Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Pricora + Trojan Virus endeckt

Pricora + Trojan Virus endeckt


Plagegeister aller Art und deren Bekämpfung: Pricora + Trojan Virus endeckt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 09.09.2013, 14:51   #1
Giacomo
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


Hallo, ich habe mal wieder ein Problem mit meinem Laptop. (Windows 7)
Da ein Freund von mir die meisten Probleme lösen kann- jetzt aber ohne Rat ist, hat er mich zum Trojaner-Board geschickt.
Ich bin mir allerdings selbst nicht so sicher wo das Problem liegt, bzw. welche Probleme mit all dem zusammen hängen.
Folgende Probleme treten auf:
Der Laptop ist mittlerweile langsamer auch generell beim öffnen oder Laden von Webseiten.
Er friert auch oft ein, und dort steht dann (Keine Rückmeldung).
Allerdings habe ich auch bei google.de zB. eine codierung dahinter, die sich immer ändert und zB. so aussieht: hxxp://s7.directupload.net/file/d/3375/eudhvmpq_jpg.htm

Das ist ja alles nicht weiterhin "schlimm". Doch ich habe dann mal Malwarebytes laufen lassen.
Und Malwarebytes hat 11 Probleme gefunden. Die sahen so aus: hxxp://s1.directupload.net/file/d/3375/wjmmlsck_jpg.htm

Daraufhin habe ich aber schon auf "entfernen" geklickt.
Beim Neustart und erneutem Malwarebytes-scan wurde nichts mehr gefunden.
Combofix habe ich danach auch laufen lassen. Was auch nichts beigetragen hat.

Der Höhepunkt kommt aber, als ich bei Mozilla Firefox bei Addons -> Plugins nachgeschaut habe, und ein unbekanntes "Pricora" gefunden habe. Daraufhin habe ich dies deaktiviert und entfernt.
Danach habe ich das Pricora Inc. Programm auch nochmal bei Systemsteuerung -> "Programme deinstallieren" gefunden, und dementsprechend deinstalliert.

Aber diese Schritte reichen doch nicht um einen solchen Virus zu entfernen oder?
Bei mir lässt sich nirgendswo mehr das Wort "Pricora" lesen. Aber ich denke nicht, dass es weg ist. Denn alle Symptome sind noch vorhanden. Und wie ich gelesen habe, kann es bei dem besagten Virus auch noch schlimmer werden als der Zustand in dem es jetzt ist.

Vielleicht hängt das auch alles gar nicht zusammen, aber ich bin völlig Ratlos.
Ich hoffe jemand hat schnell eine Antwort.

Gruß, Giacomo

Alt 09.09.2013, 15:24   #2
aharonov
/// TB-Ausbilder
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


Hallo Giacomo,

das Pricora-Zeugs scheint nur Crossrider (also Adware) zu sein.
Aber lass uns mal reinschauen:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 09.09.2013, 16:06   #3
Giacomo
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


