Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PUP.Optional.OpenCandy gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.02.2014, 08:21   #1
via75
 
PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden



Hallo,

malewarebytes hat PUP.Optional.OpenCandy gefunden (Kategorie Folder, File).
Wie sollte ich am besten vorgehen?

malewarebytes schlägt mir bspw. vor "entferne Auswahl". Anbei das log File.
Als Antivirenprogramm habe ich avast im Einsatz was aber nichts erkannt hat.

Beste Grüße und vielen Dank schon mal im voraus!
Oliver
Angehängte Dateien
Dateityp: txt MBAM-log-2014-02-05 (09-19-34).txt (2,7 KB, 125x aufgerufen)

Alt 05.02.2014, 08:29   #2
schrauber
/// the machine
/// TB-Ausbilder
 

PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 06.02.2014, 08:03   #3
via75
 
PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014
Ran by oh (administrator) on XMV on 05-02-2014 09:35:15
Running from C:\Users\oh\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
( ) C:\Windows\System32\lxeccoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Connectify) C:\Program Files\Connectify\ConnectifyService.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Alcor Micro Corp.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
() C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Connectify) C:\Program Files\Connectify\DispatchUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Connectify) C:\Program Files\Connectify\Connectify.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVM Berlin) C:\Users\oh\AppData\Local\Apps\2.0\M5XZ7ERZ.PXA\3ARY5QEL.W1V\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [496184 2012-11-18] (Conexant Systems, Inc.)
HKLM\...\Run: [AmIcoSinglun] - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [233472 2012-11-18] (Alcor Micro Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [492952 2010-12-03] (Acer Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [lxecmon.exe] - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [6049096 2012-08-23] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] - C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [943856 2012-07-24] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [403888 2012-08-23] (Acronis)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13834856 2010-05-20] (NVIDIA Corporation)
HKLM\...\Run: [Lexmark Pro800-Pro900 Series Fax Server] - C:\Program Files\Lexmark Pro800-Pro900 Series\fm3032.exe [316072 2009-10-01] ()
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Connectify Dispatch] - C:\Program Files\Connectify\DispatchUI.exe [1685280 2013-12-23] (Connectify)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-27] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Connectify Hotspot] - C:\Program Files\Connectify\Connectify.exe [3755296 2013-12-23] (Connectify)
HKLM\...\Run: [MobileBroadband] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-02-05] (Vodafone)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [AnyDVD] - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [93096 2014-01-16] (SlySoft, Inc.)
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [AVMUSBFernanschluss] - C:\Users\oh\AppData\Local\Apps\2.0\M5XZ7ERZ.PXA\3ARY5QEL.W1V\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-01-16] (AVM Berlin)
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_43_Plugin.exe [840072 2014-01-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: F - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {018caeb7-7886-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {018cb196-7886-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {018cb2b6-7886-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {1f449296-4069-11e2-976d-60eb698d14b8} - Autoplay.exe -auto
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {276fa41a-6be1-11e2-96fb-001e101f299e} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {2a73de53-84c7-11e2-a0fe-001e101f9e5e} - F:\setup.exe
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {5fbd6d6c-63d4-11e2-a3fd-18f46a77934b} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {5fbd6e32-63d4-11e2-a3fd-60eb698d14b8} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {8cc37f36-31b5-11e2-aeac-edee0ccccdeb} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {9e68451a-77c3-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {ca20d0c5-dda1-11e2-9c31-60eb698d14b8} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
Startup: C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC35F2E11422CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.24.dll No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.250.40
Tcpip\..\Interfaces\{22DF3645-8170-4D31-9946-DD1134FA13FC}: [NameServer]139.7.30.125,139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\oh\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Firefox OS Simulator - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\r2d2b2g@mozilla.org [2013-07-14]
FF Extension: FireShot - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-01-29]
FF Extension: ColorZilla - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012-11-18]
FF Extension: Page Speed - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2013-12-02]
FF Extension: Firebug - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\firebug@software.joehewitt.com.xpi [2012-11-18]
FF Extension: HttpFox - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2013-02-18]
FF Extension: MeasureIt - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012-11-18]
FF Extension: Web Developer - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-11-18]
FF Extension: DownThemAll! - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-11-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-29]

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Google Wallet) - C:\Users\oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [813576 2012-08-23] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3729400 2012-11-20] (Acronis)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-27] (AVAST Software)
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [487936 2013-12-23] (Connectify)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [701824 2010-12-03] (Acer Incorporated)
S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [129536 2012-04-06] (Samsung Electronics)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7027752 2012-08-18] (Acronis)
R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-02-05] (Vodafone)

==================== Drivers (Whitelisted) ====================

S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [25600 2012-11-18] (Alcor Micro, Corp.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [120616 2013-11-26] (SlySoft, Inc.)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2013-10-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-27] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [265072 2014-01-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-10-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-10-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-01-27] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-01-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-02] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-12-13] (AVM Berlin)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [29672 2013-09-27] (Connectify)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [29232 2012-11-18] (EgisTec)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2013-01-30] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-01-30] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [203264 2013-01-30] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-05] (Malwarebytes Corporation)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [806184 2012-11-20] (Acronis)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [689672 2012-11-20] (Acronis)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv.sys [13824 2013-01-05] (Scott)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [139336 2012-11-20] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [99720 2012-11-20] (Acronis)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-05 09:35 - 2014-02-05 09:35 - 00022047 _____ () C:\Users\oh\Downloads\FRST.txt
2014-02-05 09:33 - 2014-02-05 09:35 - 00000000 ____D () C:\FRST
2014-02-05 09:32 - 2014-02-05 09:32 - 01137152 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe
2014-02-05 08:52 - 2014-02-05 08:52 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-05 08:06 - 2014-02-05 08:08 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420(1).exe
2014-02-04 17:51 - 2014-02-04 17:55 - 00000000 ____D () C:\Users\oh\Desktop\MNT_STAGE_REGIO
2014-02-04 17:51 - 2014-02-04 17:51 - 02034308 ____N () C:\Users\oh\Desktop\MNT_STAGE_REGIO.zip
2014-02-01 20:34 - 2014-02-01 20:34 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420.exe
2014-02-01 00:25 - 2014-02-01 00:25 - 02418886 _____ () C:\Users\oh\Downloads\shutterstock_173367836.eps
2014-01-31 23:58 - 2014-01-31 23:58 - 00706815 _____ () C:\Users\oh\Downloads\shutterstock_173313854.eps
2014-01-31 23:47 - 2014-01-31 23:47 - 00309014 _____ () C:\Users\oh\Downloads\shutterstock_173929187.eps
2014-01-28 16:44 - 2014-01-28 16:47 - 00000000 ____D () C:\Users\oh\Desktop\VBG
2014-01-27 13:21 - 2014-01-27 13:21 - 01069512 _____ (Solid State Networks) C:\Users\oh\Downloads\install_flashplayer12x32au_mssd_aaa_aih.exe
2014-01-27 08:08 - 2014-01-27 08:08 - 00000000 ____D () C:\Users\oh\Desktop\Whiteboard Animation
2014-01-24 10:26 - 2014-01-24 10:26 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-24 10:25 - 2014-01-24 10:26 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-24 10:25 - 2014-01-24 10:26 - 00000000 ____D () C:\Program Files\iTunes
2014-01-24 10:25 - 2014-01-24 10:25 - 00000000 ____D () C:\Program Files\iPod
2014-01-24 10:18 - 2014-01-24 10:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-01-21 08:15 - 2014-01-21 08:32 - 00000139 _____ () C:\Users\oh\Downloads\domainliste.csv
2014-01-20 10:24 - 2014-01-20 10:24 - 31804272 _____ () C:\Users\oh\Desktop\D-GWS-Grafiken.psd
2014-01-20 08:16 - 2014-01-20 08:16 - 00000000 ____D () C:\Users\oh\AppData\Roaming\TuneUp Software
2014-01-20 08:14 - 2014-01-20 08:17 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-01-20 08:14 - 2014-01-20 08:14 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-20 08:09 - 2014-01-20 08:10 - 00000000 ____D () C:\Users\oh\Documents\Freemake
2014-01-20 08:09 - 2014-01-20 08:10 - 00000000 ____D () C:\ProgramData\Freemake
2014-01-20 08:09 - 2014-01-20 08:09 - 00001278 _____ () C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2014-01-20 08:09 - 2014-01-20 08:09 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-01-20 08:08 - 2014-01-20 08:09 - 00000000 ____D () C:\Program Files\Freemake
2014-01-20 08:08 - 2014-01-20 08:08 - 00000000 ____D () C:\Users\oh\AppData\Roaming\OpenCandy
2014-01-20 08:06 - 2014-01-20 08:06 - 01300416 _____ (Ellora Assets Corporation ) C:\Users\oh\Downloads\FreemakeAudioConverterSetup.exe
2014-01-20 08:03 - 2014-01-20 08:03 - 00051134 _____ () C:\Users\oh\Desktop\aufnahme4.m4a
2014-01-19 21:09 - 2014-01-19 21:09 - 00001184 _____ () C:\Users\Public\Desktop\VideoScribe Desktop.lnk
2014-01-19 21:09 - 2014-01-19 21:09 - 00000000 ____D () C:\Program Files\Sparkol
2014-01-19 20:58 - 2014-01-19 21:00 - 27679232 _____ () C:\Users\oh\Downloads\VideoScribe.msi
2014-01-15 13:56 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 13:56 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 13:56 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 13:56 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 13:56 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 13:56 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 13:56 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 13:56 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 13:56 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 21:56 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-14 21:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-14 21:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-14 21:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-14 21:55 - 2014-01-14 21:56 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-08 19:02 - 2014-01-08 19:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2014-01-08 18:58 - 2014-01-08 18:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2014-01-08 18:57 - 2013-01-30 11:26 - 00203264 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2014-01-08 18:57 - 2013-01-30 11:26 - 00102784 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2014-01-08 18:57 - 2013-01-30 11:26 - 00096000 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2014-01-08 18:57 - 2013-01-30 11:26 - 00027520 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2014-01-08 18:57 - 2013-01-30 11:26 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2014-01-08 18:56 - 2014-01-08 18:56 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-01-08 18:56 - 2014-01-08 18:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2014-01-08 18:56 - 2013-01-30 11:26 - 00076544 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations
2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\ProgramData\Macrovision
2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Program Files\Vodafone
2014-01-08 17:11 - 2014-01-08 17:11 - 00000000 ____D () C:\Users\oh\Desktop\Neuer Ordner
2014-01-08 10:50 - 2014-01-08 10:50 - 00001122 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk
2014-01-08 10:33 - 2014-01-08 10:33 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller(5).exe
2014-01-08 07:51 - 2014-02-05 08:41 - 00110040 _____ () C:\ProgramData\lxec.log
2014-01-06 19:25 - 2014-01-06 19:25 - 10582632 _____ () C:\Users\oh\Downloads\SetupAnyDVD7400.exe
2014-01-06 19:25 - 2014-01-06 19:25 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller(4).exe

==================== One Month Modified Files and Folders =======

2014-02-05 09:35 - 2014-02-05 09:35 - 00022047 _____ () C:\Users\oh\Downloads\FRST.txt
2014-02-05 09:35 - 2014-02-05 09:33 - 00000000 ____D () C:\FRST
2014-02-05 09:33 - 2012-11-18 20:23 - 01561583 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 09:32 - 2014-02-05 09:32 - 01137152 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe
2014-02-05 09:15 - 2013-09-04 10:38 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Dropbox
2014-02-05 08:52 - 2014-02-05 08:52 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-05 08:50 - 2012-11-18 21:30 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-05 08:41 - 2014-01-08 07:51 - 00110040 _____ () C:\ProgramData\lxec.log
2014-02-05 08:41 - 2009-07-14 05:39 - 00395396 _____ () C:\Windows\setupact.log
2014-02-05 08:08 - 2014-02-05 08:06 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420(1).exe
2014-02-04 17:55 - 2014-02-04 17:51 - 00000000 ____D () C:\Users\oh\Desktop\MNT_STAGE_REGIO
2014-02-04 17:51 - 2014-02-04 17:51 - 02034308 ____N () C:\Users\oh\Desktop\MNT_STAGE_REGIO.zip
2014-02-04 10:17 - 2012-11-20 11:53 - 00029758 _____ () C:\ProgramData\lxecscan.log
2014-02-04 10:17 - 2012-11-18 21:30 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 10:11 - 2009-07-14 05:34 - 00013728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 10:11 - 2009-07-14 05:34 - 00013728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 10:03 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-03 11:17 - 2013-12-20 17:06 - 00000000 ____D () C:\Users\oh\AppData\Local\CrashDumps
2014-02-03 10:27 - 2012-11-18 20:31 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-01 20:34 - 2014-02-01 20:34 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420.exe
2014-02-01 00:25 - 2014-02-01 00:25 - 02418886 _____ () C:\Users\oh\Downloads\shutterstock_173367836.eps
2014-01-31 23:58 - 2014-01-31 23:58 - 00706815 _____ () C:\Users\oh\Downloads\shutterstock_173313854.eps
2014-01-31 23:47 - 2014-01-31 23:47 - 00309014 _____ () C:\Users\oh\Downloads\shutterstock_173929187.eps
2014-01-30 13:49 - 2013-10-11 13:37 - 00000495 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-30 09:33 - 2012-11-18 22:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-30 09:33 - 2012-11-18 22:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-28 16:47 - 2014-01-28 16:44 - 00000000 ____D () C:\Users\oh\Desktop\VBG
2014-01-27 17:56 - 2012-11-23 13:32 - 00000000 ____D () C:\Users\oh\AppData\Roaming\FileZilla
2014-01-27 13:21 - 2014-01-27 13:21 - 01069512 _____ (Solid State Networks) C:\Users\oh\Downloads\install_flashplayer12x32au_mssd_aaa_aih.exe
2014-01-27 11:24 - 2012-11-22 11:07 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Apple Computer
2014-01-27 11:22 - 2013-10-22 09:09 - 00002113 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-27 11:22 - 2013-08-29 13:34 - 00002053 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-27 11:20 - 2014-01-02 22:36 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-27 11:20 - 2013-08-29 13:34 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-01-27 11:20 - 2013-08-29 13:33 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-27 11:20 - 2013-08-29 13:33 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-27 11:20 - 2013-08-29 13:32 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-27 11:20 - 2013-08-29 13:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-27 11:20 - 2012-11-18 20:46 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-27 08:08 - 2014-01-27 08:08 - 00000000 ____D () C:\Users\oh\Desktop\Whiteboard Animation
2014-01-24 10:26 - 2014-01-24 10:26 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-24 10:26 - 2014-01-24 10:25 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-24 10:26 - 2014-01-24 10:25 - 00000000 ____D () C:\Program Files\iTunes
2014-01-24 10:25 - 2014-01-24 10:25 - 00000000 ____D () C:\Program Files\iPod
2014-01-24 10:25 - 2012-11-21 21:17 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-01-24 10:18 - 2014-01-24 10:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-01-24 10:16 - 2012-11-21 21:16 - 00000000 ____D () C:\ProgramData\Apple
2014-01-22 17:02 - 2012-12-04 10:21 - 00000000 ____D () C:\Users\oh\AppData\Local\Axure
2014-01-21 08:32 - 2014-01-21 08:15 - 00000139 _____ () C:\Users\oh\Downloads\domainliste.csv
2014-01-20 10:27 - 2012-11-18 21:07 - 00209464 _____ () C:\Windows\PFRO.log
2014-01-20 10:24 - 2014-01-20 10:24 - 31804272 _____ () C:\Users\oh\Desktop\D-GWS-Grafiken.psd
2014-01-20 08:17 - 2014-01-20 08:14 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-01-20 08:16 - 2014-01-20 08:16 - 00000000 ____D () C:\Users\oh\AppData\Roaming\TuneUp Software
2014-01-20 08:14 - 2014-01-20 08:14 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-20 08:10 - 2014-01-20 08:09 - 00000000 ____D () C:\Users\oh\Documents\Freemake
2014-01-20 08:10 - 2014-01-20 08:09 - 00000000 ____D () C:\ProgramData\Freemake
2014-01-20 08:09 - 2014-01-20 08:09 - 00001278 _____ () C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2014-01-20 08:09 - 2014-01-20 08:09 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-01-20 08:09 - 2014-01-20 08:08 - 00000000 ____D () C:\Program Files\Freemake
2014-01-20 08:08 - 2014-01-20 08:08 - 00000000 ____D () C:\Users\oh\AppData\Roaming\OpenCandy
2014-01-20 08:06 - 2014-01-20 08:06 - 01300416 _____ (Ellora Assets Corporation ) C:\Users\oh\Downloads\FreemakeAudioConverterSetup.exe
2014-01-20 08:03 - 2014-01-20 08:03 - 00051134 _____ () C:\Users\oh\Desktop\aufnahme4.m4a
2014-01-19 21:09 - 2014-01-19 21:09 - 00001184 _____ () C:\Users\Public\Desktop\VideoScribe Desktop.lnk
2014-01-19 21:09 - 2014-01-19 21:09 - 00000000 ____D () C:\Program Files\Sparkol
2014-01-19 21:00 - 2014-01-19 20:58 - 27679232 _____ () C:\Users\oh\Downloads\VideoScribe.msi
2014-01-18 23:18 - 2012-11-20 12:04 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Skype
2014-01-18 20:34 - 2012-11-20 12:03 - 00000000 ____D () C:\ProgramData\Skype
2014-01-18 20:33 - 2013-03-29 19:51 - 00000000 ___RD () C:\Program Files\Skype
2014-01-16 17:36 - 2013-12-18 11:25 - 00001003 _____ () C:\Users\oh\Desktop\Dropbox.lnk
2014-01-16 17:36 - 2013-12-18 11:21 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 17:16 - 2013-12-13 20:33 - 00004727 _____ () C:\Windows\avmacc.log
2014-01-16 17:15 - 2012-11-18 21:24 - 00000000 ____D () C:\Users\oh\AppData\Local\Deployment
2014-01-16 17:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-01-16 17:00 - 2009-07-14 05:33 - 02572872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 16:41 - 2012-11-18 22:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-16 16:41 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2014-01-16 16:32 - 2013-08-16 07:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 16:29 - 2012-11-21 13:14 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 21:56 - 2014-01-14 21:55 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-14 21:56 - 2013-10-24 11:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-14 21:56 - 2012-11-18 22:07 - 00000000 ____D () C:\Program Files\Java
2014-01-10 09:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-01-08 19:02 - 2014-01-08 19:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2014-01-08 18:58 - 2014-01-08 18:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2014-01-08 18:58 - 2013-01-21 16:12 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Vodafone
2014-01-08 18:58 - 2012-11-18 21:10 - 00117960 _____ () C:\Users\oh\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-08 18:57 - 2013-01-21 16:12 - 00000000 ____D () C:\ProgramData\Vodafone
2014-01-08 18:56 - 2014-01-08 18:56 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-01-08 18:56 - 2014-01-08 18:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations
2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\ProgramData\Macrovision
2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Program Files\Vodafone
2014-01-08 18:55 - 2012-11-20 11:44 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-01-08 17:11 - 2014-01-08 17:11 - 00000000 ____D () C:\Users\oh\Desktop\Neuer Ordner
2014-01-08 10:51 - 2013-09-27 15:24 - 00000000 ____D () C:\Program Files\Connectify
2014-01-08 10:50 - 2014-01-08 10:50 - 00001122 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk
2014-01-08 10:50 - 2013-09-27 15:26 - 00001138 _____ () C:\Users\Public\Desktop\Connectify Dispatch.lnk
2014-01-08 10:33 - 2014-01-08 10:33 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller(5).exe
2014-01-07 10:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-07 09:41 - 2013-02-03 12:12 - 00000000 ____D () C:\Users\oh\AppData\Roaming\XnView
2014-01-06 19:25 - 2014-01-06 19:25 - 10582632 _____ () C:\Users\oh\Downloads\SetupAnyDVD7400.exe
2014-01-06 19:25 - 2014-01-06 19:25 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller(4).exe

