02:22 . 2014-05-14 21:02        155072        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 21:02        95680        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 21:02        136192        ----a-w-        c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 21:02        29184        ----a-w-        c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 21:02        28160        ----a-w-        c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 21:02        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 21:02        31232        ----a-w-        c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 21:02        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 21:02        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-03-31 07:35 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-03-25 02:43 . 2014-05-14 21:03        14175744        ----a-w-        c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44        131248        ----a-w-        c:\users\Niclas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44        131248        ----a-w-        c:\users\Niclas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44        131248        ----a-w-        c:\users\Niclas\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Niclas\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2012-08-31 508144]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-19 3764024]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-6-4 33322976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CltMngSvc;Search Protect Service;c:\progra~2\SearchProtect\Main\bin\CltMngSvc.exe;c:\progra~2\SearchProtect\Main\bin\CltMngSvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Acer\WDAgent\Ath_WlanAgent.exe;c:\program files (x86)\Acer\WDAgent\Ath_WlanAgent.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-19 19:55        287280        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44        164016        ----a-w-        c:\users\Niclas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44        164016        ----a-w-        c:\users\Niclas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44        164016        ----a-w-        c:\users\Niclas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-05-28 23:44        164016        ----a-w-        c:\users\Niclas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-29 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-29 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-29 441840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-18 13427784]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-08 1278024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M06BB1457-341F-4C44-9402-024D341504F1&SearchSource=55&CUI=&UM=5&UP=SP3316D1AE-4C2E-4221-8157-1D65F8AA1477&SSPV=
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\o3n2neqh.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RGSC - d:\gta iv\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKLM-Run-LManager - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-213224662-1072476941-1227045895-1000\Software\SecuROM\License information*]
"datasecu"=hex:52,83,d5,8a,a0,d3,04,10,31,6b,85,38,18,e2,33,50,1f,b1,12,cb,4d,
  db,e1,55,04,dc,06,53,dd,d8,c5,07,84,05,09,76,4c,6f,db,ef,2e,f5,6a,d9,0c,c7,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-20  12:55:17
ComboFix-quarantined-files.txt  2014-06-20 10:55
.
Vor Suchlauf: 5.368.348.672 Bytes frei
Nach Suchlauf: 6.239.141.888 Bytes frei
.
- - End Of File - - 03E22EF7A9297B2F55C3294240CCB1A0
A36C5E4F47E84449FF07ED3517B43A31
Ich hoffe ich habe soweit alles richtig gemacht.

Liebe Grüße
Nicls

schrauber 21.06.2014 09:18
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Nicls 23.06.2014 18:32
hi,
hier sind die txt-dateien:

mbam:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 21.06.2014
Suchlauf-Zeit: 14:32:34
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.21.04
Rootkit Datenbank: v2014.06.20.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Niclas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 315734
Verstrichene Zeit: 15 Min, 41 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 7
PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [77a1512abebd63d336fb0f34cb3740c0],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\rrsavings, In Quarantäne, [86925823e79464d2d3cf6f46768c629e],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\rrsavings, In Quarantäne, [9b7dc5b636451b1b029e6c493bc712ee],
PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [0c0ccfac7a01e94dcf276c6f57ac9868],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-213224662-1072476941-1227045895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RrSavings, In Quarantäne, [0414d6a516655fd7e2c2a70eb15130d0],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-213224662-1072476941-1227045895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings, In Quarantäne, [6fa9e2994932cf67d6d20ea7659dfe02],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-213224662-1072476941-1227045895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\rrsavings, In Quarantäne, [5abe67143d3eda5c3b6c971e887af40c],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-213224662-1072476941-1227045895-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M06BB1457-341F-4C44-9402-024D341504F1&SearchSource=55&CUI=&UM=5&UP=SP3316D1AE-4C2E-4221-8157-1D65F8AA1477&SSPV=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M06BB1457-341F-4C44-9402-024D341504F1&SearchSource=55&CUI=&UM=5&UP=SP3316D1AE-4C2E-4221-8157-1D65F8AA1477&SSPV=),Ersetzt,[f820ec8fe2998aac261d90e7798bf907]

Ordner: 4
PUP.Optional.RRSavings.A, C:\Program Files\rrsavings, In Quarantäne, [f91f5e1d96e55cda8c54d3c6956d25db],
PUP.Optional.SearchProtect.A, C:\Users\Niclas\AppData\Local\SearchProtect, In Quarantäne, [49cf1665a4d785b1c57264404fb321df],
PUP.Optional.SearchProtect.A, C:\Users\Niclas\AppData\Local\SearchProtect\SearchProtect, In Quarantäne, [49cf1665a4d785b1c57264404fb321df],
PUP.Optional.SearchProtect.A, C:\Users\Niclas\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [49cf1665a4d785b1c57264404fb321df],

Dateien: 3
PUP.Optional.DownloadSponsor, C:\Users\Niclas\Downloads\OpenOffice - CHIP-Downloader.exe, In Quarantäne, [f91f25565229b08693dd80d1739133cd],
PUP.Optional.RRSavings.A, C:\Program Files\rrsavings\uninstaller.exe, In Quarantäne, [f91f5e1d96e55cda8c54d3c6956d25db],
PUP.Optional.SearchProtect.A, C:\Users\Niclas\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [49cf1665a4d785b1c57264404fb321df],

Physische Sektoren: 0
(No malicious items detected)


(end)
AdwCleaner:
Code:
# AdwCleaner v3.213 - Bericht erstellt am 23/06/2014 um 18:59:13
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Niclas - NICLAS-PC
# Gestartet von : C:\Users\Niclas\Desktop\adwcleaner_3.213.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Rr Savings
Ordner Gelöscht : C:\Program Files\002
Datei Gelöscht : C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\o3n2neqh.default\foxydeal.sqlite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3566FB70-E722-4182-8266-815EAE862998}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\07BF6653227E2814286618E5EA689289
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\07BF6653227E2814286618E5EA689289