ok, habe ich gemacht.
hier ist die FRST Datei:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013
Ran by Nicolai (administrator) on NICOLAI-PC on 09-09-2013 16:54:41
Running from C:\Users\Nicolai\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Max Secure Software) C:\Program Files (x86)\Max Spyware Detector\MaxMerger.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxActMon.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxDBServer.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxScanner.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [SDAutoScan] - 
HKLM\...\Run: [SDActiveMonitor] - C:\Program Files\Max Spyware Detector\MaxSDTray.exe [2213920 2012-07-18] (Max Secure Software)
HKLM\...\Run: [MaxUSBProc] - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [564256 2012-07-18] (Max Secure Software)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-22] (Apple Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
Startup: C:\Users\Nicolai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nicolai\AppData\Roaming\Mozilla\Firefox\Profiles\xqby0uva.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Nicolai\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Nicolai\AppData\Roaming\Mozilla\Firefox\Profiles\xqby0uva.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Nicolai\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 MaxMerger; C:\Program Files (x86)\Max Spyware Detector\MaxMerger.exe [1941536 2012-07-18] (Max Secure Software)
R2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [798240 2012-07-18] (Max Secure Software)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-21] (DT Soft Ltd)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [71712 2012-07-18] (Max Secure Software)
R0 MaxProc64; C:\Windows\System32\drivers\MaxProc64.sys [64544 2012-07-18] (Max Secure Software)
R0 MaxProtector64; C:\Windows\System32\drivers\MaxProtector64.sys [76832 2012-07-18] (Max Secure Software)
R0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [119328 2012-07-18] (Max Secure Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-09 16:53 - 2013-09-09 16:54 - 01948948 _____ (Farbar) C:\Users\Nicolai\Downloads\FRST64.exe
2013-09-09 16:29 - 2013-09-09 16:29 - 00000056 _____ C:\Windows\setupact.log
2013-09-09 16:29 - 2013-09-09 16:29 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 23:56 - 2013-09-08 23:56 - 00003148 _____ C:\Windows\System32\Tasks\{256D6E74-5E2F-4335-B18D-0BF999EC6EB7}
2013-09-08 23:38 - 2013-09-09 15:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-08 23:38 - 2013-09-08 23:38 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-08 23:38 - 2013-09-08 23:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-08 23:38 - 2013-09-08 23:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-08 23:06 - 2013-09-08 23:06 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-08 23:06 - 2013-09-08 23:06 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-08 23:06 - 2013-09-08 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-08 22:56 - 2013-09-08 22:56 - 00008035 _____ C:\Users\Nicolai\Desktop\bookmarks-2013-09-08.json
2013-09-08 21:45 - 2013-09-08 21:45 - 00020294 _____ C:\ComboFix.txt
2013-09-08 21:24 - 2013-09-08 21:45 - 00000000 ____D C:\ComboFix
2013-09-08 21:24 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-08 21:24 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-08 21:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-08 21:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-08 21:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-08 21:24 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-08 21:24 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-08 21:24 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-08 21:22 - 2013-09-09 16:33 - 00001832 _____ C:\Windows\Tasks\Pricora 6.1-firefoxinstaller.job
2013-09-08 21:22 - 2013-09-08 21:45 - 00000000 ____D C:\Qoobox
2013-09-08 21:22 - 2013-09-08 21:43 - 00000000 ____D C:\Windows\erdnt
2013-09-08 21:20 - 2013-09-08 21:21 - 05124111 ____R (Swearware) C:\Users\Nicolai\Desktop\ComboFix.exe
2013-09-08 21:19 - 2013-09-08 21:19 - 00392016 _____ (Softonic                                        ) C:\Users\Nicolai\Downloads\SoftonicDownloader_fuer_combofix.exe
2013-09-08 10:28 - 2013-09-08 10:28 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-08 10:28 - 2013-09-08 10:28 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-08 10:28 - 2013-09-08 10:28 - 00000000 ____D C:\Program Files\CCleaner
2013-09-08 10:23 - 2013-09-08 10:24 - 03415256 _____ (Piriform Ltd) C:\Users\Nicolai\Downloads\ccsetup405_slim_4.05.exe
2013-09-06 14:59 - 2013-09-06 14:59 - 96334488 _____ C:\Windows\SysWOW64\䱤鄔=
2013-09-04 17:25 - 2013-09-04 17:25 - 95863165 _____ C:\Windows\SysWOW64\崮큞‡
2013-09-02 21:47 - 2013-09-02 21:47 - 95286781 _____ C:\Windows\SysWOW64\ᷧ
2013-08-31 02:49 - 2013-08-31 02:49 - 00000040 _____ C:\Windows\system32\싰Ã
2013-08-27 23:38 - 2013-08-27 23:38 - 00000040 _____ C:\Windows\system32\싰Ñ
2013-08-27 17:34 - 2013-08-27 17:34 - 00000040 _____ C:\Windows\system32\싰»
2013-08-26 15:18 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-08-26 15:18 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-08-26 15:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-08-26 15:18 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-08-20 22:35 - 2013-08-20 23:01 - 00020740 _____ C:\Users\Nicolai\Documents\Uroiforstaderne.odt
2013-08-20 18:19 - 2013-08-20 18:19 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-20 18:18 - 2013-08-20 18:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 18:18 - 2013-08-20 18:19 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 18:18 - 2013-08-20 18:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-20 18:18 - 2013-08-20 18:18 - 00000000 ____D C:\Program Files\iPod
2013-08-18 16:11 - 2013-09-08 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 16:00 - 2013-07-25 05:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 16:00 - 2013-07-25 05:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 16:00 - 2013-07-25 05:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 16:00 - 2013-07-25 05:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 16:00 - 2013-07-25 05:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 16:00 - 2013-07-25 05:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 16:00 - 2013-07-25 05:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 16:00 - 2013-07-25 05:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 16:00 - 2013-07-25 05:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 16:00 - 2013-07-25 05:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 16:00 - 2013-07-25 05:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 16:00 - 2013-07-25 05:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 16:00 - 2013-07-25 05:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 16:00 - 2013-07-25 05:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 16:00 - 2013-07-25 05:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-15 16:00 - 2013-07-25 05:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 16:00 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 16:00 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 16:00 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 16:00 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 16:00 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 16:00 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-15 16:00 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-15 16:00 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 16:00 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 16:00 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 16:00 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 16:00 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-15 16:00 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-15 16:00 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 16:00 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 16:00 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-14 14:59 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 14:59 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 14:59 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 14:59 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 14:59 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 14:59 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 14:59 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 14:59 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 14:59 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 14:59 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 14:59 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 14:59 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 14:59 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 14:59 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 14:59 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 14:59 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 14:59 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 14:59 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 14:59 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 14:59 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 14:59 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 14:59 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 14:59 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 14:59 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 14:59 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 14:59 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 14:59 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-09 16:54 - 2013-09-09 16:54 - 00000000 ____D C:\FRST
2013-09-09 16:54 - 2013-09-09 16:53 - 01948948 _____ (Farbar) C:\Users\Nicolai\Downloads\FRST64.exe
2013-09-09 16:54 - 2012-10-16 04:50 - 01234060 __RSH C:\SdHeuristic.txt
2013-09-09 16:39 - 2012-08-20 21:35 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-09 16:37 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-09 16:37 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-09 16:34 - 2012-08-20 13:26 - 00000000 ____D C:\ProgramData\clear.fi
2013-09-09 16:33 - 2013-09-08 21:22 - 00001832 _____ C:\Windows\Tasks\Pricora 6.1-firefoxinstaller.job
2013-09-09 16:33 - 2012-08-20 21:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-09 16:33 - 2012-01-31 09:41 - 01107113 _____ C:\Windows\WindowsUpdate.log
2013-09-09 16:29 - 2013-09-09 16:29 - 00000056 _____ C:\Windows\setupact.log
2013-09-09 16:29 - 2013-09-09 16:29 - 00000000 _____ C:\Windows\setuperr.log
2013-09-09 16:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 16:15 - 2013-07-29 02:39 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-09 16:15 - 2012-08-21 22:05 - 00000000 ____D C:\Users\Nicolai\AppData\Roaming\DAEMON Tools Lite
2013-09-09 15:59 - 2013-09-08 23:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-09 15:19 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-09-09 15:15 - 2013-03-26 23:55 - 00000000 ____D C:\Windows\Minidump
2013-09-08 23:56 - 2013-09-08 23:56 - 00003148 _____ C:\Windows\System32\Tasks\{256D6E74-5E2F-4335-B18D-0BF999EC6EB7}
2013-09-08 23:41 - 2012-08-22 12:09 - 00000000 ____D C:\Users\Nicolai\AppData\Local\Adobe
2013-09-08 23:39 - 2012-12-29 00:34 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715122003-4205877537-1423981677-1000UA.job
2013-09-08 23:38 - 2013-09-08 23:38 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-08 23:38 - 2013-09-08 23:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-08 23:38 - 2013-09-08 23:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-08 23:06 - 2013-09-08 23:06 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-08 23:06 - 2013-09-08 23:06 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-08 23:06 - 2013-09-08 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-08 23:06 - 2013-08-18 16:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-08 23:06 - 2012-08-20 21:35 - 00000000 ____D C:\Users\Nicolai\AppData\Local\Google
2013-09-08 23:06 - 2012-08-20 21:35 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-08 22:56 - 2013-09-08 22:56 - 00008035 _____ C:\Users\Nicolai\Desktop\bookmarks-2013-09-08.json
2013-09-08 21:45 - 2013-09-08 21:45 - 00020294 _____ C:\ComboFix.txt
2013-09-08 21:45 - 2013-09-08 21:24 - 00000000 ____D C:\ComboFix
2013-09-08 21:45 - 2013-09-08 21:22 - 00000000 ____D C:\Qoobox
2013-09-08 21:45 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-08 21:43 - 2013-09-08 21:22 - 00000000 ____D C:\Windows\erdnt
2013-09-08 21:42 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-08 21:21 - 2013-09-08 21:20 - 05124111 ____R (Swearware) C:\Users\Nicolai\Desktop\ComboFix.exe
2013-09-08 21:19 - 2013-09-08 21:19 - 00392016 _____ (Softonic                                        ) C:\Users\Nicolai\Downloads\SoftonicDownloader_fuer_combofix.exe
2013-09-08 12:25 - 2013-05-20 07:15 - 00000000 ____D C:\Users\Nicolai\AppData\Roaming\Spotify
2013-09-08 10:28 - 2013-09-08 10:28 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-08 10:28 - 2013-09-08 10:28 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-08 10:28 - 2013-09-08 10:28 - 00000000 ____D C:\Program Files\CCleaner
2013-09-08 10:24 - 2013-09-08 10:23 - 03415256 _____ (Piriform Ltd) C:\Users\Nicolai\Downloads\ccsetup405_slim_4.05.exe
2013-09-06 16:45 - 2012-10-15 22:41 - 00000000 ____D C:\Program Files\Max Spyware Detector
2013-09-06 14:59 - 2013-09-06 14:59 - 96334488 _____ C:\Windows\SysWOW64\䱤鄔=
2013-09-04 17:39 - 2012-12-29 00:34 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715122003-4205877537-1423981677-1000Core.job
2013-09-04 17:25 - 2013-09-04 17:25 - 95863165 _____ C:\Windows\SysWOW64\崮큞‡
2013-09-03 18:22 - 2013-05-20 07:16 - 00000000 ____D C:\Users\Nicolai\AppData\Local\Spotify
2013-09-02 21:47 - 2013-09-02 21:47 - 95286781 _____ C:\Windows\SysWOW64\ᷧ
2013-09-02 14:50 - 2013-08-05 21:33 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-02 14:50 - 2013-08-05 21:31 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-02 14:50 - 2013-08-05 21:31 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-01 18:38 - 2012-08-20 13:04 - 00000000 ____D C:\Users\Nicolai
2013-08-31 02:49 - 2013-08-31 02:49 - 00000040 _____ C:\Windows\system32\싰Ã
2013-08-29 19:22 - 2012-08-21 21:46 - 00000000 ____D C:\Users\Nicolai\AppData\Roaming\vlc
2013-08-27 23:38 - 2013-08-27 23:38 - 00000040 _____ C:\Windows\system32\싰Ñ
2013-08-27 17:34 - 2013-08-27 17:34 - 00000040 _____ C:\Windows\system32\싰»
2013-08-26 20:31 - 2013-07-17 04:10 - 00000000 ____D C:\Users\Nicolai\Documents\My Games
2013-08-26 15:22 - 2012-01-31 18:32 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-26 15:22 - 2012-01-31 18:32 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-26 15:22 - 2009-07-14 07:13 - 01520734 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-24 23:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-20 23:01 - 2013-08-20 22:35 - 00020740 _____ C:\Users\Nicolai\Documents\Uroiforstaderne.odt
2013-08-20 18:19 - 2013-08-20 18:19 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-20 18:19 - 2013-08-20 18:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 18:19 - 2013-08-20 18:18 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 18:19 - 2013-08-20 18:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-20 18:18 - 2013-08-20 18:18 - 00000000 ____D C:\Program Files\iPod
2013-08-15 16:07 - 2013-07-17 16:12 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:03 - 2012-10-15 05:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-08 22:03