Some content of TEMP:
====================
C:\Users\oh\AppData\Local\Temp\FreemakeAudioConverter_1.1.0.49.exe
C:\Users\oh\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\oh\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\oh\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\oh\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\oh\AppData\Local\Temp\ose00000.exe
C:\Users\oh\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\oh\AppData\Local\Temp\proxy_vole914123878496386481.dll
C:\Users\oh\AppData\Local\Temp\SkypeSetup.exe
C:\Users\oh\AppData\Local\Temp\SpOrder.dll
C:\Users\oh\AppData\Local\Temp\ydetect.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 16:03

==================== End Of Log ============================
         
--- --- ---

--- --- ---




Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-02-2014
Ran by oh at 2014-02-05 09:36:17
Running from C:\Users\oh\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

7-Zip 9.20 (Version:  - )
Acer Crystal Eye webcam (Version: 1.0.3.0 - Liteon)
Acer PowerSmart Manager (Version: 5.02.3006 - Acer Incorporated)
Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 1.1 - Adobe Systems Incorporated)
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) - Deutsch (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe SGM CS4 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Alcor Micro USB Card Reader (Version: 1.7.17.06011 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (Version: 1.7.17.06011 - Alcor Micro Corp.) Hidden
AnyDVD (Version: 7.4.1.0 - SlySoft)
Apple Application Support (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ARIS EXPRESS (Version: 2.4 - Software AG)
Ashampoo Burning Studio 2012 CBE v.11.0.4 (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
avast! Internet Security (Version: 9.0.2013 - Avast Software)
Axure RP Pro 6.5 (Version: 6.5.0.3047 - Axure Software Solutions, Inc.)
Axure RP Pro 6.5 (Version: 6.5.0.3047 - Axure Software Solutions, Inc.) Hidden
Axure RP Pro 7.0 Beta (Version: 7.0.0.3126 - Axure Software Solutions, Inc.)
Axure RP Pro 7.0 Beta (Version: 7.0.0.3126 - Axure Software Solutions, Inc.) Hidden
BitNami WordPress-Modul (Version: 3.6-0 - BitNami)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (Version: 5.100.249.2 - Broadcom Corporation)
Brother HL-5270DN (Version: 1.00 - Brother)
CDBurnerXP (Version: 4.4.2.3442 - CDBurnerXP)
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.)
CloneDVD2 (Version: 2.9.3.0 - Elaborate Bytes)
CloneDVDmobile (Version: 1.9.0.1 - SlySoft)
Conexant HD Audio (Version: 4.121.0.50 - Conexant)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Connectify (Version: 7.2.1.29658 - Connectify)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
FaxRedist (Version: 1.0.0 -  )
FileZilla Client 3.7.3 (Version: 3.7.3 - Tim Kosse)
Freemake Audio Converter Version 1.1.0 (Version: 1.1.0 - Ellora Assets Corporation)
FRITZ!Box USB-Fernanschluss (HKCU Version: 2.3.2.0 - AVM Berlin)
GanttProject (Version:  - )
GMX ProfiFax (Version: 2.00.222 - GMX GmbH)
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259 - CitrixOnline)
iCloud (Version: 3.1.0.40 - Apple Inc.)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Lexmark Pro800-Pro900 Series (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MyFonts Order M4010014 (Version: 1.0 - MyFonts.com, Inc.)
NVIDIA Drivers (Version: 1.10 - NVIDIA Corporation)
OpenProj (Version: 1.4.0 - Serena Software Inc.)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 5.7.0 (Version:  - PDF24.org)
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
ProjectLibre (Version: 1.5.13.0 - ProjectLibre)
PSPad editor (Version:  - Jan Fiala)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Safari (Version: 5.34.57.2 - Apple Inc.)
Samsung SCX-4200 Series (Version:  - Samsung Electronics CO.,LTD)
Samsung Universal Print Driver (Version: 2.03.09.00 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
sipgate Faxdrucker (Version: 1.0.0 - sipgate GmbH)
Skype™ 6.9 (Version: 6.9.106 - Skype Technologies S.A.)
Snagit 11 (Version: 11.2.1 - TechSmith Corporation)
Sparkol VideoScribe (Version: 1.3.26 - Sparkol)
Sparkol VideoScribe (Version: 1.3.26 - Sparkol) Hidden
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamViewer 8 (Version: 8.0.16642 - TeamViewer)
True Image 2013 (Version: 16.0.5551 - Acronis) Hidden
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)
VirtualCloneDrive (Version:  - Elaborate Bytes)
VLC media player 2.0.5 (Version: 2.0.5 - VideoLAN)
Vodafone Mobile Broadband (Version: 10.3.401.43721 - Vodafone)
Wondershare PDF Converter Pro (Build 4.0.1) (Version: 4.0.1 - Wondershare Software)
XAMPP (Version: 1.8.2-1 - BitNami)
XING Outlook Connector (Version: 2.1.0 - XING)
XMind (Version: 3.3.0 - XMind Ltd.)
XMind 2012 (v3.3.1) (Version: 3.3.1.201212250029 - XMind Ltd.)
XnView 1.99.6 (Version: 1.99.6 - Gougelet Pierre-e)
Yahoo! Detect (Version:  - )

==================== Restore Points  =========================

31-01-2014 08:42:25 Windows Update
04-02-2014 07:59:00 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2012-12-07 14:29 - 00001758 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com127.0.0.1 activate.adobe.com 
127.0.0.1 practivate.adobe.com 
127.0.0.1 ereg.adobe.com 
127.0.0.1 activate.wip3.adobe.com 
127.0.0.1 wip3.adobe.com 
127.0.0.1 3dns-3.adobe.com 
127.0.0.1 3dns-2.adobe.com 
127.0.0.1 adobe-dns.adobe.com 
127.0.0.1 adobe-dns-2.adobe.com 
127.0.0.1 adobe-dns-3.adobe.com 
127.0.0.1 ereg.wip3.adobe.com 
127.0.0.1 activate-sea.adobe.com 
127.0.0.1 wwis-dubc1-vip60.adobe.com 
127.0.0.1 activate-sjc0.adobe.com 


==================== Scheduled Tasks (whitelisted) =============

Task: {1CB7A8C5-FDC5-4805-8AA0-41651B4EB0BE} - System32\Tasks\xingoscupdate => C:\Program Files\XING\XING Outlook Connector\xingoscupdate.exe [2013-07-01] (XING)
Task: {31C92E68-D275-433D-874C-10C4F8C4E50B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {90B1856F-F4CA-4A83-B663-6CE77F5B99CA} - System32\Tasks\Xing Social Recommendations => C:\Program Files\XING\XING Outlook Connector\XingSocial.exe [2013-07-01] (XING AG)
Task: {CD3586D1-B684-4D8A-86F4-919758B0E2A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-27] (AVAST Software)
Task: {EE6875CB-8805-4EF6-9576-CEF87AA480EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-18] (Google Inc.)
Task: {EE8FEDBA-C68D-43FF-9E77-6EE29C977BB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-18] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-07 20:25 - 2013-08-07 20:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2012-08-23 01:12 - 2012-08-23 01:12 - 00019840 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
2012-11-26 16:00 - 2009-11-16 20:31 - 00069632 _____ () C:\Program Files\PSPad editor\PSPadShell.dll
2012-11-20 11:51 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\lxecscw.dll
2012-11-20 11:52 - 2009-05-27 07:16 - 00192512 _____ () C:\Windows\system32\spool\drivers\w32x86\3\lxecdatr.dll
2012-11-20 11:51 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\lxecDRS.dll
2012-11-20 11:51 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\lxeccaps.dll
2012-11-20 11:50 - 2009-02-20 03:48 - 00299008 _____ () C:\Windows\system32\lxecsm.dll
2012-11-20 11:50 - 2009-04-28 02:56 - 00024064 _____ () C:\Windows\system32\lxecsmr.dll
2012-11-20 11:51 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\Epwizard.DLL
2012-11-20 11:51 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\customui.dll
2012-11-20 11:51 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\Eputil.DLL
2012-11-20 11:51 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\Imagutil.DLL
2012-11-20 11:51 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\Epfunct.DLL
2012-11-20 11:51 - 2009-06-23 06:09 - 02203648 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\EPWizRes.dll
2012-11-20 11:51 - 2009-06-23 06:10 - 00045056 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\epstring.dll
2012-11-20 11:51 - 2009-06-23 06:11 - 00102400 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
2012-11-20 11:51 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\iptk.dll
2012-11-20 11:51 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\lxecptp.dll
2012-08-23 03:35 - 2012-08-23 03:35 - 13873200 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers.dll
2012-08-23 03:31 - 2012-08-23 03:31 - 01590656 _____ () C:\Program Files\Common Files\Acronis\Home\icudt38.dll
2012-07-24 14:48 - 2012-07-24 14:48 - 00012160 _____ () C:\Program Files\Common Files\Acronis\TibMounter\icudt38.dll
2014-01-08 10:49 - 2013-12-23 19:59 - 00376608 _____ () C:\Program Files\Connectify\NativeLibrary.dll
2013-10-22 09:09 - 2013-10-22 09:09 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\oh\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-12-20 10:23 - 2013-12-20 10:23 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: USB Device(VID_1f3a_PID_efe8)
Description: USB Device(VID_1f3a_PID_efe8)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: USB Devices
Service: usbUDisc
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Apple Mobile Device Ethernet
Description: Apple Mobile Device Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Apple
Service: Netaapl
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2014 07:38:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45401595

Error: (02/05/2014 07:38:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45401595

Error: (02/05/2014 07:38:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2014 07:38:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45400347

Error: (02/05/2014 07:38:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45400347

Error: (02/05/2014 07:38:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2014 07:38:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45399224

Error: (02/05/2014 07:38:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45399224

Error: (02/05/2014 07:38:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2014 07:38:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45397913


System errors:
=============
Error: (02/04/2014 06:36:32 PM) (Source: ipnathlp) (User: )
Description: 192.168.185.1192.168.173.0255.255.255.0

Error: (02/04/2014 10:03:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/04/2014 10:03:36 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxecCATSCustConnectService erreicht.

Error: (02/04/2014 10:03:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/04/2014 08:05:51 AM) (Source: ipnathlp) (User: )
Description: 192.168.185.1192.168.173.0255.255.255.0

Error: (02/03/2014 10:50:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/03/2014 10:50:12 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxecCATSCustConnectService erreicht.

Error: (02/03/2014 10:50:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/03/2014 10:24:14 AM) (Source: ipnathlp) (User: )
Description: 192.168.185.1192.168.173.0255.255.255.0

Error: (02/03/2014 10:24:04 AM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.


Microsoft Office Sessions:
=========================
Error: (02/05/2014 07:38:35 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45401595

Error: (02/05/2014 07:38:35 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45401595

Error: (02/05/2014 07:38:35 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2014 07:38:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45400347

Error: (02/05/2014 07:38:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45400347

Error: (02/05/2014 07:38:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2014 07:38:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45399224

Error: (02/05/2014 07:38:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45399224

Error: (02/05/2014 07:38:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2014 07:38:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45397913


==================== Memory info =========================== 

Percentage of memory in use: 77%
Total physical RAM: 2356.4 MB
Available physical RAM: 519.04 MB
Total Pagefile: 4711.09 MB
Available Pagefile: 2070.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1883.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:10.92 GB) NTFS
Drive d: () (Fixed) (Total:187.33 GB) (Free:24.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: AABD5AB5)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=187 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Guten Morgen,

ich wollte nachfragen ob ich mit "Farbar" die Aktion "Fix" durchführen oder noch auf Feedback von dir warten soll.

Danke schön und beste Grüße,
Oliver
__________________

Alt 07.02.2014, 06:58   #4
schrauber
/// the machine
/// TB-Ausbilder
 

PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden



Da wird nur gefixt wenn ich es sage


Funde von MBAM löschen lassen.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.02.2014, 11:43   #5
via75
 
PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden



Hallo Schrauber,

hier die logfiles. Ich hab nix anderes gemacht als du gesagt hast ;-)

VG, Oliver

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Ultimate x86
Ran by oh on 07.02.2014 at 11:23:03,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\oh\AppData\Roaming\mozilla\firefox\profiles\buoobwx4.default\minidumps [82 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.02.2014 at 11:31:07,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.05.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
oh :: XMV [Administrator]

Schutz: Aktiviert

05.02.2014 08:53:17
MBAM-log-2014-02-05 (09-19-34).txt

Art des Suchlaufs: Flash-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P
Durchsuchte Objekte: 168188
Laufzeit: 5 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\oh\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Roaming\OpenCandy\A41F32C5886B4FD5A89B964F56DDB085 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

Infizierte Dateien: 1
C:\Users\oh\AppData\Roaming\OpenCandy\A41F32C5886B4FD5A89B964F56DDB085\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

(Ende)
         
und hier noch das neue FRST logfile.




FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2014
Ran by oh (administrator) on XMV on 07-02-2014 12:41:14
Running from C:\Users\oh\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
( ) C:\Windows\System32\lxeccoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Connectify) C:\Program Files\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(Connectify) C:\Program Files\Connectify\ConnectifyNetServices.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Alcor Micro Corp.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
() C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Connectify) C:\Program Files\Connectify\DispatchUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Connectify) C:\Program Files\Connectify\Connectify.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVM Berlin) C:\Users\oh\AppData\Local\Apps\2.0\M5XZ7ERZ.PXA\3ARY5QEL.W1V\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Prog-Soft s.r.o.) C:\Program Files\PSPad editor\PSPad.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [496184 2012-11-18] (Conexant Systems, Inc.)
HKLM\...\Run: [AmIcoSinglun] - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [233472 2012-11-18] (Alcor Micro Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [492952 2010-12-03] (Acer Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [lxecmon.exe] - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [6049096 2012-08-23] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] - C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [943856 2012-07-24] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [403888 2012-08-23] (Acronis)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13834856 2010-05-20] (NVIDIA Corporation)
HKLM\...\Run: [Lexmark Pro800-Pro900 Series Fax Server] - C:\Program Files\Lexmark Pro800-Pro900 Series\fm3032.exe [316072 2009-10-01] ()
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Connectify Dispatch] - C:\Program Files\Connectify\DispatchUI.exe [1685280 2013-12-23] (Connectify)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-27] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Connectify Hotspot] - C:\Program Files\Connectify\Connectify.exe [3755296 2013-12-23] (Connectify)
HKLM\...\Run: [MobileBroadband] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-02-05] (Vodafone)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [AnyDVD] - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [93096 2014-01-23] (SlySoft, Inc.)
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [AVMUSBFernanschluss] - C:\Users\oh\AppData\Local\Apps\2.0\M5XZ7ERZ.PXA\3ARY5QEL.W1V\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-01-16] (AVM Berlin)
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: F - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {018caeb7-7886-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {018cb196-7886-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {018cb2b6-7886-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {1f449296-4069-11e2-976d-60eb698d14b8} - Autoplay.exe -auto
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {276fa41a-6be1-11e2-96fb-001e101f299e} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {2a73de53-84c7-11e2-a0fe-001e101f9e5e} - F:\setup.exe
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {5fbd6d6c-63d4-11e2-a3fd-18f46a77934b} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {5fbd6e32-63d4-11e2-a3fd-60eb698d14b8} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {8cc37f36-31b5-11e2-aeac-edee0ccccdeb} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {9e68451a-77c3-11e3-a390-60eb698d14b8} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...\MountPoints2: {ca20d0c5-dda1-11e2-9c31-60eb698d14b8} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2801114736-939692857-340290277-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
Startup: C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC35F2E11422CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.24.dll No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.250.40
Tcpip\..\Interfaces\{22DF3645-8170-4D31-9946-DD1134FA13FC}: [NameServer]139.7.30.125,139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\oh\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Firefox OS Simulator - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\r2d2b2g@mozilla.org [2014-02-07]
FF Extension: FireShot - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-01-29]
FF Extension: ColorZilla - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012-11-18]
FF Extension: Page Speed - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2013-12-02]
FF Extension: Automatic window resizer - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\autoresize@addiks.de.xpi [2014-02-05]
FF Extension: Firebug - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\firebug@software.joehewitt.com.xpi [2012-11-18]
FF Extension: HttpFox - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2013-02-18]
FF Extension: MeasureIt - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012-11-18]
FF Extension: Web Developer - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-11-18]
FF Extension: DownThemAll! - C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\buoobwx4.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-11-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-29]

Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Google Wallet) - C:\Users\oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [813576 2012-08-23] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3729400 2012-11-20] (Acronis)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-27] (AVAST Software)
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [487936 2013-12-23] (Connectify)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [701824 2010-12-03] (Acer Incorporated)
S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [129536 2012-04-06] (Samsung Electronics)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7027752 2012-08-18] (Acronis)
R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-02-05] (Vodafone)

==================== Drivers (Whitelisted) ====================

S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [25600 2012-11-18] (Alcor Micro, Corp.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [120616 2013-11-26] (SlySoft, Inc.)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2013-10-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-27] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [265072 2014-01-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-10-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-10-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-01-27] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-01-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-02] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-12-13] (AVM Berlin)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [29672 2013-09-27] (Connectify)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [29232 2012-11-18] (EgisTec)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2013-01-30] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-01-30] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [203264 2013-01-30] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [806184 2012-11-20] (Acronis)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [689672 2012-11-20] (Acronis)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv.sys [13824 2013-01-05] (Scott)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [139336 2012-11-20] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [99720 2012-11-20] (Acronis)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-07 12:40 - 2014-02-07 12:40 - 00000000 ____D () C:\Users\oh\Downloads\FRST-OlderVersion
2014-02-07 11:31 - 2014-02-07 11:31 - 00000747 _____ () C:\Users\oh\Desktop\JRT.txt
2014-02-07 11:22 - 2014-02-07 11:22 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 11:10 - 2014-02-07 11:10 - 01037530 _____ (Thisisu) C:\Users\oh\Desktop\JRT.exe
2014-02-07 10:45 - 2014-02-07 10:45 - 00000355 _____ () C:\Users\oh\Desktop\todlebo-businessplan.txt
2014-02-07 10:44 - 2014-02-07 11:11 - 00000000 ____D () C:\AdwCleaner
2014-02-07 10:43 - 2014-02-07 10:43 - 01166132 _____ () C:\Users\oh\Desktop\adwcleaner.exe
2014-02-06 11:00 - 2014-02-06 11:00 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420(2).exe
2014-02-05 09:36 - 2014-02-05 09:37 - 00025973 _____ () C:\Users\oh\Downloads\Addition.txt
2014-02-05 09:35 - 2014-02-07 12:41 - 00022025 _____ () C:\Users\oh\Downloads\FRST.txt
2014-02-05 09:33 - 2014-02-07 12:41 - 00000000 ____D () C:\FRST
2014-02-05 09:32 - 2014-02-07 12:40 - 01136640 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe
2014-02-05 08:06 - 2014-02-05 08:08 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420(1).exe
2014-02-01 20:34 - 2014-02-01 20:34 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420.exe
2014-02-01 00:25 - 2014-02-01 00:25 - 02418886 _____ () C:\Users\oh\Downloads\shutterstock_173367836.eps
2014-01-31 23:58 - 2014-01-31 23:58 - 00706815 _____ () C:\Users\oh\Downloads\shutterstock_173313854.eps
2014-01-31 23:47 - 2014-01-31 23:47 - 00309014 _____ () C:\Users\oh\Downloads\shutterstock_173929187.eps
2014-01-28 16:44 - 2014-01-28 16:47 - 00000000 ____D () C:\Users\oh\Desktop\VBG
2014-01-27 13:21 - 2014-01-27 13:21 - 01069512 _____ (Solid State Networks) C:\Users\oh\Downloads\install_flashplayer12x32au_mssd_aaa_aih.exe
2014-01-27 08:08 - 2014-01-27 08:08 - 00000000 ____D () C:\Users\oh\Desktop\Whiteboard Animation
2014-01-24 10:26 - 2014-01-24 10:26 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-24 10:25 - 2014-01-24 10:26 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-24 10:25 - 2014-01-24 10:26 - 00000000 ____D () C:\Program Files\iTunes
2014-01-24 10:25 - 2014-01-24 10:25 - 00000000 ____D () C:\Program Files\iPod
2014-01-24 10:18 - 2014-01-24 10:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-01-21 08:15 - 2014-01-21 08:32 - 00000139 _____ () C:\Users\oh\Downloads\domainliste.csv
2014-01-20 10:24 - 2014-01-20 10:24 - 31804272 _____ () C:\Users\oh\Desktop\D-GWS-Grafiken.psd
2014-01-20 08:16 - 2014-01-20 08:16 - 00000000 ____D () C:\Users\oh\AppData\Roaming\TuneUp Software
2014-01-20 08:14 - 2014-01-20 08:17 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-01-20 08:14 - 2014-01-20 08:14 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-20 08:09 - 2014-01-20 08:10 - 00000000 ____D () C:\Users\oh\Documents\Freemake
2014-01-20 08:09 - 2014-01-20 08:10 - 00000000 ____D () C:\ProgramData\Freemake
2014-01-20 08:09 - 2014-01-20 08:09 - 00001278 _____ () C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2014-01-20 08:09 - 2014-01-20 08:09 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-01-20 08:08 - 2014-01-20 08:09 - 00000000 ____D () C:\Program Files\Freemake
2014-01-20 08:06 - 2014-01-20 08:06 - 01300416 _____ (Ellora Assets Corporation ) C:\Users\oh\Downloads\FreemakeAudioConverterSetup.exe
2014-01-20 08:03 - 2014-01-20 08:03 - 00051134 _____ () C:\Users\oh\Desktop\aufnahme4.m4a
2014-01-19 21:09 - 2014-01-19 21:09 - 00001184 _____ () C:\Users\Public\Desktop\VideoScribe Desktop.lnk
2014-01-19 21:09 - 2014-01-19 21:09 - 00000000 ____D () C:\Program Files\Sparkol
2014-01-19 20:58 - 2014-01-19 21:00 - 27679232 _____ () C:\Users\oh\Downloads\VideoScribe.msi
2014-01-15 13:56 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 13:56 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 13:56 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 13:56 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 13:56 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 13:56 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 13:56 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 13:56 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 13:56 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 21:56 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-14 21:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-14 21:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-14 21:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-14 21:55 - 2014-01-14 21:56 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-08 19:02 - 2014-01-08 19:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2014-01-08 18:58 - 2014-01-08 18:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2014-01-08 18:57 - 2013-01-30 11:26 - 00203264 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2014-01-08 18:57 - 2013-01-30 11:26 - 00102784 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2014-01-08 18:57 - 2013-01-30 11:26 - 00096000 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2014-01-08 18:57 - 2013-01-30 11:26 - 00027520 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2014-01-08 18:57 - 2013-01-30 11:26 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2014-01-08 18:56 - 2014-01-08 18:56 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-01-08 18:56 - 2014-01-08 18:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2014-01-08 18:56 - 2013-01-30 11:26 - 00076544 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations
2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\ProgramData\Macrovision
2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Program Files\Vodafone
2014-01-08 17:11 - 2014-01-08 17:11 - 00000000 ____D () C:\Users\oh\Desktop\Neuer Ordner
2014-01-08 10:50 - 2014-01-08 10:50 - 00001122 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk
2014-01-08 10:33 - 2014-01-08 10:33 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller(5).exe
2014-01-08 07:51 - 2014-02-05 08:41 - 00110040 _____ () C:\ProgramData\lxec.log

==================== One Month Modified Files and Folders =======

2014-02-07 12:41 - 2014-02-05 09:35 - 00022025 _____ () C:\Users\oh\Downloads\FRST.txt
2014-02-07 12:41 - 2014-02-05 09:33 - 00000000 ____D () C:\FRST
2014-02-07 12:40 - 2014-02-07 12:40 - 00000000 ____D () C:\Users\oh\Downloads\FRST-OlderVersion
2014-02-07 12:40 - 2014-02-05 09:32 - 01136640 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe
2014-02-07 11:56 - 2012-11-18 20:23 - 01711261 _____ () C:\Windows\WindowsUpdate.log
2014-02-07 11:50 - 2012-11-18 21:30 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-07 11:40 - 2013-09-04 10:38 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Dropbox
2014-02-07 11:32 - 2012-11-18 20:31 - 01648454 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-07 11:31 - 2014-02-07 11:31 - 00000747 _____ () C:\Users\oh\Desktop\JRT.txt
2014-02-07 11:22 - 2014-02-07 11:22 - 00000000 ____D () C:\Windows\ERUNT
2014-02-07 11:21 - 2009-07-14 05:34 - 00013728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-07 11:21 - 2009-07-14 05:34 - 00013728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-07 11:15 - 2012-11-20 11:53 - 00029868 _____ () C:\ProgramData\lxecscan.log
2014-02-07 11:15 - 2012-11-18 21:30 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-07 11:13 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-07 11:13 - 2009-07-14 05:39 - 00397916 _____ () C:\Windows\setupact.log
2014-02-07 11:11 - 2014-02-07 10:44 - 00000000 ____D () C:\AdwCleaner
2014-02-07 11:10 - 2014-02-07 11:10 - 01037530 _____ (Thisisu) C:\Users\oh\Desktop\JRT.exe
2014-02-07 10:45 - 2014-02-07 10:45 - 00000355 _____ () C:\Users\oh\Desktop\todlebo-businessplan.txt
2014-02-07 10:43 - 2014-02-07 10:43 - 01166132 _____ () C:\Users\oh\Desktop\adwcleaner.exe
2014-02-06 11:00 - 2014-02-06 11:00 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420(2).exe
2014-02-05 09:37 - 2014-02-05 09:36 - 00025973 _____ () C:\Users\oh\Downloads\Addition.txt
2014-02-05 08:41 - 2014-01-08 07:51 - 00110040 _____ () C:\ProgramData\lxec.log
2014-02-05 08:08 - 2014-02-05 08:06 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420(1).exe
2014-02-03 11:17 - 2013-12-20 17:06 - 00000000 ____D () C:\Users\oh\AppData\Local\CrashDumps
2014-02-01 20:34 - 2014-02-01 20:34 - 10630080 _____ () C:\Users\oh\Downloads\SetupAnyDVD7420.exe
2014-02-01 00:25 - 2014-02-01 00:25 - 02418886 _____ () C:\Users\oh\Downloads\shutterstock_173367836.eps
2014-01-31 23:58 - 2014-01-31 23:58 - 00706815 _____ () C:\Users\oh\Downloads\shutterstock_173313854.eps
2014-01-31 23:47 - 2014-01-31 23:47 - 00309014 _____ () C:\Users\oh\Downloads\shutterstock_173929187.eps
2014-01-30 13:49 - 2013-10-11 13:37 - 00000495 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-30 09:33 - 2012-11-18 22:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-30 09:33 - 2012-11-18 22:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-28 16:47 - 2014-01-28 16:44 - 00000000 ____D () C:\Users\oh\Desktop\VBG
2014-01-27 17:56 - 2012-11-23 13:32 - 00000000 ____D () C:\Users\oh\AppData\Roaming\FileZilla
2014-01-27 13:21 - 2014-01-27 13:21 - 01069512 _____ (Solid State Networks) C:\Users\oh\Downloads\install_flashplayer12x32au_mssd_aaa_aih.exe
2014-01-27 11:24 - 2012-11-22 11:07 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Apple Computer
2014-01-27 11:22 - 2013-10-22 09:09 - 00002113 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-27 11:22 - 2013-08-29 13:34 - 00002053 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-27 11:20 - 2014-01-02 22:36 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-27 11:20 - 2013-08-29 13:34 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-01-27 11:20 - 2013-08-29 13:33 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-27 11:20 - 2013-08-29 13:33 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-27 11:20 - 2013-08-29 13:32 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-27 11:20 - 2013-08-29 13:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-27 11:20 - 2012-11-18 20:46 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-27 08:08 - 2014-01-27 08:08 - 00000000 ____D () C:\Users\oh\Desktop\Whiteboard Animation
2014-01-24 10:26 - 2014-01-24 10:26 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-24 10:26 - 2014-01-24 10:25 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-24 10:26 - 2014-01-24 10:25 - 00000000 ____D () C:\Program Files\iTunes
2014-01-24 10:25 - 2014-01-24 10:25 - 00000000 ____D () C:\Program Files\iPod
2014-01-24 10:25 - 2012-11-21 21:17 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-01-24 10:18 - 2014-01-24 10:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-01-24 10:16 - 2012-11-21 21:16 - 00000000 ____D () C:\ProgramData\Apple
2014-01-22 17:02 - 2012-12-04 10:21 - 00000000 ____D () C:\Users\oh\AppData\Local\Axure
2014-01-21 08:32 - 2014-01-21 08:15 - 00000139 _____ () C:\Users\oh\Downloads\domainliste.csv
2014-01-20 10:27 - 2012-11-18 21:07 - 00209464 _____ () C:\Windows\PFRO.log
2014-01-20 10:24 - 2014-01-20 10:24 - 31804272 _____ () C:\Users\oh\Desktop\D-GWS-Grafiken.psd
2014-01-20 08:17 - 2014-01-20 08:14 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-01-20 08:16 - 2014-01-20 08:16 - 00000000 ____D () C:\Users\oh\AppData\Roaming\TuneUp Software
2014-01-20 08:14 - 2014-01-20 08:14 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-20 08:10 - 2014-01-20 08:09 - 00000000 ____D () C:\Users\oh\Documents\Freemake
2014-01-20 08:10 - 2014-01-20 08:09 - 00000000 ____D () C:\ProgramData\Freemake
2014-01-20 08:09 - 2014-01-20 08:09 - 00001278 _____ () C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2014-01-20 08:09 - 2014-01-20 08:09 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-01-20 08:09 - 2014-01-20 08:08 - 00000000 ____D () C:\Program Files\Freemake
2014-01-20 08:06 - 2014-01-20 08:06 - 01300416 _____ (Ellora Assets Corporation ) C:\Users\oh\Downloads\FreemakeAudioConverterSetup.exe
2014-01-20 08:03 - 2014-01-20 08:03 - 00051134 _____ () C:\Users\oh\Desktop\aufnahme4.m4a
2014-01-19 21:09 - 2014-01-19 21:09 - 00001184 _____ () C:\Users\Public\Desktop\VideoScribe Desktop.lnk
2014-01-19 21:09 - 2014-01-19 21:09 - 00000000 ____D () C:\Program Files\Sparkol
2014-01-19 21:00 - 2014-01-19 20:58 - 27679232 _____ () C:\Users\oh\Downloads\VideoScribe.msi
2014-01-18 23:18 - 2012-11-20 12:04 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Skype
2014-01-18 20:34 - 2012-11-20 12:03 - 00000000 ____D () C:\ProgramData\Skype
2014-01-18 20:33 - 2013-03-29 19:51 - 00000000 ___RD () C:\Program Files\Skype
2014-01-16 17:36 - 2013-12-18 11:25 - 00001003 _____ () C:\Users\oh\Desktop\Dropbox.lnk
2014-01-16 17:36 - 2013-12-18 11:21 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 17:16 - 2013-12-13 20:33 - 00004727 _____ () C:\Windows\avmacc.log
2014-01-16 17:15 - 2012-11-18 21:24 - 00000000 ____D () C:\Users\oh\AppData\Local\Deployment
2014-01-16 17:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-01-16 17:00 - 2009-07-14 05:33 - 02572872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 16:41 - 2012-11-18 22:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-16 16:41 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2014-01-16 16:32 - 2013-08-16 07:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 16:29 - 2012-11-21 13:14 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 21:56 - 2014-01-14 21:55 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-14 21:56 - 2013-10-24 11:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-14 21:56 - 2012-11-18 22:07 - 00000000 ____D () C:\Program Files\Java
2014-01-10 09:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-01-08 19:02 - 2014-01-08 19:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2014-01-08 18:58 - 2014-01-08 18:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2014-01-08 18:58 - 2013-01-21 16:12 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Vodafone
2014-01-08 18:58 - 2012-11-18 21:10 - 00117960 _____ () C:\Users\oh\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-08 18:57 - 2013-01-21 16:12 - 00000000 ____D () C:\ProgramData\Vodafone
2014-01-08 18:56 - 2014-01-08 18:56 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-01-08 18:56 - 2014-01-08 18:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations
2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\ProgramData\Macrovision
2014-01-08 18:55 - 2014-01-08 18:55 - 00000000 ____D () C:\Program Files\Vodafone
2014-01-08 18:55 - 2012-11-20 11:44 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-01-08 17:11 - 2014-01-08 17:11 - 00000000 ____D () C:\Users\oh\Desktop\Neuer Ordner
2014-01-08 10:51 - 2013-09-27 15:24 - 00000000 ____D () C:\Program Files\Connectify
2014-01-08 10:50 - 2014-01-08 10:50 - 00001122 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk
2014-01-08 10:50 - 2013-09-27 15:26 - 00001138 _____ () C:\Users\Public\Desktop\Connectify Dispatch.lnk
2014-01-08 10:33 - 2014-01-08 10:33 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller(5).exe

Some content of TEMP:
====================
C:\Users\oh\AppData\Local\Temp\FreemakeAudioConverter_1.1.0.49.exe
C:\Users\oh\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\oh\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\oh\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\oh\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\oh\AppData\Local\Temp\ose00000.exe
C:\Users\oh\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\oh\AppData\Local\Temp\proxy_vole914123878496386481.dll
C:\Users\oh\AppData\Local\Temp\Quarantine.exe
C:\Users\oh\AppData\Local\Temp\SkypeSetup.exe
C:\Users\oh\AppData\Local\Temp\SpOrder.dll
C:\Users\oh\AppData\Local\Temp\ydetect.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 16:03

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 08.02.2014, 10:20   #6
schrauber
/// the machine
/// TB-Ausbilder
 

PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> PUP.Optional.OpenCandy gefunden

Alt 11.02.2014, 11:39   #7
via75
 
PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden



Hier das Log von ESET
Nach 8 Stunden war der Scan dann endlich durch, deshalb erst jetzt meine Rückmeldung.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1b5ef3e3c756b940a72b72df5cf17b2d
# engine=17006
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-11 06:50:10
# local_time=2014-02-11 07:50:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 82 1286129 10328949 0 0
# compatibility_mode=5893 16776573 100 94 331761 143732601 0 0
# scanned=671103
# found=5
# cleaned=0
# scan_time=81710
sh=0F927FD51398B383A3062A6C674AC1900416015F ft=1 fh=704fb21e31548381 vn="multiple threats" ac=I fn="I:\DESKTOP\Dokumente\_Desktop Ablage\Ablage\Software\Audio\setupwavtomp3.exe"
sh=0F927FD51398B383A3062A6C674AC1900416015F ft=1 fh=704fb21e31548381 vn="multiple threats" ac=I fn="I:\Software\Audio\setupwavtomp3.exe"
sh=2CFBF8FB41D546C03315F44DA247C3258F51E710 ft=1 fh=eda055c0cb1a7ceb vn="multiple threats" ac=I fn="I:\Software\Office\MS Access\software\internet\BEARINST.EXE"
sh=C45CF2276623F7209D70E110F324B631CB8FE45C ft=1 fh=bb2b5eb820d64118 vn="Win32/Adware.Aureate application" ac=I fn="I:\Software\Office\MS Access\software\mm\WMP3Loc.exe"
sh=82BD70B9B0A697863E9F861F8A4E6B972D24E7DC ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB trojan" ac=I fn="I:\Software\Themes - Wordpress etc\magasin-dos.zip"
         
Den Security Check mache ich jetzt...