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\o3n2neqh.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1568 octets] - [23/06/2014 18:57:53]
AdwCleaner[S0].txt - [1439 octets] - [23/06/2014 18:59:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1499 octets] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Niclas on 23.06.2014 at 19:05:40,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Niclas\AppData\Roaming\mozilla\firefox\profiles\o3n2neqh.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.06.2014 at 19:23:22,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Niclas (administrator) on NICLAS-PC on 23-06-2014 19:25:38
Running from C:\Users\Niclas\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Acer\WDAgent\Ath_WlanAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Akamai Technologies, Inc.) C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Akamai Technologies, Inc.) C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508144 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-20] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-213224662-1072476941-1227045895-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-213224662-1072476941-1227045895-1001\...\MountPoints2: {3b00f8ab-53bb-11e3-9bb9-806e6f6e6963} - E:\AutoRun\AutoRunX\AutoRunX.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD056B46C3EE8CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\o3n2neqh.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.1 - D:\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\o3n2neqh.default\Extensions\ich@maltegoetz.de [2014-06-20]
FF Extension: Adblock Plus - C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\o3n2neqh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-23]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-20] (AVAST Software)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Acer\WDAgent\Ath_WlanAgent.exe [77824 2012-05-03] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-20] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 netfilter64; system32\drivers\netfilter64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-23 19:25 - 2014-06-23 19:25 - 00000000 ____D () C:\Users\Niclas\Downloads\FRST-OlderVersion
2014-06-23 19:23 - 2014-06-23 19:23 - 00000828 _____ () C:\Users\Niclas\Desktop\JRT.txt
2014-06-23 19:05 - 2014-06-23 19:05 - 01016261 _____ (Thisisu) C:\Users\Niclas\Desktop\JRT.exe
2014-06-23 19:05 - 2014-06-23 19:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-23 18:57 - 2014-06-23 18:59 - 00000000 ____D () C:\AdwCleaner
2014-06-23 18:57 - 2014-06-23 18:57 - 01342659 _____ () C:\Users\Niclas\Desktop\adwcleaner_3.213.exe
2014-06-21 14:58 - 2014-06-21 14:58 - 00003784 _____ () C:\Users\Niclas\Desktop\mbam.txt
2014-06-21 14:31 - 2014-06-21 14:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 14:30 - 2014-06-21 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-21 14:30 - 2014-06-21 14:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 14:30 - 2014-06-21 14:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-21 14:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-21 14:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-21 14:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-21 14:25 - 2014-06-21 14:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Niclas\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-20 21:48 - 2014-06-20 21:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-20 21:48 - 2014-06-20 21:48 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-20 15:51 - 2014-06-20 15:52 - 00123818 _____ () C:\Users\Niclas\Downloads\Aufnahme bei Consult One.zip
2014-06-20 13:07 - 2014-06-20 13:08 - 00000000 ____D () C:\Users\Niclas\Desktop\Trojaner Board
2014-06-20 12:55 - 2014-06-20 12:55 - 00026771 _____ () C:\ComboFix.txt
2014-06-20 12:42 - 2014-06-20 12:55 - 00000000 ____D () C:\Qoobox
2014-06-20 12:42 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-20 12:42 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-20 12:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-20 12:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-20 12:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-20 12:42 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-20 12:42 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-20 12:42 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-20 12:41 - 2014-06-20 12:52 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 12:40 - 2014-06-20 12:40 - 05207168 ____R (Swearware) C:\Users\Niclas\Desktop\ComboFix.exe
2014-06-20 12:24 - 2014-06-20 12:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-20 12:23 - 2014-06-20 12:23 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Adobe
2014-06-20 12:22 - 2014-06-20 12:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Niclas\Downloads\revosetup95.exe
2014-06-20 00:27 - 2014-06-20 00:28 - 00380416 _____ () C:\Users\Niclas\Downloads\Gmer-19357.exe
2014-06-20 00:11 - 2014-06-20 00:12 - 00018964 _____ () C:\Users\Niclas\Downloads\Addition.txt
2014-06-20 00:10 - 2014-06-23 19:25 - 00013211 _____ () C:\Users\Niclas\Downloads\FRST.txt
2014-06-20 00:09 - 2014-06-23 19:25 - 02082816 _____ (Farbar) C:\Users\Niclas\Downloads\FRST64.exe
2014-06-20 00:09 - 2014-06-23 19:25 - 00000000 ____D () C:\FRST
2014-06-20 00:09 - 2014-06-20 00:09 - 00000000 _____ () C:\Users\Niclas\defogger_reenable
2014-06-20 00:08 - 2014-06-20 00:08 - 00050477 _____ () C:\Users\Niclas\Downloads\Defogger.exe
2014-06-20 00:06 - 2014-06-20 00:06 - 00003138 _____ () C:\Windows\System32\Tasks\{BECBBACC-41D4-401B-BC09-A0D738BC67C8}
2014-06-20 00:05 - 2014-06-20 00:05 - 00009455 _____ () C:\Users\Niclas\Downloads\hijackthis.log
2014-06-20 00:03 - 2014-06-20 00:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Niclas\Downloads\HiJackThis204.exe
2014-06-19 23:49 - 2014-06-19 23:49 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 23:49 - 2014-06-19 23:49 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 23:48 - 2014-06-19 23:48 - 00284288 _____ (Mozilla) C:\Users\Niclas\Downloads\Firefox Setup Stub 30.0.exe
2014-06-19 23:27 - 2014-06-19 23:27 - 29677544 _____ (Mozilla) C:\Users\Niclas\Downloads\Firefox_Setup_de30.0.exe
2014-06-19 23:17 - 2014-06-19 23:17 - 00000000 __SHD () C:\Users\Niclas\AppData\Local\EmieUserList
2014-06-19 23:17 - 2014-06-19 23:17 - 00000000 __SHD () C:\Users\Niclas\AppData\Local\EmieSiteList
2014-06-18 15:44 - 2014-06-18 15:44 - 00000000 ____D () C:\Users\Niclas\Desktop\Spiele
2014-06-18 15:43 - 2014-06-20 13:07 - 00000000 ____D () C:\Users\Niclas\Desktop\Programme
2014-06-18 15:40 - 2014-06-20 15:09 - 00000000 ____D () C:\Users\Niclas\Downloads\SEPA Ref.Nr.6100319358
2014-06-15 20:58 - 2014-06-15 21:13 - 63363736 _____ (Microsoft Corporation) C:\Users\Niclas\Downloads\PowerPointViewer.exe
2014-06-15 20:42 - 2014-06-15 20:42 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Apps\2.0
2014-06-15 20:20 - 2014-06-15 20:20 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-06-15 20:01 - 2014-06-15 20:12 - 63363736 _____ (Microsoft Corporation) C:\Users\Niclas\Downloads\PowerPointViewer2010.exe
2014-06-15 17:49 - 2014-06-15 17:49 - 00000603 _____ () C:\Users\Niclas\Desktop\WBStool8.lnk
2014-06-15 17:47 - 2014-06-15 17:47 - 00032021 _____ () C:\Users\Niclas\Downloads\Start.zip
2014-06-14 14:17 - 2014-06-14 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-14 14:17 - 2014-06-14 14:17 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-11 09:44 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 09:44 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 09:44 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 09:44 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 09:44 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 09:44 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 09:44 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 09:44 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 09:44 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 09:44 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 09:44 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 09:44 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 09:44 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 09:44 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 09:44 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 09:44 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 09:44 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 09:44 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 09:44 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 09:44 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 09:44 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 09:44 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 09:44 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 09:44 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 09:44 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 09:44 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 09:44 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 09:44 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 09:44 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 09:44 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 09:44 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 09:44 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 09:44 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 09:44 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 09:44 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 09:44 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 09:44 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 09:44 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 09:44 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 09:44 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 09:44 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 09:44 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 09:44 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 09:44 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 09:44 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 09:44 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 09:44 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 09:44 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 09:44 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 09:44 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 09:44 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 09:44 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 09:43 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 09:43 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 09:43 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 09:43 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 09:43 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 09:43 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 09:43 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 09:43 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 09:43 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 09:43 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 09:43 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 09:43 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 09:43 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 09:43 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 09:37 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 09:37 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 15:01 - 2014-06-23 19:01 - 00000000 ___RD () C:\Users\Niclas\Dropbox
2014-06-04 15:01 - 2014-06-04 15:01 - 00001041 _____ () C:\Users\Niclas\Desktop\Dropbox.lnk
2014-06-04 14:59 - 2014-06-23 19:01 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\DropboxMaster
2014-06-04 14:59 - 2014-06-04 14:59 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-04 14:58 - 2014-06-23 19:01 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dropbox
2014-06-04 14:58 - 2014-06-04 14:58 - 00318600 _____ (Dropbox, Inc.) C:\Users\Niclas\Downloads\DropboxInstaller.exe
2014-06-04 14:38 - 2014-06-04 14:38 - 00012623 _____ () C:\Users\Niclas\Documents\Erwartungen der Controller.odt
2014-05-27 19:00 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-27 19:00 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-26 20:24 - 2014-05-26 20:24 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup(2).exe
2014-05-26 20:23 - 2014-05-26 20:24 - 36830792 _____ () C:\Users\Niclas\Downloads\mp68-win-mg3200-1_02-ea32_2.exe
2014-05-26 20:20 - 2014-05-26 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
2014-05-26 20:20 - 2014-05-26 20:20 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-05-26 20:19 - 2014-05-26 20:20 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup(1).exe
2014-05-26 20:19 - 2014-05-26 20:19 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup.exe
2014-05-26 20:00 - 2014-05-26 20:00 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-05-26 20:00 - 2014-05-26 20:00 - 00000000 ____D () C:\Windows\system32\NV
2014-05-26 19:57 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-26 19:57 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-26 19:57 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-26 19:57 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-26 19:57 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-26 19:57 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-26 19:57 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-26 19:57 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-26 19:57 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-26 19:57 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-26 19:57 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-26 19:57 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-26 19:57 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-26 19:57 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-26 19:57 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-26 19:57 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-26 19:56 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-05-26 19:56 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-05-26 19:56 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-05-26 19:56 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-05-26 19:56 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-05-26 19:52 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-26 19:52 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-26 19:52 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-05-26 19:52 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-05-26 19:19 - 2014-06-11 12:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-26 19:19 - 2014-06-11 12:31 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-25 21:47 - 2014-06-15 18:05 - 00000000 ____D () C:\Users\Niclas\Documents\Consult One