==================== End Of Log ============================
--- --- ---


und hier die Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013
Ran by Nicolai at 2013-09-09 16:56:17
Running from C:\Users\Nicolai\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Acer Backup Manager (x32 Version: 3.0.0.99)
Acer Crystal Eye Webcam (x32 Version: 1.5.3018.00)
Acer ePower Management (x32 Version: 6.00.3008)
Acer eRecovery Management (x32 Version: 5.00.3504)
Acer Games (x32 Version: 1.0.2.5)
Acer Registration (x32 Version: 1.04.3504)
Acer ScreenSaver (x32 Version: 1.1.0913.2011)
Acer Updater (x32 Version: 1.02.3502)
Adobe AIR (x32 Version: 2.7.1.19610)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
AMD APP SDK Runtime (Version: 2.5.775.2)
AMD Catalyst Install Manager (Version: 3.0.847.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ASIO4ALL (x32 Version: 2.10)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Backup Manager V3 (x32 Version: 3.0.0.99)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bing Bar (x32 Version: 7.0.765.0)
Bonjour (Version: 3.0.0.10)
Borderlands 2 (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.1013.754.12275)
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.754.12275)
Catalyst Control Center Localization All (x32 Version: 2011.1013.754.12275)
Catalyst Control Center Profiles Mobile (x32 Version: 2011.1013.754.12275)
CCC Help Chinese Standard (x32 Version: 2011.1013.0753.12275)
CCC Help Chinese Traditional (x32 Version: 2011.1013.0753.12275)
CCC Help Czech (x32 Version: 2011.1013.0753.12275)
CCC Help Danish (x32 Version: 2011.1013.0753.12275)
CCC Help Dutch (x32 Version: 2011.1013.0753.12275)
CCC Help English (x32 Version: 2011.1013.0753.12275)
CCC Help Finnish (x32 Version: 2011.1013.0753.12275)
CCC Help French (x32 Version: 2011.1013.0753.12275)
CCC Help German (x32 Version: 2011.1013.0753.12275)
CCC Help Greek (x32 Version: 2011.1013.0753.12275)
CCC Help Hungarian (x32 Version: 2011.1013.0753.12275)
CCC Help Italian (x32 Version: 2011.1013.0753.12275)
CCC Help Japanese (x32 Version: 2011.1013.0753.12275)
CCC Help Korean (x32 Version: 2011.1013.0753.12275)
CCC Help Norwegian (x32 Version: 2011.1013.0753.12275)
CCC Help Polish (x32 Version: 2011.1013.0753.12275)
CCC Help Portuguese (x32 Version: 2011.1013.0753.12275)
CCC Help Russian (x32 Version: 2011.1013.0753.12275)
CCC Help Spanish (x32 Version: 2011.1013.0753.12275)
CCC Help Swedish (x32 Version: 2011.1013.0753.12275)
CCC Help Thai (x32 Version: 2011.1013.0753.12275)
CCC Help Turkish (x32 Version: 2011.1013.0753.12275)
ccc-utility64 (Version: 2011.1013.754.12275)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
clear.fi (x32 Version: 1.0.1517_36458)
clear.fi (x32 Version: 1.0.2024.00)
clear.fi (x32 Version: 9.0.8026)
clear.fi Client (x32 Version: 1.00.3500)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.45.4.0314)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7)
eaner (Version: 4.05)
eBay Worldwide (x32 Version: 2.2.0409)
ETDWare PS/2-X64 8.0.6.0_WHQL (Version: 8.0.6.0)
Evernote v. 4.5.1 (x32 Version: 4.5.1.5451)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
FATE (x32 Version: 2.2.0.97)
Final Drive: Nitro (x32 Version: 2.2.0.95)
FL Studio 10 (x32)
Fooz Kids (x32 Version: 3.0.8)
Fooz Kids Platform (x32 Version: 2.1)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (x32 Version: 29.0.1547.66)
Google Update Helper (x32 Version: 1.3.21.153)
Grand Theft Auto IV (x32 Version: 1.00.0000)
Identity Card (x32 Version: 1.00.3501)
IL Download Manager (x32)
Insaniquarium Deluxe (x32 Version: 2.2.0.97)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
iTunes (Version: 11.0.5.5)
Jewel Match 3 (x32 Version: 2.2.0.97)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Launch Manager (x32 Version: 5.1.7)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
ManiaPlanet (x32)
Max Spyware Detector (Version: 19.0.2.043)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 2.0.672.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML4 Parser (x32 Version: 1.0.0)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98)
MyWinLocker (Version: 4.0.14.27)
MyWinLocker 4 (x32 Version: 4.0.14.27)
MyWinLocker Suite (x32 Version: 4.0.14.19)
newsXpresso (x32 Version: 1.0.0.40)
Norton Online Backup (x32 Version: 2.1.17869)
NTI Media Maker 9 (x32 Version: 9.0.2.9002)
ooVoo (x32 Version: 3.5.7047)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Penguins! (x32 Version: 2.2.0.95)
PhotoScape (x32)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Polar Bowler (x32 Version: 2.2.0.97)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
PX Profile Update (x32 Version: 1.00.1.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30123)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Rockstar Games Social Club (x32 Version: 1.00.0000)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Skype™ 6.3 (x32 Version: 6.3.107)
Slingo Deluxe (x32 Version: 2.2.0.95)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Steam (x32 Version: 1.0.0.0)
TmNationsForever (x32)
Torchlight (x32 Version: 2.2.0.97)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97)
VLC media player 2.0.2 (Version: 2.0.2)
Wedding Dash (x32 Version: 2.2.0.95)
Welcome Center (x32 Version: 1.02.3504)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
YouTube Downloader 2.5.7 (x32)
Zuma Deluxe (x32 Version: 2.2.0.95)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
بريد Windows Live (x32 Version: 15.4.3502.0922)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