Habe Security Check heruntergeladen und gestartet. Dabei kam folgende Fehlermeldung

Code:
ATTFilter
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
         
Was kann ich tun?

Habe meinen Rechner neu gestarte bzw. versucht, jedoch startet er nicht mehr richtig/vollständig.

Auch der abgesicherte Modus zeigt mir nach dem Bootvorgang nur einen schwarzen Bildschirm an. In den Taskmanager komme ich, aber mehr ist dann auch nicht anzufangen.

What can I do? Windows7 neu drüberinstallieren?

Alt 11.02.2014, 18:17   #8
schrauber
/// the machine
/// TB-Ausbilder
 

PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden



Seit wann genau ist das so? Drück mal F8 beim Booten und wähle nicht Safe Mode, sondern Computer reparieren > Systemstartreparatur.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.02.2014, 11:34   #9
via75
 
PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden



Nach der Deinstallation von ESET und dem anschließenden Versuch den Rechner neunte starten.
reparieren war das Erste was ich probiert hatte, aber auch ohne Ergebnis.

vielleicht macht es das Ganze einfacher, wenn ich den Rechner platt mache.
Allerdings würde ich gerne die Daten, wenn möglich noch auf einer externen Festplatte sichern. In DOS komme ich ja rein, bin allerdings da nicht wirklich fit was die Befehle anbelangt - irgendwie an xCopy erinnere ich mich noch vage.

Ich habe mich nun in die DOS Umgebung begeben.
Ich kann so woe es aussieht alle Dateien sehen und auch einzelne Dateien aufrufen.
Wenn ich bspw eine Textdatei öffne und über das Menü Datei>öffnen den Explorer öffnen möchte geht das nicht.
Das war auch der Fall nachdem ich den ESET Scan durch hatte. Da könnte ich den Dateimanager auch nicht mehr öffnen.

Was mir beim Booten noch auffällt: kurz bevor der Login Screen kommt ist der Bildschirm woe gewohnt erstmal schwarz, zeigt dann kurz den Login, wird dann wieder schwarz und zeigt dann den Login an.

Mehr kann ich glaube ich erstmal nicht sagen.

Hoffe Du kannst mir helfen...

13.02.2014
Neuer Tag, neues Glück. Musste Partition C nun doch formatieren und Windows7 Ultimate neu aufspielen da ich meinen Notebook dringend gebraucht habe.

So bin ich vorgegangen:

1. Habe wichtige Ordner und Dateien von mir von Partition C auf D per xcopy /kr/e/i/s/c/h kopiert.

2. Habe Partition C formatiert und Windows 7 neu installiert.
--> Rechner läuft wieder und kann auf Partition D zugreifen, nur die per xcopy verschobenen Ordner werden nicht angezeigt. Unter DOS sind sie aber da und einzelne Files auch aufrufbar. Ich weiß noch nicht woran das liegt.

3. Der Rechner bläst nur leider ständig.

Hier nun die neuen logs zu den Scans wie du sie mir zuanfangs angeraten hast:

FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by oh (administrator) on XMP on 13-02-2014 12:26:39
Running from C:\Users\oh\Downloads
Microsoft Windows 7 Ultimate  (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [714120 2011-01-05] (Acer Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13834856 2010-05-20] (NVIDIA Corporation)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [496184 2012-11-18] (Conexant Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-12] (AVAST Software)
HKLM\...\Run: [MobileBroadband] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-02-05] (Vodafone)
Startup: C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.250.40

FireFox:
========
FF ProfilePath: C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\ep2r4gcc.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-12]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-12] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-12] (AVAST Software)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [734592 2011-01-05] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-02-05] (Vodafone)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-02-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-12] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [265072 2014-02-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2014-02-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-02-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-12] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-02-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [14808 2009-11-02] ()
R3 vodafone_K3805-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [61952 2010-09-01] (Vodafone)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [204800 2010-04-07] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [101504 2010-03-20] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-13 12:26 - 2014-02-13 12:27 - 00007505 _____ () C:\Users\oh\Downloads\FRST.txt
2014-02-13 12:26 - 2014-02-13 12:26 - 01141248 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe
2014-02-13 12:26 - 2014-02-13 12:26 - 00000000 ____D () C:\FRST
2014-02-13 09:20 - 2014-02-13 09:20 - 00000000 ____D () C:\Users\oh\AppData\Roaming\FLEXnet
2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-02-13 07:49 - 2014-02-13 07:49 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-02-13 07:48 - 2014-02-13 07:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 07:48 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 __RHD () C:\MSOCache
2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 ____D () C:\Users\oh\AppData\Local\Microsoft Help
2014-02-13 07:42 - 2014-02-13 07:42 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Vodafone
2014-02-13 00:01 - 2014-02-13 00:01 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller.exe
2014-02-12 23:56 - 2014-02-12 23:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-12 23:56 - 2014-02-12 23:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\DropboxMaster
2014-02-12 23:54 - 2014-02-13 09:22 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Dropbox
2014-02-12 23:54 - 2014-02-12 23:54 - 37660568 _____ (Dropbox, Inc.) C:\Users\oh\Downloads\Dropbox 2.6.2.exe
2014-02-12 23:54 - 2014-02-12 23:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2014-02-12 23:54 - 2013-01-30 11:26 - 00076544 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2014-02-12 23:53 - 2014-02-13 07:44 - 00000000 ____D () C:\ProgramData\Vodafone
2014-02-12 23:53 - 2014-02-12 23:53 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-02-12 23:53 - 2014-02-12 23:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\Macrovision
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Vodafone
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-02-12 23:51 - 2014-02-12 23:51 - 93522288 _____ () C:\Users\oh\Downloads\vmc_10.3.401.43721_RC1_setup.exe
2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\ProgramData\eDocPrintPro
2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\GS
2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\Common Files\SipgateFaxdrucker
2014-02-12 23:50 - 2013-12-18 06:13 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-02-12 23:48 - 2014-02-12 23:48 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Malwarebytes
2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-12 23:48 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-12 23:47 - 2014-02-12 23:47 - 00614792 _____ (Chip Digital GmbH) C:\Users\oh\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-12 23:46 - 2014-02-12 23:46 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Mozilla
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Local\Mozilla
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 23:44 - 2014-02-12 23:44 - 00002185 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-02-12 23:44 - 2014-02-12 23:44 - 00002125 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-02-12 23:44 - 2014-02-12 23:44 - 00000000 ____D () C:\Users\oh\AppData\Roaming\AVAST Software
2014-02-12 23:43 - 2014-02-12 23:43 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-12 23:43 - 2014-02-12 23:43 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-12 23:43 - 2014-02-12 23:43 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-02-12 23:42 - 2014-02-12 23:42 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-12 23:41 - 2014-02-13 07:54 - 00085768 _____ () C:\Users\oh\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-12 23:41 - 2014-02-12 23:41 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-12 23:41 - 2012-02-15 06:44 - 00826368 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-02-12 23:41 - 2012-02-15 05:22 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-02-12 23:41 - 2012-02-15 05:22 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-02-12 23:41 - 2010-01-09 07:52 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2014-02-12 23:37 - 2012-06-02 23:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-02-12 23:37 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-02-12 23:37 - 2012-06-02 23:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-02-12 23:37 - 2012-06-02 23:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-02-12 23:37 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-02-12 23:37 - 2012-06-02 23:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-02-12 23:37 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-02-12 23:37 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-02-12 23:37 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-02-12 23:35 - 2014-02-12 23:35 - 00000000 ____D () C:\Program Files\CONEXANT
2014-02-12 23:35 - 2012-11-18 21:40 - 00001096 ____N () C:\Windows\system32\Drivers\SamSfPa.dat
2014-02-12 23:35 - 2009-12-16 10:26 - 00168648 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\EED32A.dll
2014-02-12 23:35 - 2009-12-16 10:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\EEL32A.dll
2014-02-12 23:35 - 2009-12-16 10:26 - 00062664 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\EEG32A.dll
2014-02-12 23:31 - 2014-02-13 09:12 - 00006656 _____ () C:\Windows\system32\bcmwlrc.dll
2014-02-12 23:31 - 2014-02-12 23:31 - 03872056 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll
2014-02-12 23:31 - 2014-02-12 23:31 - 03764800 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL6.SYS
2014-02-12 23:31 - 2014-02-12 23:31 - 03560760 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll
2014-02-12 23:31 - 2014-02-12 23:31 - 00091448 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2014-02-12 23:31 - 2014-02-12 23:31 - 00000000 ____D () C:\Program Files\Broadcom
2014-02-12 23:29 - 2014-02-13 08:59 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Intel
2014-02-12 23:28 - 2014-02-13 08:59 - 00012768 _____ () C:\Windows\DPINST.LOG
2014-02-12 23:28 - 2014-02-12 23:28 - 00000000 ____D () C:\Program Files\Cisco
2014-02-12 23:25 - 2014-02-12 23:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-12 23:02 - 2014-02-13 09:01 - 00006226 _____ () C:\Windows\PFRO.log
2014-02-12 23:02 - 2014-02-12 23:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-12 23:00 - 2010-06-10 14:15 - 00600680 _____ (NVIDIA Corporation) C:\Windows\system32\nvuninst.exe
2014-02-12 22:59 - 2014-02-12 22:59 - 00000000 ____D () C:\ProgramData\OEM
2014-02-12 22:59 - 2014-02-12 22:59 - 00000000 ____D () C:\Program Files\Acer
2014-02-12 22:59 - 2010-04-07 10:05 - 00204800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2014-02-12 22:59 - 2010-03-25 03:08 - 00105984 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-02-12 22:59 - 2010-03-20 05:06 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2014-02-12 22:59 - 2010-03-20 04:56 - 00101504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2014-02-12 22:59 - 2010-03-17 07:33 - 00861696 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2014-02-12 22:59 - 2010-01-18 11:48 - 00027136 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2014-02-12 22:58 - 2014-02-12 22:59 - 00000000 ____D () C:\Program Files\HUAWEI Modem Driver
2014-02-12 22:57 - 2014-02-13 09:19 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 22:57 - 2014-02-13 08:59 - 00000000 ____D () C:\Program Files\Intel
2014-02-12 22:56 - 2014-02-12 22:59 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-12 22:56 - 2014-02-12 22:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\InstallShield
2014-02-12 22:54 - 2014-02-12 23:53 - 00000000 ____D () C:\Users\oh
2014-02-12 22:54 - 2014-02-12 23:33 - 00000000 ____D () C:\Users\oh\AppData\Local\VirtualStore
2014-02-12 22:54 - 2014-02-12 22:54 - 00001409 _____ () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-12 22:54 - 2014-02-12 22:54 - 00000020 ___SH () C:\Users\oh\ntuser.ini
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Startmenü
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Netzwerkumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Druckumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Local\Verlauf
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 __SHD () C:\Recovery
2014-02-12 22:54 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-12 22:54 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-12 22:50 - 2014-02-13 11:38 - 01120871 _____ () C:\Windows\WindowsUpdate.log
2014-02-12 22:47 - 2014-02-12 22:49 - 00001313 _____ () C:\Windows\TSSysprep.log
2014-02-12 22:44 - 2014-02-12 22:54 - 00000000 ____D () C:\Windows\Panther
2014-02-12 22:09 - 2012-11-18 21:56 - 00325672 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60x.sys
2014-02-12 22:08 - 2012-11-18 21:40 - 01737272 _____ (Conexant Systems Inc.) C:\Windows\system32\CX32HP25.dll
2014-02-12 22:08 - 2012-11-18 21:40 - 00520760 _____ (Conexant Systems Inc.) C:\Windows\system32\Drivers\CHDRT32.sys
2014-02-12 22:08 - 2012-11-18 21:40 - 00428088 _____ (Conexant Systems, Inc.) C:\Windows\system32\CDolbyExt32.dll
2014-02-12 22:08 - 2012-11-18 21:40 - 00308128 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-02-12 22:08 - 2012-11-18 21:40 - 00301624 _____ (Conexant Systems, Inc.) C:\Windows\system32\UCI32A55.dll
2014-02-12 22:08 - 2012-11-18 21:40 - 00076344 _____ (Conexant Systems, Inc.) C:\Windows\system32\FMPropPageExt.dll

==================== One Month Modified Files and Folders =======

2014-02-13 12:27 - 2014-02-13 12:26 - 00007505 _____ () C:\Users\oh\Downloads\FRST.txt
2014-02-13 12:26 - 2014-02-13 12:26 - 01141248 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe
2014-02-13 12:26 - 2014-02-13 12:26 - 00000000 ____D () C:\FRST
2014-02-13 11:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-13 11:38 - 2014-02-12 22:50 - 01120871 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 11:16 - 2009-07-14 05:34 - 00012208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 11:16 - 2009-07-14 05:34 - 00012208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 09:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-13 09:22 - 2014-02-12 23:54 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Dropbox
2014-02-13 09:20 - 2014-02-13 09:20 - 00000000 ____D () C:\Users\oh\AppData\Roaming\FLEXnet
2014-02-13 09:19 - 2014-02-12 22:57 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 09:14 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-13 09:14 - 2009-07-14 05:39 - 00022369 _____ () C:\Windows\setupact.log
2014-02-13 09:12 - 2014-02-12 23:31 - 00006656 _____ () C:\Windows\system32\bcmwlrc.dll
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\th-TH
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\he-IL
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\et-EE
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\el-GR
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-02-13 09:06 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-13 09:01 - 2014-02-12 23:02 - 00006226 _____ () C:\Windows\PFRO.log
2014-02-13 09:01 - 2009-07-14 05:33 - 00341520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-13 08:59 - 2014-02-12 23:29 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Intel
2014-02-13 08:59 - 2014-02-12 23:28 - 00012768 _____ () C:\Windows\DPINST.LOG
2014-02-13 08:59 - 2014-02-12 22:57 - 00000000 ____D () C:\Program Files\Intel
2014-02-13 07:54 - 2014-02-12 23:41 - 00085768 _____ () C:\Users\oh\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-13 07:53 - 2014-02-13 07:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-02-13 07:51 - 2014-02-13 07:48 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-13 07:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-13 07:49 - 2014-02-13 07:49 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-02-13 07:49 - 2009-07-14 09:56 - 00000000 ____D () C:\Windows\ShellNew
2014-02-13 07:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-02-13 07:49 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 __RHD () C:\MSOCache
2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 ____D () C:\Users\oh\AppData\Local\Microsoft Help
2014-02-13 07:44 - 2014-02-12 23:53 - 00000000 ____D () C:\ProgramData\Vodafone
2014-02-13 07:42 - 2014-02-13 07:42 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Vodafone
2014-02-13 00:01 - 2014-02-13 00:01 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller.exe
2014-02-12 23:56 - 2014-02-12 23:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-12 23:56 - 2014-02-12 23:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\DropboxMaster
2014-02-12 23:54 - 2014-02-12 23:54 - 37660568 _____ (Dropbox, Inc.) C:\Users\oh\Downloads\Dropbox 2.6.2.exe
2014-02-12 23:54 - 2014-02-12 23:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2014-02-12 23:53 - 2014-02-12 23:53 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-02-12 23:53 - 2014-02-12 23:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2014-02-12 23:53 - 2014-02-12 22:54 - 00000000 ____D () C:\Users\oh
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\Macrovision
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Vodafone
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-02-12 23:51 - 2014-02-12 23:51 - 93522288 _____ () C:\Users\oh\Downloads\vmc_10.3.401.43721_RC1_setup.exe
2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\ProgramData\eDocPrintPro
2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\GS
2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\Common Files\SipgateFaxdrucker
2014-02-12 23:48 - 2014-02-12 23:48 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Malwarebytes
2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-12 23:47 - 2014-02-12 23:47 - 00614792 _____ (Chip Digital GmbH) C:\Users\oh\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-12 23:46 - 2014-02-12 23:46 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Mozilla
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Local\Mozilla
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 23:44 - 2014-02-12 23:44 - 00002185 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-02-12 23:44 - 2014-02-12 23:44 - 00002125 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-02-12 23:44 - 2014-02-12 23:44 - 00000000 ____D () C:\Users\oh\AppData\Roaming\AVAST Software
2014-02-12 23:43 - 2014-02-12 23:43 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-12 23:43 - 2014-02-12 23:43 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-12 23:43 - 2014-02-12 23:43 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-02-12 23:42 - 2014-02-12 23:42 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-12 23:41 - 2014-02-12 23:41 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-12 23:35 - 2014-02-12 23:35 - 00000000 ____D () C:\Program Files\CONEXANT
2014-02-12 23:33 - 2014-02-12 22:54 - 00000000 ____D () C:\Users\oh\AppData\Local\VirtualStore
2014-02-12 23:31 - 2014-02-12 23:31 - 03872056 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll
2014-02-12 23:31 - 2014-02-12 23:31 - 03764800 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL6.SYS
2014-02-12 23:31 - 2014-02-12 23:31 - 03560760 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll
2014-02-12 23:31 - 2014-02-12 23:31 - 00091448 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2014-02-12 23:31 - 2014-02-12 23:31 - 00000000 ____D () C:\Program Files\Broadcom
2014-02-12 23:28 - 2014-02-12 23:28 - 00000000 ____D () C:\Program Files\Cisco
2014-02-12 23:25 - 2014-02-12 23:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-12 23:02 - 2014-02-12 23:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-12 23:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help
2014-02-12 22:59 - 2014-02-12 22:59 - 00000000 ____D () C:\ProgramData\OEM
2014-02-12 22:59 - 2014-02-12 22:59 - 00000000 ____D () C:\Program Files\Acer
2014-02-12 22:59 - 2014-02-12 22:58 - 00000000 ____D () C:\Program Files\HUAWEI Modem Driver
2014-02-12 22:59 - 2014-02-12 22:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-12 22:56 - 2014-02-12 22:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\InstallShield
2014-02-12 22:56 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\restore
2014-02-12 22:54 - 2014-02-12 22:54 - 00001409 _____ () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-12 22:54 - 2014-02-12 22:54 - 00000020 ___SH () C:\Users\oh\ntuser.ini
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Startmenü
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Netzwerkumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Druckumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Local\Verlauf
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 __SHD () C:\Recovery
2014-02-12 22:54 - 2014-02-12 22:44 - 00000000 ____D () C:\Windows\Panther
2014-02-12 22:54 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-02-12 22:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2014-02-12 22:49 - 2014-02-12 22:47 - 00001313 _____ () C:\Windows\TSSysprep.log
2014-02-12 22:47 - 2009-07-14 09:56 - 00000000 ____D () C:\Windows\CSC
2014-02-12 22:47 - 2009-07-14 05:34 - 00001774 _____ () C:\Windows\DtcInstall.log
2014-02-12 22:44 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-02-12 22:44 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template