==================== One Month Modified Files and Folders =======

2014-06-23 19:26 - 2014-06-20 00:10 - 00013211 _____ () C:\Users\Niclas\Downloads\FRST.txt
2014-06-23 19:25 - 2014-06-23 19:25 - 00000000 ____D () C:\Users\Niclas\Downloads\FRST-OlderVersion
2014-06-23 19:25 - 2014-06-20 00:09 - 02082816 _____ (Farbar) C:\Users\Niclas\Downloads\FRST64.exe
2014-06-23 19:25 - 2014-06-20 00:09 - 00000000 ____D () C:\FRST
2014-06-23 19:23 - 2014-06-23 19:23 - 00000828 _____ () C:\Users\Niclas\Desktop\JRT.txt
2014-06-23 19:07 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 19:07 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 19:05 - 2014-06-23 19:05 - 01016261 _____ (Thisisu) C:\Users\Niclas\Desktop\JRT.exe
2014-06-23 19:05 - 2014-06-23 19:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-23 19:01 - 2014-06-04 15:01 - 00000000 ___RD () C:\Users\Niclas\Dropbox
2014-06-23 19:01 - 2014-06-04 14:59 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\DropboxMaster
2014-06-23 19:01 - 2014-06-04 14:58 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dropbox
2014-06-23 19:00 - 2010-11-21 05:47 - 00185954 _____ () C:\Windows\PFRO.log
2014-06-23 19:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 19:00 - 2009-07-14 06:51 - 00039455 _____ () C:\Windows\setupact.log
2014-06-23 18:59 - 2014-06-23 18:57 - 00000000 ____D () C:\AdwCleaner
2014-06-23 18:59 - 2013-11-22 23:18 - 01960193 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 18:57 - 2014-06-23 18:57 - 01342659 _____ () C:\Users\Niclas\Desktop\adwcleaner_3.213.exe
2014-06-21 15:36 - 2013-11-23 18:35 - 00000000 ____D () C:\Users\Niclas\AppData\Local\PMB Files
2014-06-21 14:58 - 2014-06-21 14:58 - 00003784 _____ () C:\Users\Niclas\Desktop\mbam.txt
2014-06-21 14:52 - 2014-06-21 14:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 14:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-06-21 14:30 - 2014-06-21 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-21 14:30 - 2014-06-21 14:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 14:30 - 2014-06-21 14:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-21 14:26 - 2014-06-21 14:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Niclas\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-20 21:48 - 2014-06-20 21:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-20 21:48 - 2014-06-20 21:48 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-20 21:48 - 2014-01-19 21:55 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-20 21:48 - 2013-11-23 13:17 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-20 21:48 - 2013-11-23 13:17 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-20 21:48 - 2013-11-23 13:14 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-20 21:48 - 2013-11-23 13:14 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-20 21:48 - 2013-11-23 13:14 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-20 21:48 - 2013-11-23 13:14 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-20 21:48 - 2013-11-23 13:14 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-20 21:48 - 2013-11-23 13:14 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-20 21:48 - 2013-11-23 13:14 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-20 15:52 - 2014-06-20 15:51 - 00123818 _____ () C:\Users\Niclas\Downloads\Aufnahme bei Consult One.zip
2014-06-20 15:09 - 2014-06-18 15:40 - 00000000 ____D () C:\Users\Niclas\Downloads\SEPA Ref.Nr.6100319358
2014-06-20 13:08 - 2014-06-20 13:07 - 00000000 ____D () C:\Users\Niclas\Desktop\Trojaner Board
2014-06-20 13:07 - 2014-06-18 15:43 - 00000000 ____D () C:\Users\Niclas\Desktop\Programme
2014-06-20 12:55 - 2014-06-20 12:55 - 00026771 _____ () C:\ComboFix.txt
2014-06-20 12:55 - 2014-06-20 12:42 - 00000000 ____D () C:\Qoobox
2014-06-20 12:52 - 2014-06-20 12:41 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 12:52 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-20 12:40 - 2014-06-20 12:40 - 05207168 ____R (Swearware) C:\Users\Niclas\Desktop\ComboFix.exe
2014-06-20 12:24 - 2014-06-20 12:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-20 12:23 - 2014-06-20 12:23 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Adobe
2014-06-20 12:22 - 2014-06-20 12:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Niclas\Downloads\revosetup95.exe
2014-06-20 12:13 - 2013-11-23 13:26 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Mozilla
2014-06-20 01:43 - 2013-11-23 13:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-20 01:43 - 2013-11-23 13:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-20 00:28 - 2014-06-20 00:27 - 00380416 _____ () C:\Users\Niclas\Downloads\Gmer-19357.exe
2014-06-20 00:12 - 2014-06-20 00:11 - 00018964 _____ () C:\Users\Niclas\Downloads\Addition.txt
2014-06-20 00:09 - 2014-06-20 00:09 - 00000000 _____ () C:\Users\Niclas\defogger_reenable
2014-06-20 00:09 - 2013-11-22 16:25 - 00000000 ____D () C:\Users\Niclas
2014-06-20 00:08 - 2014-06-20 00:08 - 00050477 _____ () C:\Users\Niclas\Downloads\Defogger.exe
2014-06-20 00:06 - 2014-06-20 00:06 - 00003138 _____ () C:\Windows\System32\Tasks\{BECBBACC-41D4-401B-BC09-A0D738BC67C8}
2014-06-20 00:05 - 2014-06-20 00:05 - 00009455 _____ () C:\Users\Niclas\Downloads\hijackthis.log
2014-06-20 00:05 - 2014-06-20 00:03 - 00388608 _____ (Trend Micro Inc.) C:\Users\Niclas\Downloads\HiJackThis204.exe
2014-06-20 00:05 - 2013-11-22 16:25 - 00000000 ____D () C:\Users\Niclas\AppData\Local\VirtualStore
2014-06-19 23:49 - 2014-06-19 23:49 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 23:49 - 2014-06-19 23:49 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 23:48 - 2014-06-19 23:48 - 00284288 _____ (Mozilla) C:\Users\Niclas\Downloads\Firefox Setup Stub 30.0.exe
2014-06-19 23:39 - 2013-11-23 13:20 - 00000000 ____D () C:\Users\Niclas\AppData\Local\CrashDumps
2014-06-19 23:27 - 2014-06-19 23:27 - 29677544 _____ (Mozilla) C:\Users\Niclas\Downloads\Firefox_Setup_de30.0.exe
2014-06-19 23:17 - 2014-06-19 23:17 - 00000000 __SHD () C:\Users\Niclas\AppData\Local\EmieUserList
2014-06-19 23:17 - 2014-06-19 23:17 - 00000000 __SHD () C:\Users\Niclas\AppData\Local\EmieSiteList
2014-06-18 15:44 - 2014-06-18 15:44 - 00000000 ____D () C:\Users\Niclas\Desktop\Spiele
2014-06-17 13:02 - 2014-05-08 21:26 - 00000000 ____D () C:\temp