26-08-2013 13:14:38 Microsoft Visual C++ 2005 Redistributable wird installiert
26-08-2013 13:17:00 Microsoft Visual C++ 2005 Redistributable wird installiert
26-08-2013 13:18:07 DirectX wurde installiert
26-08-2013 13:19:06 Windows Update
30-08-2013 12:13:51 Windows Update
03-09-2013 16:29:04 Windows Update
08-09-2013 19:25:07 ComboFix created restore point
08-09-2013 20:58:08 Removed Java 7 Update 25
08-09-2013 20:58:57 JavaFX 2.1.1 wird entfernt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {09CF9D42-48BA-4019-9204-E127AB032927} - System32\Tasks\{0EFAB9E3-8E64-4564-968D-193A40C3499F} => C:\Program Files\aom titans\aomx_nocd.exe [2003-11-26] ()
Task: {0BB55024-F831-4DCD-8AA4-DA0837A359C4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1715122003-4205877537-1423981677-1000Core => C:\Users\Nicolai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-29] (Facebook Inc.)
Task: {0D5E2AB3-782E-4B8E-9369-B30A5DD495F4} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {1A1C049C-A1C8-47BE-B8DD-CAC2B9852A0A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {1B177B28-9099-443F-B098-768C182FF11A} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {27F4A32F-4F08-4DD3-9A99-C2B4DCBFAAE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20] (Google Inc.)
Task: {320EE91B-468C-4874-8A97-9EF108AFF17A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {325AC5E2-86BA-4B0E-88D1-D444B7F9B6AD} - System32\Tasks\{438CC97D-7BDE-4A70-A933-3E007B3BEA58} => C:\Program Files\aom titans\aomx_nocd.exe [2003-11-26] ()
Task: {43046A4E-AB63-4B80-ACD3-CB8358BE60A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-08] (Adobe Systems Incorporated)
Task: {4C752F65-ACC6-4104-83E3-6F7DC53588F6} - System32\Tasks\{1CDCAFE4-1A10-4385-979A-D6DF3B14DCAE} => C:\Program Files\aom titans\aomx_nocd.exe [2003-11-26] ()
Task: {58DF5254-00C0-4D6A-BB8F-A62C49DA7FB4} - System32\Tasks\{C7B98A00-33D7-4939-877D-328B690F4CB8} => C:\Program Files\aom titans\aomx_nocd.exe [2003-11-26] ()
Task: {61EA98C9-802D-4301-86AA-383EC467DB44} - System32\Tasks\{47D1DC80-E238-49B2-819F-2CCDF09501BE} => C:\Program Files\aom titans\aomx_nocd.exe [2003-11-26] ()
Task: {6A5B05A0-F828-42E9-AADF-5848073159AE} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {6AE8A2E2-3147-4970-8D06-D562FF5F7E2E} - System32\Tasks\{9D983446-85F5-4CC5-BB24-CC6E1BF76A2E} => C:\Program Files\aom titans\aomx_nocd.exe [2003-11-26] ()
Task: {820E1DC3-0829-44C7-9F42-67B8AA705F06} - System32\Tasks\{3C96B392-6874-488B-81AA-C7EFFEF7D024} => C:\Program Files\aom titans\aomx_nocd.exe [2003-11-26] ()
Task: {86724022-D7DB-452B-9200-41447FE4581A} - System32\Tasks\{6232A3EE-AE27-4F4D-BC8E-015F0E126290} => C:\Program Files\aom titans\aomx_nocd.exe [2003-11-26] ()
Task: {A5B18C35-1A0A-4544-AD12-491C98414EA9} - System32\Tasks\Pricora 6.1-firefoxinstaller => C:\Program Files (x86)\Pricora 6.1\Pricora 6.1-firefoxinstaller.exe
Task: {CE6C5B87-9E86-4417-934A-982F75BD4414} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1715122003-4205877537-1423981677-1000UA => C:\Users\Nicolai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-29] (Facebook Inc.)
Task: {D77DD35C-A0E4-4404-824A-E9AFF38774BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20] (Google Inc.)
Task: {DF4E905B-AAF8-4468-A829-AA166AA834CB} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {EFEAEB44-C03F-4B7F-97F9-D552FC1CA4A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715122003-4205877537-1423981677-1000Core.job => C:\Users\Nicolai\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715122003-4205877537-1423981677-1000UA.job => C:\Users\Nicolai\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Pricora 6.1-firefoxinstaller.job => C:\Program Files (x86)\Pricora 6.1\Pricora 6.1-firefoxinstaller.exe