Some content of TEMP:
====================
C:\Users\oh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy6xebz.dll
C:\Users\oh\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-13 11:43

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by oh at 2014-02-13 12:27:16
Running from C:\Users\oh\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Acer ePower Management (Version: 5.00.3009 - Acer Incorporated)
avast! Internet Security (Version: 9.0.2013 - Avast Software)
Broadcom 802.11 Network Adapter (Version: 5.100.249.2 - Broadcom Corporation)
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (Version: 4.121.0.50 - Conexant)
Dropbox (HKCU Version: 2.6.2 - Dropbox, Inc.)
HUAWEI DataCard Driver 4.05.02.00 (Version: 4.05.02.00 - Huawei technologies Co., Ltd.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Mozilla Firefox 22.0 (x86 de) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (Version: 22.0 - Mozilla)
NVIDIA Drivers (Version: 1.10 - NVIDIA Corporation)
sipgate Faxdrucker (Version: 1.0.0 - sipgate GmbH)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6 - Intel)
Vodafone Mobile Broadband (Version: 10.3.401.43721 - Vodafone)

==================== Restore Points  =========================

12-02-2014 21:56:49 Installiert Überwachungstool für die Intel® Turbo-Boost-Technik
12-02-2014 21:57:14 Installed Intel(R) Turbo Boost Technology Monitor.
12-02-2014 21:59:44 Installiert Acer ePower Management
12-02-2014 22:28:01 Installed Intel(R) PROSet/Wireless WiFi Software.
12-02-2014 22:37:03 Windows Update
12-02-2014 22:41:02 Windows Update
12-02-2014 22:42:03 avast! antivirus system restore point
12-02-2014 22:43:53 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
12-02-2014 22:49:46 Installed sipgate Faxdrucker
12-02-2014 22:52:34 Installed Vodafone Mobile Broadband.
13-02-2014 06:47:58 Installed Microsoft Office Professional 2010
13-02-2014 07:57:47 Removed Intel(R) PROSet/Wireless WiFi-Software.

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {A8F4DCF0-2159-43B5-8C60-A64185AA63BB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-12] (AVAST Software)

==================== Loaded Modules (whitelisted) =============

2014-02-12 23:43 - 2014-02-12 23:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2014-02-13 09:15 - 2014-02-13 09:15 - 00041984 _____ () c:\users\oh\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy6xebz.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\oh\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-12 23:46 - 2013-06-18 15:21 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-02-28 02:55 - 2010-02-28 02:55 - 01040736 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: FingerPrinter Reader
Description: FingerPrinter Reader
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7

Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7

Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7

Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7

Error: (02/13/2014 07:56:10 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7

Error: (02/13/2014 07:56:10 AM) (Source: Office Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7

Error: (02/13/2014 07:53:00 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7

Error: (02/13/2014 07:53:00 AM) (Source: Office Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7

Error: (02/13/2014 07:47:56 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {cddba2f9-50de-40c6-8df1-ef44051a25e6}

Error: (02/12/2014 10:56:49 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {0a9e2df2-af72-4e0c-8a98-fb26589c4b75}


System errors:
=============
Error: (02/13/2014 08:56:13 AM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (02/12/2014 11:41:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "kwxjrvfe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/12/2014 10:50:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147467243


Microsoft Office Sessions:
=========================
Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE78b559c37-0117-413e-921b-b853aeb6e210

Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE700010001(0x00000000, 09:03:44:900 - hxxp://go.microsoft.com/fwlink/?LinkID=120748)
00020001(0x00000000, 09:03:44:900)
00030001(0x00000000, 09:03:44:900 - hxxp://go.microsoft.com)
00030002(0x00000000, 09:03:44:900 - 0)
00040001(0x00000000, 09:03:44:900 - hxxp://go.microsoft.com)
00040002(0x00000000, 09:03:44:916 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 09:03:44:932 - <NULL>)
00040006(0x00000000, 09:03:44:932 - 1, hxxp://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 09:03:44:932 - 0)
00020007(0x80072EE7, 09:03:44:932)
00010002(0x80072EE7, 09:03:44:932 - <NULL>)
00010003(0x80072EE7, 09:03:44:932)

Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE78b559c37-0117-413e-921b-b853aeb6e210

Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE700010001(0x00000000, 08:14:23:884 - hxxp://go.microsoft.com/fwlink/?LinkID=120748)
00020001(0x00000000, 08:14:23:884)
00030001(0x00000000, 08:14:23:899 - hxxp://go.microsoft.com)
00030002(0x00000000, 08:14:23:899 - 0)
00040001(0x00000000, 08:14:23:899 - hxxp://go.microsoft.com)
00040002(0x00000000, 08:14:23:915 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 08:14:23:930 - <NULL>)
00040006(0x00000000, 08:14:23:930 - 1, hxxp://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 08:14:23:930 - 0)
00020007(0x80072EE7, 08:14:23:930)
00010002(0x80072EE7, 08:14:23:930 - <NULL>)
00010003(0x80072EE7, 08:14:23:930)

Error: (02/13/2014 07:56:10 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE78b559c37-0117-413e-921b-b853aeb6e210

Error: (02/13/2014 07:56:10 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE700010001(0x00000000, 07:56:10:340 - hxxp://go.microsoft.com/fwlink/?LinkID=120748)
00020001(0x00000000, 07:56:10:355)
00030001(0x00000000, 07:56:10:371 - hxxp://go.microsoft.com)
00030002(0x00000000, 07:56:10:371 - 0)
00040001(0x00000000, 07:56:10:371 - hxxp://go.microsoft.com)
00040002(0x00000000, 07:56:10:371 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 07:56:10:402 - <NULL>)
00040006(0x00000000, 07:56:10:402 - 1, hxxp://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 07:56:10:402 - 0)
00020007(0x80072EE7, 07:56:10:402)
00010002(0x80072EE7, 07:56:10:402 - <NULL>)
00010003(0x80072EE7, 07:56:10:402)

Error: (02/13/2014 07:53:00 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE78b559c37-0117-413e-921b-b853aeb6e210

Error: (02/13/2014 07:53:00 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE700010001(0x00000000, 07:53:00:218 - hxxp://go.microsoft.com/fwlink/?LinkID=120748)
00020001(0x00000000, 07:53:00:265)
00030001(0x00000000, 07:53:00:296 - hxxp://go.microsoft.com)
00030002(0x00000000, 07:53:00:296 - 0)
00040001(0x00000000, 07:53:00:296 - hxxp://go.microsoft.com)
00040002(0x00000000, 07:53:00:312 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 07:53:00:374 - <NULL>)
00040006(0x00000000, 07:53:00:374 - 1, hxxp://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 07:53:00:374 - 0)
00020007(0x80072EE7, 07:53:00:374)
00010002(0x80072EE7, 07:53:00:374 - <NULL>)
00010003(0x80072EE7, 07:53:00:374)

Error: (02/13/2014 07:47:56 AM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {cddba2f9-50de-40c6-8df1-ef44051a25e6}

Error: (02/12/2014 10:56:49 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {0a9e2df2-af72-4e0c-8a98-fb26589c4b75}


==================== Memory info =========================== 

Percentage of memory in use: 61%
Total physical RAM: 2356.4 MB
Available physical RAM: 909.93 MB
Total Pagefile: 4711.08 MB
Available Pagefile: 3020.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1883.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:81.49 GB) NTFS
Drive d: () (Fixed) (Total:187.33 GB) (Free:20.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: AABD5AB5)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=187 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 14.02.2014, 14:02   #10
schrauber
/// the machine
/// TB-Ausbilder
 

PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden



Die LOgs zeigen immer nur das WIndows-Laufwerk. Also im WIndows Explorer siehst du die Ordner nicht? Auch nicht wenn du versteckte Dateien anzeigen lässt?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.02.2014, 13:23   #11
via75
 
PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden



versteckte Dateien anzeigen zeigt mir den vermissten Ordner nicht an.

Auf DOS sehe ich den Ordnernamen aber wie gesagt nicht unter Windows Explorer. Rufe ich den vermissten Ordnernamen von Hand auf leitet er mich auf einen Ordner im Laufwerk D.

Aber das ist für mich erstmal verschmerzbar da ich die Daten zum Glück noch anderweitig gesichert habe.

Ich habe wie geschrieben mein System neu aufgesetzt und Malewarebytes drüber laufen lassen. mit folgendem Log

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.12.10

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
oh :: XMP [Administrator]

Schutz: Aktiviert

17.02.2014 11:06:30
MBAM-log-2014-02-17 (13-59-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 525936
Laufzeit: 2 Stunde(n), 49 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\oh\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> 4428 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\SOMOTO\SDP (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\Software\Somoto\SDP|affid (PUP.Optional.Somoto.A) -> Daten: danielnetsoftware -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 5
C:\Users\oh\AppData\Local\Temp\smartbar (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Roaming\OpenCandy\1A5FD436EB8C4D21BAA393E16B9E4B9C (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Local\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 13
C:\Users\oh\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Local\Temp\nsaD3B9.tmp\Setup58771.exe (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Local\Temp\smartbar\Installer.msi (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Local\Temp\is-FMP2J.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Roaming\OpenCandy\1A5FD436EB8C4D21BAA393E16B9E4B9C\dlm.exe (PUP.Optional.OpenCandy.A) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Local\Temp\smartbar\GuidCreator.dll (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Local\Temp\smartbar\Installer.exe.config (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Roaming\OpenCandy\1A5FD436EB8C4D21BAA393E16B9E4B9C\Setup1004733_DE-2.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Roaming\OpenCandy\1A5FD436EB8C4D21BAA393E16B9E4B9C\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt.

(Ende)
         
und hier noch der Scan mit FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by oh (administrator) on XMP on 17-02-2014 14:21:54
Running from C:\Users\oh\Downloads
Microsoft Windows 7 Ultimate  (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Connectify) C:\Program Files\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files\Connectify\ConnectifyD.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Connectify) C:\Program Files\Connectify\Connectify.exe
(Connectify) C:\Program Files\Connectify\DispatchUI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Somoto) C:\Users\oh\AppData\Local\FilesFrog Update Checker\update_checker.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Connectify) C:\Program Files\Connectify\ConnectifyNetServices.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
(Farbar) C:\Users\oh\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [492952 2010-12-03] (Acer Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13834856 2010-05-20] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-12] (AVAST Software)
HKLM\...\Run: [MobileBroadband] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-02-05] (Vodafone)
HKLM\...\Run: [Connectify Hotspot] - C:\Program Files\Connectify\Connectify.exe [3755296 2013-12-23] (Connectify)
HKLM\...\Run: [Connectify Dispatch] - C:\Program Files\Connectify\DispatchUI.exe [1685280 2013-12-23] (Connectify)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\Runonce: [danielnetsoftware] - [X]
Startup: C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.250.40