2014-06-17 10:43 - 2010-11-21 08:50 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-06-17 10:43 - 2010-11-21 08:50 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-06-17 10:43 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-15 23:47 - 2009-07-14 06:45 - 00323288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-15 21:27 - 2013-11-23 13:01 - 00074760 _____ () C:\Users\Niclas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-15 21:13 - 2014-06-15 20:58 - 63363736 _____ (Microsoft Corporation) C:\Users\Niclas\Downloads\PowerPointViewer.exe
2014-06-15 20:55 - 2014-01-14 22:04 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-15 20:42 - 2014-06-15 20:42 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Apps\2.0
2014-06-15 20:20 - 2014-06-15 20:20 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-06-15 20:12 - 2014-06-15 20:01 - 63363736 _____ (Microsoft Corporation) C:\Users\Niclas\Downloads\PowerPointViewer2010.exe
2014-06-15 18:05 - 2014-05-25 21:47 - 00000000 ____D () C:\Users\Niclas\Documents\Consult One
2014-06-15 17:49 - 2014-06-15 17:49 - 00000603 _____ () C:\Users\Niclas\Desktop\WBStool8.lnk
2014-06-15 17:47 - 2014-06-15 17:47 - 00032021 _____ () C:\Users\Niclas\Downloads\Start.zip
2014-06-14 14:17 - 2014-06-14 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-14 14:17 - 2014-06-14 14:17 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-14 14:17 - 2014-01-14 13:39 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-11 21:34 - 2014-04-17 19:00 - 00000000 ____D () C:\Windows\rescache
2014-06-11 12:32 - 2014-05-26 19:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 12:31 - 2014-05-26 19:19 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 12:30 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 11:13 - 2014-06-11 09:37 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 09:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 15:32 - 2013-11-23 13:36 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Adobe
2014-06-04 15:01 - 2014-06-04 15:01 - 00001041 _____ () C:\Users\Niclas\Desktop\Dropbox.lnk
2014-06-04 14:59 - 2014-06-04 14:59 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-04 14:58 - 2014-06-04 14:58 - 00318600 _____ (Dropbox, Inc.) C:\Users\Niclas\Downloads\DropboxInstaller.exe
2014-06-04 14:38 - 2014-06-04 14:38 - 00012623 _____ () C:\Users\Niclas\Documents\Erwartungen der Controller.odt
2014-05-30 12:21 - 2014-06-11 09:44 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 09:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 09:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 09:44 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 09:44 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 09:44 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 09:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 09:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 09:44 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 09:44 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 09:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 09:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 09:44 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 09:44 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 09:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 09:44 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 09:44 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 09:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 09:44 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 09:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 09:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 09:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 09:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 09:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 09:44 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 09:44 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 09:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 09:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 09:44 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 09:44 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 09:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 09:44 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 09:44 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 09:44 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 09:44 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 09:44 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 09:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 09:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 09:44 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 09:44 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 09:44 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 09:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 09:44 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 09:44 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 09:44 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 09:44 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 09:44 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 09:44 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 09:44 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 09:44 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 09:44 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 09:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-26 20:24 - 2014-05-26 20:24 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup(2).exe
2014-05-26 20:24 - 2014-05-26 20:23 - 36830792 _____ () C:\Users\Niclas\Downloads\mp68-win-mg3200-1_02-ea32_2.exe
2014-05-26 20:20 - 2014-05-26 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
2014-05-26 20:20 - 2014-05-26 20:20 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-05-26 20:20 - 2014-05-26 20:19 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup(1).exe
2014-05-26 20:19 - 2014-05-26 20:19 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup.exe
2014-05-26 20:00 - 2014-05-26 20:00 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-05-26 20:00 - 2014-05-26 20:00 - 00000000 ____D () C:\Windows\system32\NV
2014-05-26 20:00 - 2013-11-23 12:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-26 20:00 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-26 19:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Niclas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq7neig.dll
C:\Users\Niclas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-20 02:30