==================== Loaded Modules (whitelisted) =============

2012-01-31 10:14 - 2011-08-02 13:00 - 00272488 _____ (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\SysHook.dll
2009-01-21 17:45 - 2009-01-21 17:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2012-08-27 00:25 - 2012-06-09 19:20 - 00196096 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2012-10-15 22:41 - 2012-07-18 21:24 - 00281632 _____ () C:\Program Files\Max Spyware Detector\MaxSDShellExt.dll
2011-10-20 11:00 - 2011-08-09 01:54 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2011-10-20 11:00 - 2011-08-09 01:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-20 11:01 - 2010-11-12 08:23 - 00351016 _____ (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDFavorite.dll
2011-10-20 11:01 - 2010-11-12 08:23 - 00335144 _____ (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDApix.dll
2011-10-20 11:01 - 2010-11-12 08:23 - 00369960 _____ (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCmds.dll
2012-01-31 09:54 - 2011-05-02 08:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2012-01-31 09:54 - 2010-11-03 12:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2012-01-31 09:54 - 2011-08-16 08:43 - 03200104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2012-01-31 10:14 - 2011-08-02 13:00 - 00219240 _____ (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\BrightnessControl.dll
2012-01-31 10:14 - 2011-08-02 13:00 - 00217704 _____ (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\PowerSettingControl.dll
2012-01-31 10:14 - 2011-08-02 13:00 - 00217192 _____ (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\CommonControl.dll
2012-10-15 22:41 - 2012-07-18 21:21 - 04938784 _____ (Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDResourceDll.dll
2011-06-01 11:31 - 2011-06-01 11:31 - 01070936 _____ (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4c.dll
2011-06-01 11:32 - 2011-06-01 11:32 - 00034136 _____ (Dolby Laboratories Inc.) C:\Dolby PCEE4\Dolby.Interop.dll
2011-06-01 11:31 - 2011-06-01 11:31 - 00030040 _____ (Dolby Laboratories Inc.) C:\Dolby PCEE4\de\pcee4c.resources.dll
2011-10-20 11:01 - 2011-07-01 04:51 - 00818768 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDUtl.dll
2011-10-13 08:49 - 2011-10-13 08:49 - 00294912 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2011-10-13 08:49 - 2011-10-13 08:49 - 00180224 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2009-01-20 14:51 - 2009-01-20 14:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2011-10-13 08:53 - 2011-10-13 08:53 - 00027648 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2011-10-13 08:52 - 2011-10-13 08:52 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 15:21 - 2011-03-14 15:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-11-17 03:52 - 2010-11-17 03:52 - 00096904 _____ (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
2011-10-20 11:01 - 2009-07-20 09:12 - 00137736 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\ComFnUtl.dll
2011-10-20 11:01 - 2009-07-14 08:53 - 00128008 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\CDRomUtl.dll
2011-10-20 11:01 - 2009-07-27 06:42 - 00062472 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MixerUtl.dll
2011-10-20 11:01 - 2009-07-27 06:47 - 00068104 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\Wnd2File.dll
2011-10-20 11:01 - 2009-07-27 12:43 - 00068104 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\PowerUtl.dll
2011-10-20 11:01 - 2009-12-30 11:13 - 00326736 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\OSDUtl2.dll
2011-10-20 11:01 - 2009-07-27 06:38 - 00088584 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\SzUPFUtl.dll
2011-10-20 11:01 - 2011-06-30 09:01 - 00431696 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\RadioWndUtl.dll
2011-10-20 11:01 - 2011-07-01 04:51 - 00393808 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\aipflib.dll
2011-10-20 11:01 - 2010-11-03 11:00 - 00092240 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LmSmbKel.dll
2011-10-20 11:01 - 2009-07-03 10:29 - 00147464 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\VistaVol.DLL
2013-08-05 21:31 - 2013-09-02 14:47 - 00055352 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cfglib.dll
2013-08-05 21:31 - 2013-09-02 14:49 - 00349752 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccguard.dll
2013-08-05 21:31 - 2013-09-02 14:49 - 00029240 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll
2013-08-05 21:31 - 2013-09-02 14:49 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdw.dll
2013-08-05 21:31 - 2013-09-02 14:49 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpipc.dll
2013-08-05 21:31 - 2013-09-02 14:49 - 00419384 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccwgrd.dll
2013-08-05 21:31 - 2013-09-02 14:49 - 00807992 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgen.dll
2013-08-05 21:31 - 2013-09-02 14:49 - 00049720 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgenrc.dll
2013-08-05 21:31 - 2013-09-02 14:49 - 00220216 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdate.dll
2013-08-05 21:31 - 2013-09-02 14:49 - 00028728 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdrc.dll
2013-08-05 21:31 - 2013-09-02 14:49 - 00083000 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclic.dll
2013-08-05 21:31 - 2013-09-02 14:49 - 00009784 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclicrc.dll
2013-08-05 21:31 - 2013-09-02 14:49 - 00237624 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsg.dll
2013-08-05 21:31 - 2013-09-02 14:49 - 00010296 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll
2013-08-05 21:31 - 2013-09-02 14:49 - 00014392 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmainrc.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01292136 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00923496 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 16303976 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2011-10-20 11:01 - 2011-03-14 13:44 - 00075856 _____ (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\NTKCUtl.dll
2011-08-24 19:03 - 2011-08-24 19:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2013-09-08 23:06 - 2013-09-02 22:35 - 09962960 _____ (The ICU Project) C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\icudt.dll
2013-09-08 23:06 - 2013-09-02 22:35 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-08 23:06 - 2013-09-02 22:35 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-08 23:06 - 2013-09-02 22:35 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-08 23:06 - 2013-09-02 22:35 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-08 23:06 - 2013-09-02 22:35 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
2013-09-08 23:06 - 2013-09-02 22:35 - 13599184 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2013 04:31:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 02:56:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 00:37:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2013 11:27:21 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 23.0.1.4974 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1448

Startzeit: 01ceacda0c1b1fc7

Endzeit: 12

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 6fe2f6dc-18cd-11e3-8841-dc0ea11dd7a0

Error: (09/08/2013 11:26:05 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 23.0.1.4974 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b48

Startzeit: 01ceacd8deb1968e

Endzeit: 51661

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 14e01f54-18cd-11e3-8841-dc0ea11dd7a0

Error: (09/08/2013 11:15:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2013 09:19:41 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/08/2013 09:19:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/08/2013 09:19:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/08/2013 09:17:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/08/2013 10:44:04 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/08/2013 09:42:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/08/2013 09:33:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/08/2013 09:13:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/08/2013 09:13:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/08/2013 09:13:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/08/2013 09:13:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/08/2013 09:13:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/08/2013 09:13:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/08/2013 09:13:08 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (09/09/2013 04:31:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 02:56:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 00:37:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2013 11:27:21 PM) (Source: Application Hang)(User: )
Description: firefox.exe23.0.1.4974144801ceacda0c1b1fc712C:\Program Files (x86)\Mozilla Firefox\firefox.exe6fe2f6dc-18cd-11e3-8841-dc0ea11dd7a0

Error: (09/08/2013 11:26:05 PM) (Source: Application Hang)(User: )
Description: firefox.exe23.0.1.4974b4801ceacd8deb1968e51661C:\Program Files (x86)\Mozilla Firefox\firefox.exe14e01f54-18cd-11e3-8841-dc0ea11dd7a0

Error: (09/08/2013 11:15:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/08/2013 09:19:41 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nicolai\Downloads\SoftonicDownloader_fuer_combofix.exe

Error: (09/08/2013 09:19:33 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nicolai\Downloads\SoftonicDownloader_fuer_combofix.exe

Error: (09/08/2013 09:19:24 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nicolai\Downloads\SoftonicDownloader_fuer_combofix.exe

Error: (09/08/2013 09:17:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 54%
Total physical RAM: 3947.86 MB
Available physical RAM: 1776.63 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 5215.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:281.99 GB) (Free:59.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 9E89B2D6)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=282 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Vielen Dank schonmal!
__________________
Alt 09.09.2013, 16:11   #4
aharonov
/// TB-Ausbilder
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


Poste bitte noch das Combofix-Log, welches unter C:\ComboFix.txt liegt.
(Combofix ist im Übrigen nicht ein Tool, welches man einfach so mal auf eigene Faust starten sollte!)
__________________
cheers,
Leo

Alt 09.09.2013, 16:15   #5
Giacomo
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