FireFox:
========
FF ProfilePath: C:\Users\oh\AppData\Roaming\Mozilla\Firefox\Profiles\ep2r4gcc.default
FF NewTab: hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=nt&installDate={installDate}&barcodeid={barcodeID}&um={UM}
FF SelectedSearchEngine: Yahoo
FF Homepage: about:home
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&installDate={installDate}&barcodeid={barcodeID}&um={UM}&q=
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-12]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-12] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-12] (AVAST Software)
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [487936 2013-12-23] (Connectify)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-02-05] (Vodafone)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-02-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-12] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [265072 2014-02-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2014-02-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-02-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-12] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-02-12] ()
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [29672 2014-02-13] (Connectify)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-17] (Malwarebytes Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [14808 2009-11-02] ()
R3 vodafone_K3805-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [61952 2010-09-01] (Vodafone)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [204800 2010-04-07] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [101504 2010-03-20] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-17 14:21 - 2014-02-17 14:21 - 01166132 _____ () C:\Users\oh\Downloads\adwcleaner(1).exe
2014-02-17 14:21 - 2014-02-17 14:21 - 01037530 _____ (Thisisu) C:\Users\oh\Downloads\JRT.exe
2014-02-17 14:20 - 2014-02-17 14:20 - 01141248 _____ (Farbar) C:\Users\oh\Downloads\FRST(1).exe
2014-02-17 11:05 - 2014-02-17 11:05 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-17 09:28 - 2014-02-17 09:36 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Apple Computer
2014-02-17 09:28 - 2014-02-17 09:28 - 00000000 ____D () C:\Users\oh\AppData\Local\Apple Computer
2014-02-17 09:28 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-02-17 09:27 - 2014-02-17 09:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-17 09:27 - 2014-02-17 09:28 - 00000000 ____D () C:\Program Files\iTunes
2014-02-17 09:27 - 2014-02-17 09:27 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-17 09:27 - 2014-02-17 09:27 - 00000000 ____D () C:\Program Files\iPod
2014-02-17 09:26 - 2014-02-17 09:26 - 00000000 ____D () C:\Users\oh\AppData\Local\Apple
2014-02-17 09:25 - 2014-02-17 09:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-02-17 09:25 - 2014-02-17 09:25 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-02-17 09:23 - 2014-02-17 09:23 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-17 09:22 - 2014-02-17 09:27 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-17 09:22 - 2014-02-17 09:25 - 00000000 ____D () C:\ProgramData\Apple
2014-02-17 09:19 - 2014-02-17 09:20 - 137694544 _____ (Apple Inc.) C:\Users\oh\Downloads\iTunesSetup.exe
2014-02-17 09:14 - 2014-02-17 09:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-02-17 08:06 - 2014-02-17 09:05 - 00406917 _____ () C:\Users\oh\Desktop\LeadGen-Businessplan_20140217.xlsx
2014-02-17 08:06 - 2014-02-17 08:06 - 00000165 ____H () C:\Users\oh\Desktop\~$LeadGen-Businessplan_20140217.xlsx
2014-02-14 18:57 - 2014-02-17 08:05 - 00392663 _____ () C:\Users\oh\Desktop\LeadGen-Businessplan_20140214.xlsx
2014-02-14 16:46 - 2014-02-14 16:46 - 00000000 ____D () C:\Users\oh\Downloads\Win7LogonBackgroundChanger
2014-02-14 15:52 - 2014-02-14 15:53 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 ____D () C:\Users\oh\AppData\Roaming\TuneUp Software
2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 ____D () C:\Users\oh\AppData\Local\FilesFrog Update Checker
2014-02-14 15:51 - 2014-02-14 15:52 - 00002410 _____ () C:\Windows\system32\cplLogon.tsk
2014-02-14 15:51 - 2014-02-14 15:51 - 00001013 _____ () C:\Users\Public\Desktop\Logon Screen.lnk
2014-02-14 15:51 - 2014-02-14 15:51 - 00000000 ____D () C:\Users\oh\AppData\Roaming\OpenCandy
2014-02-14 15:50 - 2014-02-14 15:50 - 02218077 _____ (Daniel Rebelo ) C:\Users\oh\Downloads\Logon_Screen_2.56.exe
2014-02-14 11:04 - 2014-02-14 18:56 - 00394247 _____ () C:\Users\oh\Desktop\LeadGen-Businessplan_20140213.xlsx
2014-02-14 10:50 - 2011-02-19 06:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-02-14 10:31 - 2012-12-16 15:25 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-02-14 10:31 - 2012-12-16 15:25 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-02-14 10:29 - 2009-09-10 06:52 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-02-14 09:58 - 2014-02-14 10:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 09:58 - 2014-02-04 19:09 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 09:58 - 2012-07-26 04:39 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-02-14 09:58 - 2012-07-26 04:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-02-14 09:58 - 2012-07-26 03:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-02-14 09:58 - 2012-06-02 15:34 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-02-14 09:57 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-02-14 09:57 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-02-14 09:57 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-02-14 09:57 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-02-14 09:57 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-02-14 09:57 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-02-14 09:57 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-02-14 09:57 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-02-14 09:55 - 2012-03-01 06:53 - 00019312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-02-14 09:55 - 2012-03-01 06:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-14 09:55 - 2012-03-01 06:40 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-14 09:54 - 2014-02-14 09:54 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 09:54 - 2014-02-14 09:54 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 09:54 - 2014-02-14 09:54 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-14 09:54 - 2014-02-14 09:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-14 09:54 - 2014-02-14 09:54 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-14 09:54 - 2014-02-14 09:54 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 09:54 - 2014-02-14 09:54 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-14 09:54 - 2014-02-14 09:54 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-14 09:54 - 2014-02-14 09:54 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 09:54 - 2014-02-14 09:54 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-14 09:54 - 2014-02-14 09:54 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-14 09:54 - 2014-02-14 09:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-14 09:52 - 2014-02-14 09:55 - 00004884 _____ () C:\Windows\IE9_main.log
2014-02-14 09:51 - 2010-02-11 08:10 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-02-14 09:47 - 2010-03-04 05:04 - 00146304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-02-14 09:47 - 2010-03-04 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-02-14 09:46 - 2010-09-14 07:07 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2014-02-14 09:39 - 2013-04-12 14:58 - 01210728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-02-14 09:39 - 2012-11-22 10:33 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-02-14 09:39 - 2011-11-17 06:41 - 01288984 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-02-14 09:39 - 2011-04-29 03:57 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-02-14 09:39 - 2011-04-29 03:57 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-02-14 09:39 - 2011-04-29 03:57 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-02-14 09:39 - 2011-04-25 03:35 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-14 09:39 - 2010-06-29 06:02 - 01413632 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-02-14 09:38 - 2013-03-19 06:06 - 03958120 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-02-14 09:38 - 2013-03-19 06:06 - 03902312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-02-14 09:38 - 2013-03-19 05:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-02-14 09:38 - 2013-03-19 03:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-02-14 09:38 - 2013-03-01 04:11 - 02345984 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-14 09:38 - 2013-02-12 14:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-02-14 09:38 - 2013-01-24 05:51 - 00195816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-02-14 09:38 - 2012-11-09 05:49 - 00492032 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-02-14 09:38 - 2012-11-02 05:48 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-02-14 09:38 - 2012-08-24 18:10 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-02-14 09:38 - 2011-06-16 05:35 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-02-14 09:38 - 2011-03-03 06:29 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-02-14 09:38 - 2011-03-03 06:29 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-02-14 09:38 - 2011-03-03 06:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-02-14 09:38 - 2011-02-18 06:33 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-02-14 09:38 - 2010-08-21 06:32 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-02-14 09:37 - 2012-06-02 05:45 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-02-14 09:37 - 2012-06-02 05:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-02-14 09:37 - 2012-06-02 05:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-02-14 09:37 - 2012-04-28 04:19 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-02-14 09:37 - 2012-01-03 06:44 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-02-14 09:37 - 2011-08-17 05:26 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-02-14 09:37 - 2011-08-17 05:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2014-02-14 09:37 - 2011-08-17 05:22 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-02-14 09:37 - 2011-08-17 05:22 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2014-02-14 09:37 - 2011-08-17 05:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2014-02-14 09:37 - 2011-05-24 11:35 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-02-14 09:37 - 2010-11-02 05:41 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2014-02-14 09:37 - 2010-11-02 05:40 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2014-02-14 09:37 - 2010-11-02 05:40 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2014-02-14 09:37 - 2010-11-02 05:39 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-02-14 09:37 - 2010-11-02 05:34 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2014-02-14 09:37 - 2010-11-02 05:34 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2014-02-14 09:37 - 2010-08-26 05:39 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2014-02-14 09:37 - 2010-08-04 07:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll
2014-02-14 09:37 - 2010-07-29 07:30 - 00197632 _____ (Intel(R) Corporation) C:\Windows\system32\ir32_32.dll
2014-02-14 09:37 - 2010-07-29 07:30 - 00082944 _____ (Radius Inc.) C:\Windows\system32\iccvid.dll
2014-02-14 09:37 - 2010-06-19 07:23 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2014-02-14 09:37 - 2009-10-31 06:45 - 02614272 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-02-14 09:37 - 2009-10-28 07:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-02-14 09:37 - 2009-08-29 07:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2014-02-14 09:36 - 2013-02-12 16:13 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-14 09:36 - 2013-02-12 16:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-02-14 09:36 - 2013-02-12 14:59 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-14 09:36 - 2012-11-02 05:50 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-02-14 09:36 - 2012-06-06 06:09 - 01236992 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-14 09:36 - 2012-06-02 05:51 - 00134000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-02-14 09:36 - 2012-06-02 05:51 - 00067440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-02-14 09:36 - 2012-06-02 05:50 - 00369336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-02-14 09:36 - 2012-06-02 05:48 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-02-14 09:36 - 2011-08-27 05:43 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-02-14 09:36 - 2011-08-27 05:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-02-14 09:36 - 2011-07-09 03:26 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-02-14 09:36 - 2011-05-04 03:43 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-02-14 09:36 - 2011-05-04 03:43 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-02-14 09:36 - 2011-05-03 05:50 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-02-14 09:36 - 2011-04-27 03:33 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-02-14 09:36 - 2010-10-16 05:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2014-02-14 09:36 - 2010-03-05 08:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2014-02-14 09:36 - 2009-09-03 08:04 - 01320960 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2014-02-14 09:36 - 2009-08-19 08:20 - 00507568 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-02-14 09:36 - 2009-08-19 08:20 - 00442920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-02-14 09:35 - 2013-01-04 05:55 - 01287528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-14 09:35 - 2013-01-04 05:55 - 00187240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-02-14 09:35 - 2012-11-30 00:21 - 00420032 _____ () C:\Windows\system32\locale.nls
2014-02-14 09:35 - 2011-11-19 15:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-02-14 09:35 - 2011-05-04 05:53 - 01553920 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-02-14 09:35 - 2011-05-04 05:52 - 01401856 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-02-14 09:35 - 2011-05-04 05:52 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-02-14 09:35 - 2011-05-04 05:52 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-02-14 09:35 - 2011-05-04 05:52 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-02-14 09:35 - 2011-05-04 05:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-02-14 09:35 - 2011-05-04 05:52 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-02-14 09:35 - 2011-05-04 05:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-02-14 09:35 - 2011-05-04 05:52 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-02-14 09:35 - 2010-09-01 05:29 - 11406848 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-14 09:35 - 2010-09-01 05:23 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-14 09:35 - 2010-08-31 05:32 - 00954752 _____ (Microsoft Corporation) C:\Windows\system32\mfc40.dll
2014-02-14 09:35 - 2010-08-31 05:32 - 00954288 _____ (Microsoft Corporation) C:\Windows\system32\mfc40u.dll
2014-02-14 09:35 - 2010-08-21 06:33 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-02-14 09:34 - 2012-08-11 00:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-02-14 09:34 - 2012-07-04 22:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-02-14 09:34 - 2012-07-04 22:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-02-14 09:34 - 2012-07-04 22:23 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-02-14 09:34 - 2012-05-05 08:44 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-02-14 09:34 - 2011-10-26 05:28 - 01328640 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-02-14 09:34 - 2011-10-26 05:28 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-02-14 09:34 - 2011-10-15 06:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-02-14 09:34 - 2011-03-12 12:31 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-02-14 09:34 - 2011-02-24 06:32 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-02-14 09:34 - 2011-02-12 06:30 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-02-14 09:34 - 2010-12-23 06:28 - 00850432 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-02-14 09:34 - 2010-12-23 06:28 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-02-14 09:34 - 2010-12-23 06:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-02-14 09:34 - 2009-12-19 10:02 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll
2014-02-14 09:34 - 2009-12-19 10:02 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll
2014-02-14 09:34 - 2009-12-19 10:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2014-02-14 09:34 - 2009-12-19 10:02 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2014-02-14 09:34 - 2009-12-19 10:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2014-02-14 09:34 - 2009-12-19 10:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2014-02-14 09:34 - 2009-12-19 10:02 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2014-02-14 09:34 - 2009-12-08 12:32 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2014-02-14 09:34 - 2009-10-19 15:10 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-02-14 09:33 - 2012-12-07 06:04 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-02-14 09:33 - 2012-12-07 05:57 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-02-14 09:33 - 2012-12-07 04:21 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-02-14 09:33 - 2012-12-07 04:21 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-02-14 09:33 - 2012-12-07 04:21 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-02-14 09:33 - 2012-12-07 04:21 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-02-14 09:33 - 2012-12-07 04:21 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-02-14 09:33 - 2012-12-07 04:21 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-02-14 09:33 - 2012-12-07 04:21 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-02-14 09:33 - 2012-12-07 04:21 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-02-14 09:33 - 2012-12-07 04:21 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-02-14 09:33 - 2012-12-07 04:21 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-02-14 09:33 - 2012-12-07 04:21 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-02-14 09:33 - 2012-12-07 04:21 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-02-14 09:33 - 2012-12-07 04:21 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-02-14 09:33 - 2012-12-07 04:21 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-02-14 09:33 - 2012-11-20 06:10 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-02-14 09:33 - 2012-08-02 18:05 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-02-14 09:33 - 2012-05-02 05:52 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-02-14 09:33 - 2012-04-26 05:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-02-14 09:33 - 2012-04-26 05:48 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-02-14 09:33 - 2012-04-26 05:43 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-02-14 09:33 - 2012-04-07 12:34 - 02342400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-02-14 09:33 - 2012-03-17 08:20 - 00056688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-02-14 09:33 - 2011-12-16 08:59 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-02-14 09:33 - 2011-11-17 06:39 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-02-14 09:33 - 2011-11-17 06:39 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-02-14 09:33 - 2011-11-17 06:39 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-02-14 09:33 - 2011-11-17 06:39 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-02-14 09:33 - 2011-11-17 06:38 - 01037312 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-02-14 09:33 - 2011-11-17 06:36 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-02-14 09:33 - 2011-06-15 10:04 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll
2014-02-14 09:33 - 2011-06-15 10:04 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2014-02-14 09:33 - 2011-06-15 10:04 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-02-14 09:33 - 2011-06-15 10:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2014-02-14 09:33 - 2011-06-15 10:04 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2014-02-14 09:33 - 2010-12-18 06:26 - 01034240 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-14 09:32 - 2012-09-25 22:55 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-02-14 09:32 - 2012-09-06 17:48 - 00245616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-02-14 09:32 - 2012-06-09 05:46 - 12868608 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-14 09:32 - 2012-05-14 05:37 - 00768512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-02-14 09:32 - 2012-03-03 06:40 - 01170944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-14 09:32 - 2012-03-03 06:40 - 01074176 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-02-14 09:32 - 2012-03-03 06:40 - 00739840 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-14 09:32 - 2012-03-03 06:40 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-02-14 09:32 - 2012-03-03 06:40 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-02-14 09:32 - 2012-01-04 10:03 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-02-14 09:32 - 2011-03-11 06:40 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-02-14 09:32 - 2011-03-11 06:40 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-02-14 09:32 - 2011-02-23 06:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-02-14 09:32 - 2010-12-21 06:38 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2014-02-14 09:32 - 2010-12-21 06:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-02-14 09:32 - 2010-12-21 06:38 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
2014-02-14 09:32 - 2010-12-21 06:38 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2014-02-14 09:32 - 2010-12-21 06:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2014-02-14 09:32 - 2010-12-21 06:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2014-02-14 09:32 - 2010-12-21 06:34 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-02-14 09:32 - 2010-11-02 05:41 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-02-14 09:32 - 2010-10-16 05:41 - 00101760 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-02-14 09:32 - 2010-08-27 06:46 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-02-14 09:32 - 2010-08-21 06:36 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-02-14 09:32 - 2010-06-26 06:14 - 01495040 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2014-02-14 09:32 - 2010-05-23 11:15 - 01619456 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-02-14 09:32 - 2010-05-23 11:11 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-02-14 09:32 - 2010-05-23 11:11 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-02-14 09:32 - 2010-05-05 07:46 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2014-02-14 09:32 - 2010-01-19 00:29 - 00369152 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-14 09:32 - 2010-01-19 00:29 - 00365568 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-14 09:32 - 2010-01-19 00:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-14 09:32 - 2010-01-19 00:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-14 09:32 - 2010-01-19 00:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-14 09:32 - 2010-01-19 00:28 - 00320512 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-14 09:32 - 2010-01-19 00:28 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-14 09:32 - 2010-01-19 00:28 - 00277504 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-14 09:31 - 2013-01-04 05:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-02-14 09:31 - 2013-01-04 05:46 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-02-14 09:31 - 2013-01-04 05:46 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 03:59 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-02-14 09:31 - 2013-01-04 03:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 03:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 03:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-02-14 09:31 - 2013-01-04 03:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-02-14 09:31 - 2012-11-09 05:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-14 09:31 - 2011-04-22 20:36 - 00026496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-02-14 09:31 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-02-14 09:15 - 2011-02-03 06:45 - 00219008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-02-14 09:15 - 2010-11-02 05:46 - 00728448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-02-14 09:15 - 2010-11-02 05:23 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-02-13 16:33 - 2014-02-13 16:34 - 00000000 ____D () C:\Program Files\XMind
2014-02-13 16:25 - 2014-02-13 16:30 - 100610688 _____ (XMind Ltd. ) C:\Users\oh\Downloads\xmind-windows-3.4.1.201401221918.exe
2014-02-13 16:25 - 2014-02-13 16:25 - 00000000 __HDC () C:\ProgramData\{FABD1F31-EB27-47F1-AEF6-822DDBEB1A0F}
2014-02-13 16:25 - 2014-02-13 16:25 - 00000000 ____D () C:\Users\oh\AppData\Local\PackageAware
2014-02-13 16:25 - 2014-02-13 16:25 - 00000000 ____D () C:\Program Files\Axure
2014-02-13 16:18 - 2014-02-13 16:18 - 61846472 _____ (Axure Software Solutions, Inc. ) C:\Users\oh\Downloads\AxureRP-Pro-Setup.exe
2014-02-13 16:08 - 2014-02-14 11:04 - 00000000 ___RD () C:\Users\oh\Dropbox
2014-02-13 16:08 - 2014-02-13 16:08 - 00000998 _____ () C:\Users\oh\Desktop\Dropbox.lnk
2014-02-13 13:26 - 2014-02-13 13:26 - 00001138 _____ () C:\Users\Public\Desktop\Connectify Dispatch.lnk
2014-02-13 13:26 - 2014-02-13 13:26 - 00001122 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk
2014-02-13 13:25 - 2014-02-13 13:41 - 00000000 ____D () C:\Program Files\Connectify
2014-02-13 13:25 - 2014-02-13 13:25 - 00029672 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2014-02-13 13:24 - 2014-02-13 13:29 - 00000000 ____D () C:\ProgramData\Connectify
2014-02-13 12:53 - 2009-11-25 11:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-02-13 12:53 - 2009-11-25 11:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-02-13 12:53 - 2009-11-25 11:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-02-13 12:53 - 2009-11-25 11:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-02-13 12:53 - 2009-11-25 11:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-02-13 12:36 - 2014-02-13 12:45 - 00000000 ____D () C:\AdwCleaner
2014-02-13 12:35 - 2014-02-13 12:35 - 01166132 _____ () C:\Users\oh\Downloads\adwcleaner.exe
2014-02-13 12:27 - 2014-02-13 12:28 - 00014721 _____ () C:\Users\oh\Downloads\Addition.txt
2014-02-13 12:26 - 2014-02-17 14:21 - 00010615 _____ () C:\Users\oh\Downloads\FRST.txt
2014-02-13 12:26 - 2014-02-17 14:21 - 00000000 ____D () C:\FRST
2014-02-13 12:26 - 2014-02-13 12:26 - 01141248 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe
2014-02-13 09:20 - 2014-02-13 09:20 - 00000000 ____D () C:\Users\oh\AppData\Roaming\FLEXnet
2014-02-13 07:51 - 2014-02-13 12:53 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-02-13 07:49 - 2014-02-13 07:49 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-02-13 07:48 - 2014-02-13 07:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 07:48 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 __RHD () C:\MSOCache
2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 ____D () C:\Users\oh\AppData\Local\Microsoft Help
2014-02-13 07:42 - 2014-02-13 07:42 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Vodafone
2014-02-13 00:01 - 2014-02-13 00:01 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller.exe
2014-02-12 23:56 - 2014-02-13 16:10 - 00000000 ____D () C:\Users\oh\AppData\Roaming\DropboxMaster
2014-02-12 23:56 - 2014-02-12 23:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-12 23:54 - 2014-02-14 11:23 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Dropbox
2014-02-12 23:54 - 2014-02-12 23:54 - 37660568 _____ (Dropbox, Inc.) C:\Users\oh\Downloads\Dropbox 2.6.2.exe
2014-02-12 23:54 - 2014-02-12 23:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2014-02-12 23:54 - 2013-01-30 11:26 - 00076544 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2014-02-12 23:53 - 2014-02-13 07:44 - 00000000 ____D () C:\ProgramData\Vodafone
2014-02-12 23:53 - 2014-02-12 23:53 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-02-12 23:53 - 2014-02-12 23:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\Macrovision
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Vodafone
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-02-12 23:51 - 2014-02-12 23:51 - 93522288 _____ () C:\Users\oh\Downloads\vmc_10.3.401.43721_RC1_setup.exe
2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\ProgramData\eDocPrintPro
2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\GS
2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\Common Files\SipgateFaxdrucker
2014-02-12 23:50 - 2013-12-18 06:13 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-02-12 23:48 - 2014-02-12 23:48 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Malwarebytes
2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-12 23:48 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-12 23:47 - 2014-02-12 23:47 - 00614792 _____ (Chip Digital GmbH) C:\Users\oh\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-12 23:46 - 2014-02-17 11:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-12 23:46 - 2014-02-17 11:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Mozilla
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Local\Mozilla
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-12 23:44 - 2014-02-12 23:44 - 00002185 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-02-12 23:44 - 2014-02-12 23:44 - 00000000 ____D () C:\Users\oh\AppData\Roaming\AVAST Software
2014-02-12 23:43 - 2014-02-12 23:43 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-12 23:43 - 2014-02-12 23:43 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-12 23:43 - 2014-02-12 23:43 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-02-12 23:42 - 2014-02-12 23:42 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-12 23:41 - 2014-02-14 10:45 - 00086224 _____ () C:\Users\oh\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-12 23:41 - 2014-02-12 23:41 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-12 23:41 - 2012-02-15 06:44 - 00826368 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-02-12 23:41 - 2012-02-15 05:22 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-02-12 23:41 - 2010-01-09 07:52 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2014-02-12 23:37 - 2012-06-02 23:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-02-12 23:37 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-02-12 23:37 - 2012-06-02 23:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-02-12 23:37 - 2012-06-02 23:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-02-12 23:37 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-02-12 23:37 - 2012-06-02 23:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-02-12 23:37 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-02-12 23:37 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-02-12 23:37 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-02-12 23:35 - 2014-02-12 23:35 - 00000000 ____D () C:\Program Files\CONEXANT
2014-02-12 23:35 - 2012-11-18 21:40 - 00001096 ____N () C:\Windows\system32\Drivers\SamSfPa.dat
2014-02-12 23:35 - 2009-12-16 10:26 - 00168648 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\EED32A.dll
2014-02-12 23:35 - 2009-12-16 10:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\EEL32A.dll
2014-02-12 23:35 - 2009-12-16 10:26 - 00062664 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\EEG32A.dll
2014-02-12 23:31 - 2014-02-13 09:12 - 00006656 _____ () C:\Windows\system32\bcmwlrc.dll
2014-02-12 23:31 - 2014-02-12 23:31 - 03872056 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll
2014-02-12 23:31 - 2014-02-12 23:31 - 03764800 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL6.SYS
2014-02-12 23:31 - 2014-02-12 23:31 - 03560760 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll
2014-02-12 23:31 - 2014-02-12 23:31 - 00091448 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2014-02-12 23:31 - 2014-02-12 23:31 - 00000000 ____D () C:\Program Files\Broadcom
2014-02-12 23:29 - 2014-02-13 08:59 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Intel
2014-02-12 23:28 - 2014-02-13 08:59 - 00012768 _____ () C:\Windows\DPINST.LOG
2014-02-12 23:28 - 2014-02-12 23:28 - 00000000 ____D () C:\Program Files\Cisco
2014-02-12 23:25 - 2014-02-12 23:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-12 23:02 - 2014-02-13 09:01 - 00006226 _____ () C:\Windows\PFRO.log
2014-02-12 23:02 - 2014-02-12 23:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-12 23:00 - 2010-06-10 14:15 - 00600680 _____ (NVIDIA Corporation) C:\Windows\system32\nvuninst.exe
2014-02-12 22:59 - 2014-02-13 16:11 - 00000000 ____D () C:\Program Files\Acer
2014-02-12 22:59 - 2014-02-12 22:59 - 00000000 ____D () C:\ProgramData\OEM
2014-02-12 22:59 - 2010-04-07 10:05 - 00204800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2014-02-12 22:59 - 2010-03-25 03:08 - 00105984 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-02-12 22:59 - 2010-03-20 05:06 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2014-02-12 22:59 - 2010-03-20 04:56 - 00101504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2014-02-12 22:59 - 2010-03-17 07:33 - 00861696 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2014-02-12 22:59 - 2010-01-18 11:48 - 00027136 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2014-02-12 22:58 - 2014-02-12 22:59 - 00000000 ____D () C:\Program Files\HUAWEI Modem Driver
2014-02-12 22:57 - 2014-02-17 09:26 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 22:57 - 2014-02-13 08:59 - 00000000 ____D () C:\Program Files\Intel
2014-02-12 22:56 - 2014-02-12 22:59 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-12 22:56 - 2014-02-12 22:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\InstallShield
2014-02-12 22:54 - 2014-02-14 10:45 - 00001409 _____ () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-12 22:54 - 2014-02-14 10:44 - 00000000 ____D () C:\Users\oh
2014-02-12 22:54 - 2014-02-12 23:33 - 00000000 ____D () C:\Users\oh\AppData\Local\VirtualStore
2014-02-12 22:54 - 2014-02-12 22:54 - 00000020 ___SH () C:\Users\oh\ntuser.ini
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Startmenü
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Netzwerkumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Druckumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Local\Verlauf
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 __SHD () C:\Recovery
2014-02-12 22:54 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-12 22:54 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-12 22:50 - 2014-02-17 10:58 - 01773272 _____ () C:\Windows\WindowsUpdate.log
2014-02-12 22:47 - 2014-02-12 22:49 - 00001313 _____ () C:\Windows\TSSysprep.log
2014-02-12 22:44 - 2014-02-12 22:54 - 00000000 ____D () C:\Windows\Panther
2014-02-12 22:09 - 2012-11-18 21:56 - 00325672 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60x.sys
2014-02-12 22:08 - 2012-11-18 21:40 - 01737272 _____ (Conexant Systems Inc.) C:\Windows\system32\CX32HP25.dll
2014-02-12 22:08 - 2012-11-18 21:40 - 00520760 _____ (Conexant Systems Inc.) C:\Windows\system32\Drivers\CHDRT32.sys
2014-02-12 22:08 - 2012-11-18 21:40 - 00428088 _____ (Conexant Systems, Inc.) C:\Windows\system32\CDolbyExt32.dll
2014-02-12 22:08 - 2012-11-18 21:40 - 00308128 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-02-12 22:08 - 2012-11-18 21:40 - 00301624 _____ (Conexant Systems, Inc.) C:\Windows\system32\UCI32A55.dll
2014-02-12 22:08 - 2012-11-18 21:40 - 00076344 _____ (Conexant Systems, Inc.) C:\Windows\system32\FMPropPageExt.dll