==================== End Of Log ============================
--- --- ---

--- --- ---


Vielen Dank & Liebe Grüße

Nicls

schrauber 24.06.2014 12:29

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Nicls 24.06.2014 14:30
danke für die schnelle Antwort.
Hier die txt-dateien:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=33ea0f6ce4cb454c9fe1cf0858ef9c49
# engine=18858
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-24 01:11:38
# local_time=2014-06-24 03:11:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 321728 18413819 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 12081 155245348 0 0
# scanned=149062
# found=8
# cleaned=0
# scan_time=4558
sh=8A821139287EEFFCFBD9DD1A7EFE180766DE3285 ft=0 fh=0000000000000000 vn="JS/Adware.Adpeak.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Rr Savings\bootstrap.js.vir"
sh=15087CCA54DCBEAD06C36619A6F149241CA27873 ft=1 fh=c71c00111974b402 vn="Win32/AdWare.Adpeak.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Rr Savings\SendJson.dll.vir"
sh=81FBC911F6F39943B5A508257ED317C6A388CA54 ft=1 fh=f881a71255879118 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=CC7735B51ACFC778DAFCE7B9C25798C1149059CA ft=1 fh=bdcf262ba56c13e6 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=E07AC00C609A9096EFEDCF5839D77AD91C96BD2D ft=1 fh=a44174895411af10 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3AE79DE1D9A3C56075DB1B53DF9D7880AE03A5F6 ft=1 fh=bd390a3911fc5a39 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=0F00EB8310C851AAD8AE9C7C17EF5F0D81617D3A ft=1 fh=1090c94a8e08b65e vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Niclas\Downloads\cbsidlm-cbsi188-SciTE-ORG-202843.exe"

Code:
UNSUPPORTED OPERATING SYSTEM! ABORTED!