Combofix:
Code:
ATTFilter
ComboFix 13-09-08.02 - Nicolai 08.09.2013  21:27:36.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3948.2302 [GMT 2:00]
ausgeführt von:: c:\users\Nicolai\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-08 bis 2013-09-08  ))))))))))))))))))))))))))))))
.
.
2013-09-08 19:41 . 2013-09-08 19:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-08 19:22 . 2013-09-08 19:22	--------	d-----w-	c:\program files (x86)\Pricora 6.1
2013-09-08 08:28 . 2013-09-08 08:28	--------	d-----w-	c:\program files\CCleaner
2013-09-06 13:04 . 2013-08-06 08:58	9515512	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5B3D343-3C2A-49A4-AA4F-8B38A5335EBF}\mpengine.dll
2013-08-26 13:21 . 2013-08-26 13:21	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2013-08-26 13:18 . 2010-06-02 02:55	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_5.dll
2013-08-26 13:18 . 2010-06-02 02:55	527192	----a-w-	c:\windows\SysWow64\XAudio2_7.dll
2013-08-26 13:18 . 2010-05-26 09:41	248672	----a-w-	c:\windows\SysWow64\d3dx11_43.dll
2013-08-26 13:18 . 2010-02-04 08:01	22360	----a-w-	c:\windows\SysWow64\X3DAudio1_7.dll
2013-08-20 16:18 . 2013-08-20 16:19	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 16:18 . 2013-08-20 16:19	--------	d-----w-	c:\program files\iTunes
2013-08-20 16:18 . 2013-08-20 16:19	--------	d-----w-	c:\program files (x86)\iTunes
2013-08-20 16:18 . 2013-08-20 16:18	--------	d-----w-	c:\program files\iPod
2013-08-14 12:59 . 2013-07-09 05:52	224256	----a-w-	c:\windows\system32\wintrust.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-02 12:50 . 2013-08-05 19:33	81112	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-09-02 12:50 . 2013-08-05 19:31	132088	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-09-02 12:50 . 2013-08-05 19:31	105344	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-08-21 16:17 . 2012-08-20 11:50	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 16:17 . 2011-10-20 09:22	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-15 14:03 . 2012-10-15 03:43	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-08-05 15:06 . 2011-03-29 01:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-08-05 12:33 . 2013-08-05 19:31	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-07-09 04:45 . 2013-08-14 12:59	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-06-28 15:26 . 2013-06-28 15:26	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-28 15:26 . 2012-08-20 23:36	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-28 15:26 . 2012-08-20 23:36	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-01 14:42	1527432	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-01 1527432]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-13 343168]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-01 1719944]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-02 347192]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Nicolai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 MaxMgr;MaxMgr;c:\windows\System32\drivers\MaxMgr.sys;c:\windows\SYSNATIVE\drivers\MaxMgr.sys [x]
S0 MaxProc64;MaxProc64;c:\windows\System32\drivers\MaxProc64.sys;c:\windows\SYSNATIVE\drivers\MaxProc64.sys [x]
S0 MaxProtector64;MaxProtector64;c:\windows\System32\drivers\MaxProtector64.sys;c:\windows\SYSNATIVE\drivers\MaxProtector64.sys [x]
S0 SDActMon;SDActMon;c:\windows\System32\drivers\SDActMon.sys;c:\windows\SYSNATIVE\drivers\SDActMon.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MaxMerger;MaxMerger;c:\program files (x86)\Max Spyware Detector\MaxMerger.exe;c:\program files (x86)\Max Spyware Detector\MaxMerger.exe [x]
S2 MaxWatchDogService;MaxWatchDogService;c:\program files\Max Spyware Detector\MaxWatchDogService.exe;c:\program files\Max Spyware Detector\MaxWatchDogService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 16:17]
.
2013-09-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715122003-4205877537-1423981677-1000Core.job
- c:\users\Nicolai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-28 22:33]
.
2013-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715122003-4205877537-1423981677-1000UA.job
- c:\users\Nicolai\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-28 22:33]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20 19:35]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20 19:35]
.
2013-09-08 c:\windows\Tasks\Pricora 6.1-firefoxinstaller.job
- c:\program files (x86)\Pricora 6.1\Pricora 6.1-firefoxinstaller.exe [2013-09-08 19:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"SDActiveMonitor"="c:\program files\Max Spyware Detector\MaxSDTray.exe" [2012-07-18 2213920]
"MaxUSBProc"="c:\program files\Max Spyware Detector\MaxUSBProc.exe" [2012-07-18 564256]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nicolai\AppData\Roaming\Mozilla\Firefox\Profiles\xqby0uva.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-SDAutoScan - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1715122003-4205877537-1423981677-1000\Software\SecuROM\License information*]
"datasecu"=hex:eb,5e,5c,4a,d4,f9,bb,5d,b6,d0,aa,af,6f,ed,13,06,90,6d,01,b9,c9,
   2e,de,ee,e5,e4,09,af,70,17,86,9c,52,7d,e5,9c,ab,97,35,5c,91,17,88,c4,7c,d0,\
"rkeysecu"=hex:80,af,e0,80,ba,ac,23,4a,e1,e7,aa,51,37,e3,f8,dd
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-08  21:45:08
ComboFix-quarantined-files.txt  2013-09-08 19:45
.
Vor Suchlauf: 8 Verzeichnis(se), 63.383.293.952 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 64.005.177.344 Bytes frei
.
- - End Of File - - CCB9AC2C991B7AA7C0035E8B7736D72A
Combofix wurde mir halt von dem Freund vorgeschlagen mal laufen zu lassen.


Alt 09.09.2013, 20:35   #6
aharonov
/// TB-Ausbilder
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


Ok.


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
--> Pricora + Trojan Virus endeckt

Alt 12.09.2013, 14:47   #7
Giacomo
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


tut mir leid, aber ich hatte erst jetzt wieder Zeit dafür.

Schritt 1

Hier ist der Adware Log:

Code:
ATTFilter
# AdwCleaner v3.003 - Bericht erstellt am 12/09/2013 um 15:36:51
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Nicolai - NICOLAI-PC
# Gestartet von : C:\Users\Nicolai\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Nicolai\AppData\Local\Max Secure Software

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_combofix_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_combofix_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKCU\Software\Softonic

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\Nicolai\AppData\Roaming\Mozilla\Firefox\Profiles\xqby0uva.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "140ff705322cd78ccc753bbf90b78902");

-\\ Google Chrome v29.0.1547.66

[ Datei : C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2286 octets] - [12/09/2013 15:35:18]
AdwCleaner[S0].txt - [2158 octets] - [12/09/2013 15:36:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2218 octets] ##########
Schritt 2