==================== One Month Modified Files and Folders =======

2014-02-17 14:22 - 2014-02-13 12:26 - 00010615 _____ () C:\Users\oh\Downloads\FRST.txt
2014-02-17 14:21 - 2014-02-17 14:21 - 01166132 _____ () C:\Users\oh\Downloads\adwcleaner(1).exe
2014-02-17 14:21 - 2014-02-17 14:21 - 01037530 _____ (Thisisu) C:\Users\oh\Downloads\JRT.exe
2014-02-17 14:21 - 2014-02-13 12:26 - 00000000 ____D () C:\FRST
2014-02-17 14:20 - 2014-02-17 14:20 - 01141248 _____ (Farbar) C:\Users\oh\Downloads\FRST(1).exe
2014-02-17 14:00 - 2009-07-14 05:34 - 00012208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-17 14:00 - 2009-07-14 05:34 - 00012208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-17 11:05 - 2014-02-17 11:05 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-17 11:01 - 2014-02-12 23:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-17 11:01 - 2014-02-12 23:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-17 10:58 - 2014-02-12 22:50 - 01773272 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 09:36 - 2014-02-17 09:28 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Apple Computer
2014-02-17 09:36 - 2009-07-14 05:39 - 00028121 _____ () C:\Windows\setupact.log
2014-02-17 09:28 - 2014-02-17 09:28 - 00000000 ____D () C:\Users\oh\AppData\Local\Apple Computer
2014-02-17 09:28 - 2014-02-17 09:27 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-17 09:28 - 2014-02-17 09:27 - 00000000 ____D () C:\Program Files\iTunes
2014-02-17 09:27 - 2014-02-17 09:27 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-17 09:27 - 2014-02-17 09:27 - 00000000 ____D () C:\Program Files\iPod
2014-02-17 09:27 - 2014-02-17 09:22 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-17 09:26 - 2014-02-17 09:26 - 00000000 ____D () C:\Users\oh\AppData\Local\Apple
2014-02-17 09:26 - 2014-02-12 22:57 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 09:25 - 2014-02-17 09:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-02-17 09:25 - 2014-02-17 09:25 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-02-17 09:25 - 2014-02-17 09:22 - 00000000 ____D () C:\ProgramData\Apple
2014-02-17 09:23 - 2014-02-17 09:23 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-17 09:20 - 2014-02-17 09:19 - 137694544 _____ (Apple Inc.) C:\Users\oh\Downloads\iTunesSetup.exe
2014-02-17 09:14 - 2014-02-17 09:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-02-17 09:05 - 2014-02-17 08:06 - 00406917 _____ () C:\Users\oh\Desktop\LeadGen-Businessplan_20140217.xlsx
2014-02-17 08:06 - 2014-02-17 08:06 - 00000165 ____H () C:\Users\oh\Desktop\~$LeadGen-Businessplan_20140217.xlsx
2014-02-17 08:05 - 2014-02-14 18:57 - 00392663 _____ () C:\Users\oh\Desktop\LeadGen-Businessplan_20140214.xlsx
2014-02-14 18:56 - 2014-02-14 11:04 - 00394247 _____ () C:\Users\oh\Desktop\LeadGen-Businessplan_20140213.xlsx
2014-02-14 16:46 - 2014-02-14 16:46 - 00000000 ____D () C:\Users\oh\Downloads\Win7LogonBackgroundChanger
2014-02-14 15:53 - 2014-02-14 15:52 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 ____D () C:\Users\oh\AppData\Roaming\TuneUp Software
2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2014-02-14 15:52 - 2014-02-14 15:52 - 00000000 ____D () C:\Users\oh\AppData\Local\FilesFrog Update Checker
2014-02-14 15:52 - 2014-02-14 15:51 - 00002410 _____ () C:\Windows\system32\cplLogon.tsk
2014-02-14 15:51 - 2014-02-14 15:51 - 00001013 _____ () C:\Users\Public\Desktop\Logon Screen.lnk
2014-02-14 15:51 - 2014-02-14 15:51 - 00000000 ____D () C:\Users\oh\AppData\Roaming\OpenCandy
2014-02-14 15:50 - 2014-02-14 15:50 - 02218077 _____ (Daniel Rebelo ) C:\Users\oh\Downloads\Logon_Screen_2.56.exe
2014-02-14 11:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-14 11:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-14 11:23 - 2014-02-12 23:54 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Dropbox
2014-02-14 11:04 - 2014-02-13 16:08 - 00000000 ___RD () C:\Users\oh\Dropbox
2014-02-14 10:54 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 10:45 - 2014-02-12 23:41 - 00086224 _____ () C:\Users\oh\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-14 10:45 - 2014-02-12 22:54 - 00001409 _____ () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-14 10:44 - 2014-02-12 22:54 - 00000000 ____D () C:\Users\oh
2014-02-14 10:42 - 2009-07-14 05:33 - 00347408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-14 10:40 - 2009-07-14 09:56 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-14 10:40 - 2009-07-14 09:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-02-14 10:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-14 10:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-02-14 10:00 - 2014-02-14 09:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 09:55 - 2014-02-14 09:52 - 00004884 _____ () C:\Windows\IE9_main.log
2014-02-14 09:54 - 2014-02-14 09:54 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-14 09:54 - 2014-02-14 09:54 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 09:54 - 2014-02-14 09:54 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 09:54 - 2014-02-14 09:54 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-14 09:54 - 2014-02-14 09:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-14 09:54 - 2014-02-14 09:54 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-14 09:54 - 2014-02-14 09:54 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 09:54 - 2014-02-14 09:54 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-14 09:54 - 2014-02-14 09:54 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-14 09:54 - 2014-02-14 09:54 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 09:54 - 2014-02-14 09:54 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-14 09:54 - 2014-02-14 09:54 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-14 09:54 - 2014-02-14 09:54 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-14 09:54 - 2014-02-14 09:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-13 16:34 - 2014-02-13 16:33 - 00000000 ____D () C:\Program Files\XMind
2014-02-13 16:30 - 2014-02-13 16:25 - 100610688 _____ (XMind Ltd. ) C:\Users\oh\Downloads\xmind-windows-3.4.1.201401221918.exe
2014-02-13 16:25 - 2014-02-13 16:25 - 00000000 __HDC () C:\ProgramData\{FABD1F31-EB27-47F1-AEF6-822DDBEB1A0F}
2014-02-13 16:25 - 2014-02-13 16:25 - 00000000 ____D () C:\Users\oh\AppData\Local\PackageAware
2014-02-13 16:25 - 2014-02-13 16:25 - 00000000 ____D () C:\Program Files\Axure
2014-02-13 16:18 - 2014-02-13 16:18 - 61846472 _____ (Axure Software Solutions, Inc. ) C:\Users\oh\Downloads\AxureRP-Pro-Setup.exe
2014-02-13 16:11 - 2014-02-12 22:59 - 00000000 ____D () C:\Program Files\Acer
2014-02-13 16:10 - 2014-02-12 23:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\DropboxMaster
2014-02-13 16:08 - 2014-02-13 16:08 - 00000998 _____ () C:\Users\oh\Desktop\Dropbox.lnk
2014-02-13 13:41 - 2014-02-13 13:25 - 00000000 ____D () C:\Program Files\Connectify
2014-02-13 13:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-13 13:29 - 2014-02-13 13:24 - 00000000 ____D () C:\ProgramData\Connectify
2014-02-13 13:26 - 2014-02-13 13:26 - 00001138 _____ () C:\Users\Public\Desktop\Connectify Dispatch.lnk
2014-02-13 13:26 - 2014-02-13 13:26 - 00001122 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk
2014-02-13 13:25 - 2014-02-13 13:25 - 00029672 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2014-02-13 12:53 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-02-13 12:45 - 2014-02-13 12:36 - 00000000 ____D () C:\AdwCleaner
2014-02-13 12:35 - 2014-02-13 12:35 - 01166132 _____ () C:\Users\oh\Downloads\adwcleaner.exe
2014-02-13 12:28 - 2014-02-13 12:27 - 00014721 _____ () C:\Users\oh\Downloads\Addition.txt
2014-02-13 12:26 - 2014-02-13 12:26 - 01141248 _____ (Farbar) C:\Users\oh\Downloads\FRST.exe
2014-02-13 09:20 - 2014-02-13 09:20 - 00000000 ____D () C:\Users\oh\AppData\Roaming\FLEXnet
2014-02-13 09:12 - 2014-02-12 23:31 - 00006656 _____ () C:\Windows\system32\bcmwlrc.dll
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\th-TH
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\he-IL
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\et-EE
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\el-GR
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-02-13 09:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-02-13 09:06 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-13 09:01 - 2014-02-12 23:02 - 00006226 _____ () C:\Windows\PFRO.log
2014-02-13 08:59 - 2014-02-12 23:29 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Intel
2014-02-13 08:59 - 2014-02-12 23:28 - 00012768 _____ () C:\Windows\DPINST.LOG
2014-02-13 08:59 - 2014-02-12 22:57 - 00000000 ____D () C:\Program Files\Intel
2014-02-13 07:53 - 2014-02-13 07:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-13 07:51 - 2014-02-13 07:51 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-02-13 07:51 - 2014-02-13 07:48 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-13 07:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-13 07:49 - 2014-02-13 07:49 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-02-13 07:49 - 2009-07-14 09:56 - 00000000 ____D () C:\Windows\ShellNew
2014-02-13 07:49 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 __RHD () C:\MSOCache
2014-02-13 07:48 - 2014-02-13 07:48 - 00000000 ____D () C:\Users\oh\AppData\Local\Microsoft Help
2014-02-13 07:44 - 2014-02-12 23:53 - 00000000 ____D () C:\ProgramData\Vodafone
2014-02-13 07:42 - 2014-02-13 07:42 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Vodafone
2014-02-13 00:01 - 2014-02-13 00:01 - 07797992 _____ () C:\Users\oh\Downloads\ConnectifyInstaller.exe
2014-02-12 23:56 - 2014-02-12 23:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-12 23:54 - 2014-02-12 23:54 - 37660568 _____ (Dropbox, Inc.) C:\Users\oh\Downloads\Dropbox 2.6.2.exe
2014-02-12 23:54 - 2014-02-12 23:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2014-02-12 23:53 - 2014-02-12 23:53 - 00002166 _____ () C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
2014-02-12 23:53 - 2014-02-12 23:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Users\oh\AppData\Local\Downloaded Installations
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\Macrovision
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Vodafone
2014-02-12 23:52 - 2014-02-12 23:52 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-02-12 23:51 - 2014-02-12 23:51 - 93522288 _____ () C:\Users\oh\Downloads\vmc_10.3.401.43721_RC1_setup.exe
2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\ProgramData\eDocPrintPro
2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\GS
2014-02-12 23:50 - 2014-02-12 23:50 - 00000000 ____D () C:\Program Files\Common Files\SipgateFaxdrucker
2014-02-12 23:48 - 2014-02-12 23:48 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Malwarebytes
2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 23:48 - 2014-02-12 23:48 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-12 23:47 - 2014-02-12 23:47 - 00614792 _____ (Chip Digital GmbH) C:\Users\oh\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Roaming\Mozilla
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\Users\oh\AppData\Local\Mozilla
2014-02-12 23:46 - 2014-02-12 23:46 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-12 23:44 - 2014-02-12 23:44 - 00002185 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-02-12 23:44 - 2014-02-12 23:44 - 00000000 ____D () C:\Users\oh\AppData\Roaming\AVAST Software
2014-02-12 23:43 - 2014-02-12 23:43 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-12 23:43 - 2014-02-12 23:43 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-12 23:43 - 2014-02-12 23:43 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-12 23:43 - 2014-02-12 23:43 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-02-12 23:42 - 2014-02-12 23:42 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-12 23:41 - 2014-02-12 23:41 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-12 23:35 - 2014-02-12 23:35 - 00000000 ____D () C:\Program Files\CONEXANT
2014-02-12 23:33 - 2014-02-12 22:54 - 00000000 ____D () C:\Users\oh\AppData\Local\VirtualStore
2014-02-12 23:31 - 2014-02-12 23:31 - 03872056 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll
2014-02-12 23:31 - 2014-02-12 23:31 - 03764800 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL6.SYS
2014-02-12 23:31 - 2014-02-12 23:31 - 03560760 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll
2014-02-12 23:31 - 2014-02-12 23:31 - 00091448 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2014-02-12 23:31 - 2014-02-12 23:31 - 00000000 ____D () C:\Program Files\Broadcom
2014-02-12 23:28 - 2014-02-12 23:28 - 00000000 ____D () C:\Program Files\Cisco
2014-02-12 23:25 - 2014-02-12 23:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-12 23:02 - 2014-02-12 23:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-12 23:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help
2014-02-12 22:59 - 2014-02-12 22:59 - 00000000 ____D () C:\ProgramData\OEM
2014-02-12 22:59 - 2014-02-12 22:58 - 00000000 ____D () C:\Program Files\HUAWEI Modem Driver
2014-02-12 22:59 - 2014-02-12 22:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-12 22:56 - 2014-02-12 22:56 - 00000000 ____D () C:\Users\oh\AppData\Roaming\InstallShield
2014-02-12 22:56 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\restore
2014-02-12 22:54 - 2014-02-12 22:54 - 00000020 ___SH () C:\Users\oh\ntuser.ini
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Startmenü
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Netzwerkumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Druckumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\oh\AppData\Local\Verlauf
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\Programme
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-02-12 22:54 - 2014-02-12 22:54 - 00000000 __SHD () C:\Recovery
2014-02-12 22:54 - 2014-02-12 22:44 - 00000000 ____D () C:\Windows\Panther
2014-02-12 22:54 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-02-12 22:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2014-02-12 22:49 - 2014-02-12 22:47 - 00001313 _____ () C:\Windows\TSSysprep.log
2014-02-12 22:47 - 2009-07-14 09:56 - 00000000 ____D () C:\Windows\CSC
2014-02-12 22:47 - 2009-07-14 05:34 - 00001774 _____ () C:\Windows\DtcInstall.log
2014-02-12 22:44 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-02-12 22:44 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-02-04 19:09 - 2014-02-14 09:58 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\oh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpype9hd.dll
C:\Users\oh\AppData\Local\Temp\Installer.exe
C:\Users\oh\AppData\Local\Temp\ose00000.exe
C:\Users\oh\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\oh\AppData\Local\Temp\UpdateCheckerSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-13 11:43