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Niclas (administrator) on NICLAS-PC on 24-06-2014 15:19:37
Running from C:\Users\Niclas\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Acer\WDAgent\Ath_WlanAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Akamai Technologies, Inc.) C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Akamai Technologies, Inc.) C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
() C:\Users\Niclas\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508144 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-20] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-213224662-1072476941-1227045895-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Niclas\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-213224662-1072476941-1227045895-1001\...\MountPoints2: {3b00f8ab-53bb-11e3-9bb9-806e6f6e6963} - E:\AutoRun\AutoRunX\AutoRunX.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD056B46C3EE8CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\o3n2neqh.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.1 - D:\VLC-Player\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\o3n2neqh.default\Extensions\ich@maltegoetz.de [2014-06-20]
FF Extension: Adblock Plus - C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\o3n2neqh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-23]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-20] (AVAST Software)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Acer\WDAgent\Ath_WlanAgent.exe [77824 2012-05-03] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-20] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 netfilter64; system32\drivers\netfilter64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-24 15:19 - 2014-06-24 15:19 - 00013547 _____ () C:\Users\Niclas\Downloads\FRST.txt
2014-06-24 15:17 - 2014-06-24 15:17 - 00854367 _____ () C:\Users\Niclas\Desktop\SecurityCheck.exe
2014-06-24 13:49 - 2014-06-24 13:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-24 13:48 - 2014-06-24 13:49 - 02347384 _____ (ESET) C:\Users\Niclas\Desktop\esetsmartinstaller_deu.exe
2014-06-23 19:25 - 2014-06-23 19:25 - 00000000 ____D () C:\Users\Niclas\Downloads\FRST-OlderVersion
2014-06-23 19:05 - 2014-06-23 19:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-23 18:57 - 2014-06-23 18:59 - 00000000 ____D () C:\AdwCleaner
2014-06-21 14:31 - 2014-06-21 14:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 14:30 - 2014-06-21 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-21 14:30 - 2014-06-21 14:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 14:30 - 2014-06-21 14:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-21 14:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-21 14:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-21 14:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-21 14:25 - 2014-06-21 14:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Niclas\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-20 21:48 - 2014-06-20 21:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-20 21:48 - 2014-06-20 21:48 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-20 15:51 - 2014-06-20 15:52 - 00123818 _____ () C:\Users\Niclas\Downloads\Aufnahme bei Consult One.zip
2014-06-20 13:07 - 2014-06-23 19:32 - 00000000 ____D () C:\Users\Niclas\Desktop\Trojaner Board
2014-06-20 12:55 - 2014-06-20 12:55 - 00026771 _____ () C:\ComboFix.txt
2014-06-20 12:42 - 2014-06-20 12:55 - 00000000 ____D () C:\Qoobox
2014-06-20 12:42 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-20 12:42 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-20 12:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-20 12:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-20 12:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-20 12:42 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-20 12:42 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-20 12:42 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-20 12:41 - 2014-06-20 12:52 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 12:24 - 2014-06-20 12:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-20 12:23 - 2014-06-20 12:23 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Adobe
2014-06-20 12:22 - 2014-06-20 12:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Niclas\Downloads\revosetup95.exe
2014-06-20 00:27 - 2014-06-20 00:28 - 00380416 _____ () C:\Users\Niclas\Downloads\Gmer-19357.exe
2014-06-20 00:11 - 2014-06-20 00:12 - 00018964 _____ () C:\Users\Niclas\Downloads\Addition.txt
2014-06-20 00:09 - 2014-06-24 15:19 - 00000000 ____D () C:\FRST
2014-06-20 00:09 - 2014-06-23 19:25 - 02082816 _____ (Farbar) C:\Users\Niclas\Downloads\FRST64.exe
2014-06-20 00:09 - 2014-06-20 00:09 - 00000000 _____ () C:\Users\Niclas\defogger_reenable
2014-06-20 00:08 - 2014-06-20 00:08 - 00050477 _____ () C:\Users\Niclas\Downloads\Defogger.exe
2014-06-20 00:06 - 2014-06-20 00:06 - 00003138 _____ () C:\Windows\System32\Tasks\{BECBBACC-41D4-401B-BC09-A0D738BC67C8}
2014-06-20 00:05 - 2014-06-20 00:05 - 00009455 _____ () C:\Users\Niclas\Downloads\hijackthis.log
2014-06-20 00:03 - 2014-06-20 00:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\Niclas\Downloads\HiJackThis204.exe
2014-06-19 23:49 - 2014-06-19 23:49 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 23:49 - 2014-06-19 23:49 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 23:48 - 2014-06-19 23:48 - 00284288 _____ (Mozilla) C:\Users\Niclas\Downloads\Firefox Setup Stub 30.0.exe
2014-06-19 23:27 - 2014-06-19 23:27 - 29677544 _____ (Mozilla) C:\Users\Niclas\Downloads\Firefox_Setup_de30.0.exe
2014-06-19 23:17 - 2014-06-19 23:17 - 00000000 __SHD () C:\Users\Niclas\AppData\Local\EmieUserList
2014-06-19 23:17 - 2014-06-19 23:17 - 00000000 __SHD () C:\Users\Niclas\AppData\Local\EmieSiteList
2014-06-18 15:44 - 2014-06-18 15:44 - 00000000 ____D () C:\Users\Niclas\Desktop\Spiele
2014-06-18 15:43 - 2014-06-20 13:07 - 00000000 ____D () C:\Users\Niclas\Desktop\Programme
2014-06-18 15:40 - 2014-06-20 15:09 - 00000000 ____D () C:\Users\Niclas\Downloads\SEPA Ref.Nr.6100319358
2014-06-15 20:58 - 2014-06-15 21:13 - 63363736 _____ (Microsoft Corporation) C:\Users\Niclas\Downloads\PowerPointViewer.exe
2014-06-15 20:42 - 2014-06-15 20:42 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Apps\2.0
2014-06-15 20:20 - 2014-06-15 20:20 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-06-15 20:01 - 2014-06-15 20:12 - 63363736 _____ (Microsoft Corporation) C:\Users\Niclas\Downloads\PowerPointViewer2010.exe
2014-06-15 17:49 - 2014-06-15 17:49 - 00000603 _____ () C:\Users\Niclas\Desktop\WBStool8.lnk
2014-06-15 17:47 - 2014-06-15 17:47 - 00032021 _____ () C:\Users\Niclas\Downloads\Start.zip
2014-06-14 14:17 - 2014-06-14 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-14 14:17 - 2014-06-14 14:17 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-11 09:44 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 09:44 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 09:44 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 09:44 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 09:44 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 09:44 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 09:44 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 09:44 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 09:44 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 09:44 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 09:44 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 09:44 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 09:44 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 09:44 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 09:44 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 09:44 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 09:44 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 09:44 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 09:44 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 09:44 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 09:44 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 09:44 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 09:44 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 09:44 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 09:44 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 09:44 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 09:44 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 09:44 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 09:44 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 09:44 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 09:44 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 09:44 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 09:44 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 09:44 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 09:44 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 09:44 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 09:44 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 09:44 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 09:44 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 09:44 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 09:44 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 09:44 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 09:44 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 09:44 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 09:44 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 09:44 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 09:44 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 09:44 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 09:44 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 09:44 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 09:44 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 09:44 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 09:43 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 09:43 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 09:43 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 09:43 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 09:43 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 09:43 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 09:43 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 09:43 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 09:43 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 09:43 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 09:43 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 09:43 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 09:43 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 09:43 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 09:37 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 09:37 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 15:01 - 2014-06-23 19:01 - 00000000 ___RD () C:\Users\Niclas\Dropbox
2014-06-04 15:01 - 2014-06-04 15:01 - 00001041 _____ () C:\Users\Niclas\Desktop\Dropbox.lnk
2014-06-04 14:59 - 2014-06-23 19:01 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\DropboxMaster
2014-06-04 14:59 - 2014-06-04 14:59 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-04 14:58 - 2014-06-23 19:01 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dropbox
2014-06-04 14:58 - 2014-06-04 14:58 - 00318600 _____ (Dropbox, Inc.) C:\Users\Niclas\Downloads\DropboxInstaller.exe
2014-06-04 14:38 - 2014-06-04 14:38 - 00012623 _____ () C:\Users\Niclas\Documents\Erwartungen der Controller.odt
2014-05-27 19:00 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-27 19:00 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-26 20:24 - 2014-05-26 20:24 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup(2).exe
2014-05-26 20:23 - 2014-05-26 20:24 - 36830792 _____ () C:\Users\Niclas\Downloads\mp68-win-mg3200-1_02-ea32_2.exe
2014-05-26 20:20 - 2014-05-26 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
2014-05-26 20:20 - 2014-05-26 20:20 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-05-26 20:19 - 2014-05-26 20:20 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup(1).exe
2014-05-26 20:19 - 2014-05-26 20:19 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup.exe
2014-05-26 20:00 - 2014-05-26 20:00 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-05-26 20:00 - 2014-05-26 20:00 - 00000000 ____D () C:\Windows\system32\NV
2014-05-26 19:57 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-26 19:57 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-26 19:57 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-26 19:57 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-26 19:57 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-26 19:57 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-26 19:57 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-26 19:57 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-26 19:57 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-26 19:57 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-26 19:57 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-26 19:57 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-26 19:57 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-26 19:57 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-26 19:57 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-26 19:57 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-26 19:56 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-05-26 19:56 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-05-26 19:56 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-05-26 19:56 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-05-26 19:56 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-05-26 19:52 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-26 19:52 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-26 19:52 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-05-26 19:52 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-05-26 19:19 - 2014-06-11 12:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-26 19:19 - 2014-06-11 12:31 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-25 21:47 - 2014-06-15 18:05 - 00000000 ____D () C:\Users\Niclas\Documents\Consult One