Hier ist der neueste FRST Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by Nicolai (administrator) on NICOLAI-PC on 12-09-2013 15:44:40
Running from C:\Users\Nicolai\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Max Secure Software) C:\Program Files (x86)\Max Spyware Detector\MaxMerger.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxActMon.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxDBServer.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\Nicolai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\Nicolai\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [SDAutoScan] - [x]
HKLM\...\Run: [SDActiveMonitor] - C:\Program Files\Max Spyware Detector\MaxSDTray.exe [2213920 2012-07-18] (Max Secure Software)
HKLM\...\Run: [MaxUSBProc] - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [564256 2012-07-18] (Max Secure Software)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Nicolai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-04] (Spotify Ltd)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-22] (Apple Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
Startup: C:\Users\Nicolai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nicolai\AppData\Roaming\Mozilla\Firefox\Profiles\xqby0uva.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Nicolai\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Nicolai\AppData\Roaming\Mozilla\Firefox\Profiles\xqby0uva.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Nicolai\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Nicolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 MaxMerger; C:\Program Files (x86)\Max Spyware Detector\MaxMerger.exe [1941536 2012-07-18] (Max Secure Software)
R2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [798240 2012-07-18] (Max Secure Software)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-21] (DT Soft Ltd)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [71712 2012-07-18] (Max Secure Software)
R0 MaxProc64; C:\Windows\System32\drivers\MaxProc64.sys [64544 2012-07-18] (Max Secure Software)
R0 MaxProtector64; C:\Windows\System32\drivers\MaxProtector64.sys [76832 2012-07-18] (Max Secure Software)
R0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [119328 2012-07-18] (Max Secure Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-12 15:15 - 2013-09-12 15:37 - 00000000 ____D C:\AdwCleaner
2013-09-12 15:11 - 2013-09-12 15:11 - 01037278 _____ C:\Users\Nicolai\Desktop\adwcleaner.exe
2013-09-11 22:35 - 2013-09-11 22:39 - 00000000 ____D C:\Users\Nicolai\Downloads\A Toast to Tommy
2013-09-11 20:33 - 2013-09-11 20:33 - 97170353 _____ C:\Windows\SysWOW64\Ῥ⻱C
2013-09-10 23:41 - 2013-09-11 00:07 - 187573062 _____ C:\Users\Nicolai\Downloads\The_Golden_Age-(DatPiff.com).zip
2013-09-10 23:41 - 2013-09-10 23:48 - 63640168 _____ C:\Users\Nicolai\Downloads\Soul_Searchin_the_Next_Level-(DatPiff.com).zip
2013-09-09 16:56 - 2013-09-09 17:00 - 00036910 _____ C:\Users\Nicolai\Desktop\FRST.txt
2013-09-09 16:56 - 2013-09-09 16:56 - 00037934 _____ C:\Users\Nicolai\Desktop\Addition.txt
2013-09-09 16:54 - 2013-09-09 16:54 - 00000000 ____D C:\FRST
2013-09-09 16:29 - 2013-09-12 15:38 - 00000336 _____ C:\Windows\setupact.log
2013-09-09 16:29 - 2013-09-09 16:29 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 23:56 - 2013-09-08 23:56 - 00003148 _____ C:\Windows\System32\Tasks\{256D6E74-5E2F-4335-B18D-0BF999EC6EB7}
2013-09-08 23:38 - 2013-09-11 22:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-08 23:38 - 2013-09-11 21:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-08 23:38 - 2013-09-11 21:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-08 23:38 - 2013-09-11 21:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-08 23:06 - 2013-09-08 23:06 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-08 23:06 - 2013-09-08 23:06 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-08 23:06 - 2013-09-08 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-08 22:56 - 2013-09-08 22:56 - 00008035 _____ C:\Users\Nicolai\Desktop\bookmarks-2013-09-08.json
2013-09-08 21:45 - 2013-09-08 21:45 - 00020294 _____ C:\ComboFix.txt
2013-09-08 21:24 - 2013-09-08 21:45 - 00000000 ____D C:\ComboFix
2013-09-08 21:24 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-08 21:24 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-08 21:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-08 21:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-08 21:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-08 21:24 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-08 21:24 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-08 21:24 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-08 21:22 - 2013-09-12 15:38 - 00001832 _____ C:\Windows\Tasks\Pricora 6.1-firefoxinstaller.job
2013-09-08 21:22 - 2013-09-08 21:45 - 00000000 ____D C:\Qoobox
2013-09-08 21:22 - 2013-09-08 21:43 - 00000000 ____D C:\Windows\erdnt
2013-09-08 21:20 - 2013-09-08 21:21 - 05124111 ____R (Swearware) C:\Users\Nicolai\Desktop\ComboFix.exe
2013-09-08 21:19 - 2013-09-08 21:19 - 00392016 _____ (Softonic                                        ) C:\Users\Nicolai\Downloads\SoftonicDownloader_fuer_combofix.exe
2013-09-08 10:28 - 2013-09-08 10:28 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-08 10:28 - 2013-09-08 10:28 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-08 10:28 - 2013-09-08 10:28 - 00000000 ____D C:\Program Files\CCleaner
2013-09-08 10:23 - 2013-09-08 10:24 - 03415256 _____ (Piriform Ltd) C:\Users\Nicolai\Downloads\ccsetup405_slim_4.05.exe
2013-09-06 14:59 - 2013-09-06 14:59 - 96334488 _____ C:\Windows\SysWOW64\䱤鄔=
2013-09-04 17:25 - 2013-09-04 17:25 - 95863165 _____ C:\Windows\SysWOW64\崮큞‡
2013-09-02 21:47 - 2013-09-02 21:47 - 95286781 _____ C:\Windows\SysWOW64\ᷧ
2013-08-31 02:49 - 2013-08-31 02:49 - 00000040 _____ C:\Windows\system32\싰Ã
2013-08-27 23:38 - 2013-08-27 23:38 - 00000040 _____ C:\Windows\system32\싰Ñ
2013-08-27 17:34 - 2013-08-27 17:34 - 00000040 _____ C:\Windows\system32\싰»
2013-08-26 15:18 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-08-26 15:18 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-08-26 15:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-08-26 15:18 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-08-20 22:35 - 2013-08-20 23:01 - 00020740 _____ C:\Users\Nicolai\Documents\Uroiforstaderne.odt
2013-08-20 18:19 - 2013-08-20 18:19 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-20 18:18 - 2013-08-20 18:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 18:18 - 2013-08-20 18:19 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 18:18 - 2013-08-20 18:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-20 18:18 - 2013-08-20 18:18 - 00000000 ____D C:\Program Files\iPod
2013-08-18 16:11 - 2013-09-08 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 16:00 - 2013-07-25 05:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 16:00 - 2013-07-25 05:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 16:00 - 2013-07-25 05:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 16:00 - 2013-07-25 05:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 16:00 - 2013-07-25 05:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 16:00 - 2013-07-25 05:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 16:00 - 2013-07-25 05:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 16:00 - 2013-07-25 05:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 16:00 - 2013-07-25 05:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 16:00 - 2013-07-25 05:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 16:00 - 2013-07-25 05:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 16:00 - 2013-07-25 05:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 16:00 - 2013-07-25 05:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 16:00 - 2013-07-25 05:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 16:00 - 2013-07-25 05:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-15 16:00 - 2013-07-25 05:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 16:00 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 16:00 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 16:00 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 16:00 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 16:00 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 16:00 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-15 16:00 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-15 16:00 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 16:00 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 16:00 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 16:00 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 16:00 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-15 16:00 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-15 16:00 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 16:00 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 16:00 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-14 14:59 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 14:59 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 14:59 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 14:59 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 14:59 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 14:59 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 14:59 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 14:59 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 14:59 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 14:59 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 14:59 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 14:59 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 14:59 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 14:59 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 14:59 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 14:59 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 14:59 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 14:59 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 14:59 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 14:59 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 14:59 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 14:59 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 14:59 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 14:59 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 14:59 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 14:59 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 14:59 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-12 15:43 - 2013-09-12 15:42 - 01949642 _____ (Farbar) C:\Users\Nicolai\Desktop\FRST64.exe
2013-09-12 15:39 - 2012-08-20 21:35 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-12 15:39 - 2012-08-20 13:26 - 00000000 ____D C:\ProgramData\clear.fi
2013-09-12 15:38 - 2013-09-09 16:29 - 00000336 _____ C:\Windows\setupact.log
2013-09-12 15:38 - 2013-09-08 21:22 - 00001832 _____ C:\Windows\Tasks\Pricora 6.1-firefoxinstaller.job
2013-09-12 15:38 - 2012-08-20 21:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-12 15:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-12 15:37 - 2013-09-12 15:15 - 00000000 ____D C:\AdwCleaner
2013-09-12 15:37 - 2012-01-31 09:41 - 01234125 _____ C:\Windows\WindowsUpdate.log
2013-09-12 15:32 - 2012-10-16 04:50 - 01244342 __RSH C:\SdHeuristic.txt
2013-09-12 15:23 - 2013-05-20 07:15 - 00000000 ____D C:\Users\Nicolai\AppData\Roaming\Spotify
2013-09-12 15:11 - 2013-09-12 15:11 - 01037278 _____ C:\Users\Nicolai\Desktop\adwcleaner.exe
2013-09-12 15:08 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 15:08 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 22:59 - 2013-09-08 23:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 22:39 - 2013-09-11 22:35 - 00000000 ____D C:\Users\Nicolai\Downloads\A Toast to Tommy
2013-09-11 21:08 - 2013-05-20 07:16 - 00000000 ____D C:\Users\Nicolai\AppData\Local\Spotify
2013-09-11 21:00 - 2013-09-08 23:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 21:00 - 2013-09-08 23:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 21:00 - 2013-09-08 23:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 20:39 - 2012-12-29 00:34 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715122003-4205877537-1423981677-1000UA.job
2013-09-11 20:33 - 2013-09-11 20:33 - 97170353 _____ C:\Windows\SysWOW64\Ῥ⻱C
2013-09-11 00:09 - 2012-10-15 22:41 - 00000000 ____D C:\Program Files\Max Spyware Detector
2013-09-11 00:07 - 2013-09-10 23:41 - 187573062 _____ C:\Users\Nicolai\Downloads\The_Golden_Age-(DatPiff.com).zip
2013-09-10 23:48 - 2013-09-10 23:41 - 63640168 _____ C:\Users\Nicolai\Downloads\Soul_Searchin_the_Next_Level-(DatPiff.com).zip
2013-09-10 17:39 - 2012-12-29 00:34 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715122003-4205877537-1423981677-1000Core.job
2013-09-09 17:00 - 2013-09-09 16:56 - 00036910 _____ C:\Users\Nicolai\Desktop\FRST.txt
2013-09-09 16:56 - 2013-09-09 16:56 - 00037934 _____ C:\Users\Nicolai\Desktop\Addition.txt
2013-09-09 16:54 - 2013-09-09 16:54 - 00000000 ____D C:\FRST
2013-09-09 16:29 - 2013-09-09 16:29 - 00000000 _____ C:\Windows\setuperr.log
2013-09-09 16:15 - 2013-07-29 02:39 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-09 16:15 - 2012-08-21 22:05 - 00000000 ____D C:\Users\Nicolai\AppData\Roaming\DAEMON Tools Lite
2013-09-09 15:19 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-09-09 15:15 - 2013-03-26 23:55 - 00000000 ____D C:\Windows\Minidump
2013-09-08 23:56 - 2013-09-08 23:56 - 00003148 _____ C:\Windows\System32\Tasks\{256D6E74-5E2F-4335-B18D-0BF999EC6EB7}
2013-09-08 23:41 - 2012-08-22 12:09 - 00000000 ____D C:\Users\Nicolai\AppData\Local\Adobe
2013-09-08 23:06 - 2013-09-08 23:06 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-08 23:06 - 2013-09-08 23:06 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-08 23:06 - 2013-09-08 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-08 23:06 - 2013-08-18 16:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-08 23:06 - 2012-08-20 21:35 - 00000000 ____D C:\Users\Nicolai\AppData\Local\Google
2013-09-08 23:06 - 2012-08-20 21:35 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-08 22:56 - 2013-09-08 22:56 - 00008035 _____ C:\Users\Nicolai\Desktop\bookmarks-2013-09-08.json
2013-09-08 21:45 - 2013-09-08 21:45 - 00020294 _____ C:\ComboFix.txt
2013-09-08 21:45 - 2013-09-08 21:24 - 00000000 ____D C:\ComboFix
2013-09-08 21:45 - 2013-09-08 21:22 - 00000000 ____D C:\Qoobox
2013-09-08 21:45 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-08 21:43 - 2013-09-08 21:22 - 00000000 ____D C:\Windows\erdnt
2013-09-08 21:42 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-08 21:21 - 2013-09-08 21:20 - 05124111 ____R (Swearware) C:\Users\Nicolai\Desktop\ComboFix.exe
2013-09-08 21:19 - 2013-09-08 21:19 - 00392016 _____ (Softonic                                        ) C:\Users\Nicolai\Downloads\SoftonicDownloader_fuer_combofix.exe
2013-09-08 10:28 - 2013-09-08 10:28 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-08 10:28 - 2013-09-08 10:28 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-08 10:28 - 2013-09-08 10:28 - 00000000 ____D C:\Program Files\CCleaner
2013-09-08 10:24 - 2013-09-08 10:23 - 03415256 _____ (Piriform Ltd) C:\Users\Nicolai\Downloads\ccsetup405_slim_4.05.exe
2013-09-06 14:59 - 2013-09-06 14:59 - 96334488 _____ C:\Windows\SysWOW64\䱤鄔=
2013-09-04 17:25 - 2013-09-04 17:25 - 95863165 _____ C:\Windows\SysWOW64\崮큞‡
2013-09-02 21:47 - 2013-09-02 21:47 - 95286781 _____ C:\Windows\SysWOW64\ᷧ
2013-09-02 14:50 - 2013-08-05 21:33 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-02 14:50 - 2013-08-05 21:31 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-02 14:50 - 2013-08-05 21:31 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-01 18:38 - 2012-08-20 13:04 - 00000000 ____D C:\Users\Nicolai
2013-08-31 02:49 - 2013-08-31 02:49 - 00000040 _____ C:\Windows\system32\싰Ã
2013-08-29 19:22 - 2012-08-21 21:46 - 00000000 ____D C:\Users\Nicolai\AppData\Roaming\vlc
2013-08-27 23:38 - 2013-08-27 23:38 - 00000040 _____ C:\Windows\system32\싰Ñ
2013-08-27 17:34 - 2013-08-27 17:34 - 00000040 _____ C:\Windows\system32\싰»
2013-08-26 20:31 - 2013-07-17 04:10 - 00000000 ____D C:\Users\Nicolai\Documents\My Games
2013-08-26 15:22 - 2012-01-31 18:32 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-26 15:22 - 2012-01-31 18:32 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-26 15:22 - 2009-07-14 07:13 - 01520734 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-24 23:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-20 23:01 - 2013-08-20 22:35 - 00020740 _____ C:\Users\Nicolai\Documents\Uroiforstaderne.odt
2013-08-20 18:19 - 2013-08-20 18:19 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-20 18:19 - 2013-08-20 18:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 18:19 - 2013-08-20 18:18 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 18:19 - 2013-08-20 18:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-20 18:18 - 2013-08-20 18:18 - 00000000 ____D C:\Program Files\iPod
2013-08-15 16:07 - 2013-07-17 16:12 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 16:03 - 2012-10-15 05:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Nicolai\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 20:51