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

und Additional.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-02-2014
Ran by oh at 2014-02-17 14:24:55
Running from C:\Users\oh\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Acer PowerSmart Manager (Version: 5.02.3006 - Acer Incorporated)
Apple Application Support (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
avast! Internet Security (Version: 9.0.2013 - Avast Software)
Axure RP Pro 7.0 (Version: 7.0.0.3146 - Axure Software Solutions, Inc.)
Axure RP Pro 7.0 (Version: 7.0.0.3146 - Axure Software Solutions, Inc.) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (Version: 5.100.249.2 - Broadcom Corporation)
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (Version: 4.121.0.50 - Conexant)
Connectify (Version: 7.2.1.29658 - Connectify)
Dropbox (HKCU Version: 2.6.2 - Dropbox, Inc.)
FilesFrog Update Checker (Version:  - ) <==== ATTENTION
HUAWEI DataCard Driver 4.05.02.00 (Version: 4.05.02.00 - Huawei technologies Co., Ltd.)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Logon Screen (Version:  - Daniel Rebelo)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Mozilla Firefox 22.0 (x86 de) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (Version: 22.0 - Mozilla)
NVIDIA Drivers (Version: 1.10 - NVIDIA Corporation)
sipgate Faxdrucker (Version: 1.0.0 - sipgate GmbH)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6 - Intel)
Vodafone Mobile Broadband (Version: 10.3.401.43721 - Vodafone)
XMind 2013 (v3.4.1) (Version: 3.4.1.201401221918 - XMind Ltd.)

==================== Restore Points  =========================

13-02-2014 15:11:37 Installiert Acer PowerSmart Manager
14-02-2014 08:44:36 Windows Update
14-02-2014 09:50:50 Windows Update
14-02-2014 14:54:08 TuneUp Utilities 2014 wird entfernt
14-02-2014 14:54:42 TuneUp Utilities 2014 (de-DE) wird entfernt
14-02-2014 15:47:09 Installed Windows 7 Logon Background Changer
17-02-2014 08:26:12 Installed iTunes

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00764BA5-B6F2-4ACB-8D3C-87029EA9A716} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\oh\AppData\Local\FilesFrog Update Checker\update_checker.exe [2013-10-17] (Somoto) <==== ATTENTION
Task: {232EC02A-8C28-4DAA-ACC1-57FF336078A5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A8F4DCF0-2159-43B5-8C60-A64185AA63BB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-12] (AVAST Software)

==================== Loaded Modules (whitelisted) =============

2014-02-12 23:43 - 2014-02-12 23:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2014-02-13 13:25 - 2013-12-23 19:59 - 00376608 _____ () C:\Program Files\Connectify\NativeLibrary.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-02-12 23:46 - 2013-06-18 15:21 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00237384 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: FingerPrinter Reader
Description: FingerPrinter Reader
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2014 04:48:33 PM) (Source: MsiInstaller) (User: xmp)
Description: Product: Windows 7 Logon Background Changer -- Error 1406. Could not write value  to key \Software\Classes\CLSID\{351344A7-DD78-4c98-816C-436D6FC3360A}\Shell\Open\Command.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (02/14/2014 11:24:38 AM) (Source: Application Hang) (User: )
Description: Programm Dropbox.exe, Version 2.6.2.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 388

Startzeit: 01cf296af8dbdbf0

Endzeit: 16

Anwendungspfad: C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe

Berichts-ID:

Error: (02/14/2014 10:22:05 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ePowerSvc.exe, Version: 5.2.3006.0, Zeitstempel: 0x4cf88cd5
Name des fehlerhaften Moduls: ePowerSvc.exe, Version: 5.2.3006.0, Zeitstempel: 0x4cf88cd5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000079a0
ID des fehlerhaften Prozesses: 0x1190
Startzeit der fehlerhaften Anwendung: 0xePowerSvc.exe0
Pfad der fehlerhaften Anwendung: ePowerSvc.exe1
Pfad des fehlerhaften Moduls: ePowerSvc.exe2
Berichtskennung: ePowerSvc.exe3

Error: (02/13/2014 04:11:37 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {52c7847a-c2af-45db-bef4-d9a7312b4724}

Error: (02/13/2014 04:11:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ePowerSvc.exe, Version: 5.0.3009.0, Zeitstempel: 0x4d241b0f
Name des fehlerhaften Moduls: ePowerSvc.exe, Version: 5.0.3009.0, Zeitstempel: 0x4d241b0f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000097fb
ID des fehlerhaften Prozesses: 0x7e4
Startzeit der fehlerhaften Anwendung: 0xePowerSvc.exe0
Pfad der fehlerhaften Anwendung: ePowerSvc.exe1
Pfad des fehlerhaften Moduls: ePowerSvc.exe2
Berichtskennung: ePowerSvc.exe3

Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7

Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7

Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7

Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7

Error: (02/13/2014 07:56:10 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7


System errors:
=============
Error: (02/17/2014 09:23:18 AM) (Source: ipnathlp) (User: )
Description: 192.168.243.1192.168.173.0255.255.255.0

Error: (02/14/2014 03:54:25 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (02/14/2014 03:52:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/14/2014 10:55:17 AM) (Source: ipnathlp) (User: )
Description: 192.168.243.1192.168.173.0255.255.255.0

Error: (02/14/2014 10:47:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 (KB2703157)

Error: (02/14/2014 10:47:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für Internet Explorer*8 für Windows*7 (KB2598845)

Error: (02/14/2014 10:44:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%16405

Error: (02/14/2014 10:43:41 AM) (Source: ipnathlp) (User: )
Description: 192.168.243.1192.168.173.0255.255.255.0

Error: (02/14/2014 10:37:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (02/14/2014 10:22:19 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Acer ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (02/14/2014 04:48:33 PM) (Source: MsiInstaller)(User: xmp)
Description: Product: Windows 7 Logon Background Changer -- Error 1406. Could not write value  to key \Software\Classes\CLSID\{351344A7-DD78-4c98-816C-436D6FC3360A}\Shell\Open\Command.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/14/2014 11:24:38 AM) (Source: Application Hang)(User: )
Description: Dropbox.exe2.6.2.038801cf296af8dbdbf016C:\Users\oh\AppData\Roaming\Dropbox\bin\Dropbox.exe

Error: (02/14/2014 10:22:05 AM) (Source: Application Error)(User: )
Description: ePowerSvc.exe5.2.3006.04cf88cd5ePowerSvc.exe5.2.3006.04cf88cd5c0000005000079a0119001cf28cdf27c3ce3C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exeC:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe77f10e45-9559-11e3-b843-60eb698d14b8

Error: (02/13/2014 04:11:37 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {52c7847a-c2af-45db-bef4-d9a7312b4724}

Error: (02/13/2014 04:11:23 PM) (Source: Application Error)(User: )
Description: ePowerSvc.exe5.0.3009.04d241b0fePowerSvc.exe5.0.3009.04d241b0fc0000005000097fb7e401cf28b72fccd2b9C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exeC:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe198e1689-94c1-11e3-b843-60eb698d14b8

Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE78b559c37-0117-413e-921b-b853aeb6e210

Error: (02/13/2014 09:03:44 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE700010001(0x00000000, 09:03:44:900 - hxxp://go.microsoft.com/fwlink/?LinkID=120748)
00020001(0x00000000, 09:03:44:900)
00030001(0x00000000, 09:03:44:900 - hxxp://go.microsoft.com)
00030002(0x00000000, 09:03:44:900 - 0)
00040001(0x00000000, 09:03:44:900 - hxxp://go.microsoft.com)
00040002(0x00000000, 09:03:44:916 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 09:03:44:932 - <NULL>)
00040006(0x00000000, 09:03:44:932 - 1, hxxp://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 09:03:44:932 - 0)
00020007(0x80072EE7, 09:03:44:932)
00010002(0x80072EE7, 09:03:44:932 - <NULL>)
00010003(0x80072EE7, 09:03:44:932)

Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE78b559c37-0117-413e-921b-b853aeb6e210

Error: (02/13/2014 08:14:23 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE700010001(0x00000000, 08:14:23:884 - hxxp://go.microsoft.com/fwlink/?LinkID=120748)
00020001(0x00000000, 08:14:23:884)
00030001(0x00000000, 08:14:23:899 - hxxp://go.microsoft.com)
00030002(0x00000000, 08:14:23:899 - 0)
00040001(0x00000000, 08:14:23:899 - hxxp://go.microsoft.com)
00040002(0x00000000, 08:14:23:915 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 08:14:23:930 - <NULL>)
00040006(0x00000000, 08:14:23:930 - 1, hxxp://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 08:14:23:930 - 0)
00020007(0x80072EE7, 08:14:23:930)
00010002(0x80072EE7, 08:14:23:930 - <NULL>)
00010003(0x80072EE7, 08:14:23:930)

Error: (02/13/2014 07:56:10 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0x80072EE78b559c37-0117-413e-921b-b853aeb6e210


==================== Memory info =========================== 

Percentage of memory in use: 62%
Total physical RAM: 2356.4 MB
Available physical RAM: 892.43 MB
Total Pagefile: 4711.08 MB
Available Pagefile: 2216.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:67.71 GB) NTFS
Drive d: () (Fixed) (Total:187.33 GB) (Free:9.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: AABD5AB5)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=187 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 18.02.2014, 10:52   #12
schrauber
/// the machine
/// TB-Ausbilder
 

PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden



Der MBAM Scan ist NACH Neuaufsetzen?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.02.2014, 12:30   #13
via75
 
PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden



ich hab zwischenzeitlich schon ein paar Programme wieder installiert und darunter auch eines mit dem man den Loginscreen anpassen kann. Dabei hat sich etwas mit installiert.
Dieses Programm habe ich soeben deinstalliert und führe nochmal einen Scan durch.

Zur Not setze ich das System halt nochmal auf. Bin ja gerade in Übung. Melde mich sobald der Scan durch ist.

Alt 19.02.2014, 11:18   #14
schrauber
/// the machine
/// TB-Ausbilder
 

PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.02.2014, 13:17   #15
via75
 
PUP.Optional.OpenCandy gefunden - Standard

PUP.Optional.OpenCandy gefunden



sodele, hier das neue Logfile. Wurde nicht besser.
Was kann ich jetzt tun, um die nervigen Trojanern los zuwerden?

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.12.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
oh :: XMP [Administrator]

Schutz: Aktiviert

18.02.2014 17:24:36
MBAM-log-2014-02-19 (14-10-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 525110
Laufzeit: 17 Stunde(n), 41 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=SomotoCH&co=DE&userid=9fb35aab-4cdf-c551-eb39-8b4e7fafd20c&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 3
C:\Users\oh\AppData\Local\Temp\smartbar (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Roaming\OpenCandy\1A5FD436EB8C4D21BAA393E16B9E4B9C (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

Infizierte Dateien: 5
C:\Users\oh\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Local\Temp\smartbar\Installer.msi (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Local\Temp\smartbar\GuidCreator.dll (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Local\Temp\smartbar\Installer.exe.config (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt.
C:\Users\oh\AppData\Roaming\OpenCandy\1A5FD436EB8C4D21BAA393E16B9E4B9C\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

(Ende)
         

Antwort

Themen zu PUP.Optional.OpenCandy gefunden
anbei, antivirenprogramm, avast, beste, besten, candy, einsatz, entferne, erkannt, file, folder, gefunde, log, nichts, programm, pup.optional.opencandy, schlägt, vorgehen



Ähnliche Themen: PUP.Optional.OpenCandy gefunden


  1. WIN7: Fund PUP.Optional.DigitalSites.A, PUP.Optional.OpenCandy, PUP.Optional.Softonic.A, PUP.Optional.Updater.A. Weitere Vorgehensweise
    Log-Analyse und Auswertung - 08.10.2014 (11)
  2. Windows XP: Malwarebytes hat PUP.Optional.OpenCandy gefunden
    Log-Analyse und Auswertung - 28.07.2014 (3)
  3. Windows 7 - WIN32.Application.lincury.B (EngineB) & PUP.Optional.OpenCandy gefunden
    Log-Analyse und Auswertung - 18.07.2014 (20)
  4. Security.Hijack, PUP.Optional.OpenCandy, PUP.Optional.Somoto, PUP.Optional.MoviesToolBar etc gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  5. WIN 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (10)
  6. PUP.Optional.OpenCandy mit Malwarebytes gefunden
    Log-Analyse und Auswertung - 09.12.2013 (9)
  7. WinXP: pup.optional.opencandy gefunden
    Log-Analyse und Auswertung - 16.10.2013 (9)
  8. PUP.Optional.OpenCandy gefunden und nun?
    Log-Analyse und Auswertung - 16.10.2013 (11)
  9. PUP.Optional.OpenCandy gefunden - weitere Aktion notwendig?
    Log-Analyse und Auswertung - 14.10.2013 (12)
  10. Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (13)
  11. 2x Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Mülltonne - 08.09.2013 (1)
  12. pup.optional.opencandy von Malwarebytes gefunden
    Log-Analyse und Auswertung - 28.08.2013 (4)
  13. pup.optional.opencandy von Malwarebytes gefunden
    Log-Analyse und Auswertung - 20.08.2013 (7)
  14. PUP.Optional.OpenCandy mit Malwarebytes auf Win7 (64bit) gefunden
    Log-Analyse und Auswertung - 19.08.2013 (8)
  15. PUP.optional.opencandy gefunden und Internet Verbindung blockiert
    Plagegeister aller Art und deren Bekämpfung - 17.08.2013 (15)
  16. Windows 7: PUP.Optional.OpenCandy von MBAM gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (9)
  17. Windows 7: PUP.Optional.OpenCandy mit Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.08.2013 (2)

Zum Thema PUP.Optional.OpenCandy gefunden - Hallo, malewarebytes hat PUP.Optional.OpenCandy gefunden (Kategorie Folder, File). Wie sollte ich am besten vorgehen? malewarebytes schlägt mir bspw. vor "entferne Auswahl". Anbei das log File. Als Antivirenprogramm habe ich avast - PUP.Optional.OpenCandy gefunden...
Archiv
Du betrachtest: PUP.Optional.OpenCandy gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.