==================== One Month Modified Files and Folders =======

2014-06-24 15:20 - 2014-06-24 15:19 - 00013547 _____ () C:\Users\Niclas\Downloads\FRST.txt
2014-06-24 15:19 - 2014-06-20 00:09 - 00000000 ____D () C:\FRST
2014-06-24 15:17 - 2014-06-24 15:17 - 00854367 _____ () C:\Users\Niclas\Desktop\SecurityCheck.exe
2014-06-24 13:52 - 2013-11-22 23:18 - 01987334 _____ () C:\Windows\WindowsUpdate.log
2014-06-24 13:49 - 2014-06-24 13:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-24 13:49 - 2014-06-24 13:48 - 02347384 _____ (ESET) C:\Users\Niclas\Desktop\esetsmartinstaller_deu.exe
2014-06-23 19:59 - 2009-07-14 06:51 - 00039511 _____ () C:\Windows\setupact.log
2014-06-23 19:32 - 2014-06-20 13:07 - 00000000 ____D () C:\Users\Niclas\Desktop\Trojaner Board
2014-06-23 19:25 - 2014-06-23 19:25 - 00000000 ____D () C:\Users\Niclas\Downloads\FRST-OlderVersion
2014-06-23 19:25 - 2014-06-20 00:09 - 02082816 _____ (Farbar) C:\Users\Niclas\Downloads\FRST64.exe
2014-06-23 19:07 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 19:07 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 19:05 - 2014-06-23 19:05 - 00000000 ____D () C:\Windows\ERUNT
2014-06-23 19:01 - 2014-06-04 15:01 - 00000000 ___RD () C:\Users\Niclas\Dropbox
2014-06-23 19:01 - 2014-06-04 14:59 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\DropboxMaster
2014-06-23 19:01 - 2014-06-04 14:58 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Dropbox
2014-06-23 19:00 - 2010-11-21 05:47 - 00185954 _____ () C:\Windows\PFRO.log
2014-06-23 19:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 18:59 - 2014-06-23 18:57 - 00000000 ____D () C:\AdwCleaner
2014-06-21 15:36 - 2013-11-23 18:35 - 00000000 ____D () C:\Users\Niclas\AppData\Local\PMB Files
2014-06-21 14:52 - 2014-06-21 14:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 14:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-06-21 14:30 - 2014-06-21 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-21 14:30 - 2014-06-21 14:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 14:30 - 2014-06-21 14:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-21 14:26 - 2014-06-21 14:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Niclas\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-20 21:48 - 2014-06-20 21:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-20 21:48 - 2014-06-20 21:48 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-20 21:48 - 2014-01-19 21:55 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-20 21:48 - 2013-11-23 13:17 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-20 21:48 - 2013-11-23 13:17 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-20 21:48 - 2013-11-23 13:14 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-20 21:48 - 2013-11-23 13:14 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-20 21:48 - 2013-11-23 13:14 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-20 21:48 - 2013-11-23 13:14 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-20 21:48 - 2013-11-23 13:14 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-20 21:48 - 2013-11-23 13:14 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-20 21:48 - 2013-11-23 13:14 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-20 15:52 - 2014-06-20 15:51 - 00123818 _____ () C:\Users\Niclas\Downloads\Aufnahme bei Consult One.zip
2014-06-20 15:09 - 2014-06-18 15:40 - 00000000 ____D () C:\Users\Niclas\Downloads\SEPA Ref.Nr.6100319358
2014-06-20 13:07 - 2014-06-18 15:43 - 00000000 ____D () C:\Users\Niclas\Desktop\Programme
2014-06-20 12:55 - 2014-06-20 12:55 - 00026771 _____ () C:\ComboFix.txt
2014-06-20 12:55 - 2014-06-20 12:42 - 00000000 ____D () C:\Qoobox
2014-06-20 12:52 - 2014-06-20 12:41 - 00000000 ____D () C:\Windows\erdnt
2014-06-20 12:52 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-20 12:24 - 2014-06-20 12:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-20 12:23 - 2014-06-20 12:23 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Adobe
2014-06-20 12:22 - 2014-06-20 12:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Niclas\Downloads\revosetup95.exe
2014-06-20 12:13 - 2013-11-23 13:26 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Mozilla
2014-06-20 01:43 - 2013-11-23 13:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-20 01:43 - 2013-11-23 13:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-20 00:28 - 2014-06-20 00:27 - 00380416 _____ () C:\Users\Niclas\Downloads\Gmer-19357.exe
2014-06-20 00:12 - 2014-06-20 00:11 - 00018964 _____ () C:\Users\Niclas\Downloads\Addition.txt
2014-06-20 00:09 - 2014-06-20 00:09 - 00000000 _____ () C:\Users\Niclas\defogger_reenable
2014-06-20 00:09 - 2013-11-22 16:25 - 00000000 ____D () C:\Users\Niclas
2014-06-20 00:08 - 2014-06-20 00:08 - 00050477 _____ () C:\Users\Niclas\Downloads\Defogger.exe
2014-06-20 00:06 - 2014-06-20 00:06 - 00003138 _____ () C:\Windows\System32\Tasks\{BECBBACC-41D4-401B-BC09-A0D738BC67C8}
2014-06-20 00:05 - 2014-06-20 00:05 - 00009455 _____ () C:\Users\Niclas\Downloads\hijackthis.log
2014-06-20 00:05 - 2014-06-20 00:03 - 00388608 _____ (Trend Micro Inc.) C:\Users\Niclas\Downloads\HiJackThis204.exe
2014-06-20 00:05 - 2013-11-22 16:25 - 00000000 ____D () C:\Users\Niclas\AppData\Local\VirtualStore
2014-06-19 23:49 - 2014-06-19 23:49 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 23:49 - 2014-06-19 23:49 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 23:48 - 2014-06-19 23:48 - 00284288 _____ (Mozilla) C:\Users\Niclas\Downloads\Firefox Setup Stub 30.0.exe
2014-06-19 23:39 - 2013-11-23 13:20 - 00000000 ____D () C:\Users\Niclas\AppData\Local\CrashDumps
2014-06-19 23:27 - 2014-06-19 23:27 - 29677544 _____ (Mozilla) C:\Users\Niclas\Downloads\Firefox_Setup_de30.0.exe
2014-06-19 23:17 - 2014-06-19 23:17 - 00000000 __SHD () C:\Users\Niclas\AppData\Local\EmieUserList
2014-06-19 23:17 - 2014-06-19 23:17 - 00000000 __SHD () C:\Users\Niclas\AppData\Local\EmieSiteList
2014-06-18 15:44 - 2014-06-18 15:44 - 00000000 ____D () C:\Users\Niclas\Desktop\Spiele
2014-06-17 13:02 - 2014-05-08 21:26 - 00000000 ____D () C:\temp
2014-06-17 10:43 - 2010-11-21 08:50 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-06-17 10:43 - 2010-11-21 08:50 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-06-17 10:43 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-15 23:47 - 2009-07-14 06:45 - 00323288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-15 21:27 - 2013-11-23 13:01 - 00074760 _____ () C:\Users\Niclas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-15 21:13 - 2014-06-15 20:58 - 63363736 _____ (Microsoft Corporation) C:\Users\Niclas\Downloads\PowerPointViewer.exe
2014-06-15 20:55 - 2014-01-14 22:04 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-15 20:42 - 2014-06-15 20:42 - 00000000 ____D () C:\Users\Niclas\AppData\Local\Apps\2.0
2014-06-15 20:20 - 2014-06-15 20:20 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-06-15 20:12 - 2014-06-15 20:01 - 63363736 _____ (Microsoft Corporation) C:\Users\Niclas\Downloads\PowerPointViewer2010.exe
2014-06-15 18:05 - 2014-05-25 21:47 - 00000000 ____D () C:\Users\Niclas\Documents\Consult One
2014-06-15 17:49 - 2014-06-15 17:49 - 00000603 _____ () C:\Users\Niclas\Desktop\WBStool8.lnk
2014-06-15 17:47 - 2014-06-15 17:47 - 00032021 _____ () C:\Users\Niclas\Downloads\Start.zip
2014-06-14 14:17 - 2014-06-14 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-14 14:17 - 2014-06-14 14:17 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-14 14:17 - 2014-01-14 13:39 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-11 21:34 - 2014-04-17 19:00 - 00000000 ____D () C:\Windows\rescache
2014-06-11 12:32 - 2014-05-26 19:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 12:31 - 2014-05-26 19:19 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 12:30 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 11:13 - 2014-06-11 09:37 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 09:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 15:32 - 2013-11-23 13:36 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Adobe
2014-06-04 15:01 - 2014-06-04 15:01 - 00001041 _____ () C:\Users\Niclas\Desktop\Dropbox.lnk
2014-06-04 14:59 - 2014-06-04 14:59 - 00000000 ____D () C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-04 14:58 - 2014-06-04 14:58 - 00318600 _____ (Dropbox, Inc.) C:\Users\Niclas\Downloads\DropboxInstaller.exe
2014-06-04 14:38 - 2014-06-04 14:38 - 00012623 _____ () C:\Users\Niclas\Documents\Erwartungen der Controller.odt
2014-05-30 12:21 - 2014-06-11 09:44 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 09:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 09:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 09:44 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 09:44 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 09:44 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 09:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 09:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 09:44 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 09:44 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 09:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 09:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 09:44 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 09:44 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 09:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 09:44 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 09:44 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 09:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 09:44 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 09:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 09:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 09:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 09:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 09:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 09:44 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 09:44 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 09:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 09:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 09:44 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 09:44 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 09:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 09:44 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 09:44 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 09:44 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 09:44 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 09:44 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 09:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 09:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 09:44 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 09:44 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 09:44 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 09:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 09:44 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 09:44 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 09:44 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 09:44 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 09:44 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 09:44 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 09:44 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 09:44 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 09:44 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 09:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-26 20:24 - 2014-05-26 20:24 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup(2).exe
2014-05-26 20:24 - 2014-05-26 20:23 - 36830792 _____ () C:\Users\Niclas\Downloads\mp68-win-mg3200-1_02-ea32_2.exe
2014-05-26 20:20 - 2014-05-26 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
2014-05-26 20:20 - 2014-05-26 20:20 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-05-26 20:20 - 2014-05-26 20:19 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup(1).exe
2014-05-26 20:19 - 2014-05-26 20:19 - 02815584 _____ (LionSea Software co., ltd ) C:\Users\Niclas\Downloads\setup.exe
2014-05-26 20:00 - 2014-05-26 20:00 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-05-26 20:00 - 2014-05-26 20:00 - 00000000 ____D () C:\Windows\system32\NV
2014-05-26 20:00 - 2013-11-23 12:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-26 20:00 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-26 19:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Niclas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq7neig.dll
C:\Users\Niclas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-20 02:30

==================== End Of Log ============================
--- --- ---

--- --- ---



Firefox läuft wieder ohne Probleme. Hast du vielleicht ein paar Tipps für mich wie ich meinen PC auf Dauer besser schützen kann?

Liebe Grüße

Nicls

Hätte ich die Bedrohungen die der Eset Online Scanner gefunden hat löschen sollen?

schrauber 24.06.2014 18:14
die sind schon in Quarantäne, löschen wir jetzt.

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131