==================== End Of Log ============================
--- --- ---


Ich hoffe das hilft.

Alt 12.09.2013, 21:59   #8
aharonov
/// TB-Ausbilder
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


Hallo,

was für Probleme bestehen jetzt noch?


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
2013-09-08 21:22 - 2013-09-12 15:38 - 00001832 _____ C:\Windows\Tasks\Pricora 6.1-firefoxinstaller.job
C:\Program Files (x86)\Pricora 6.1
Task: {A5B18C35-1A0A-4544-AD12-491C98414EA9} - System32\Tasks\Pricora 6.1-firefoxinstaller => C:\Program Files (x86)\Pricora 6.1\Pricora 6.1-firefoxinstaller.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
cheers,
Leo

Alt 13.09.2013, 14:18   #9
Giacomo
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


Hallo, ich habe heute eigentlich keine Zeit. Ich habe aber schon Schritt 1 befolgt.
hier der Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2013 02
Ran by Nicolai at 2013-09-13 14:27:13 Run:1
Running from C:\Users\Nicolai\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2013-09-08 21:22 - 2013-09-12 15:38 - 00001832 _____ C:\Windows\Tasks\Pricora 6.1-firefoxinstaller.job
C:\Program Files (x86)\Pricora 6.1
Task: {A5B18C35-1A0A-4544-AD12-491C98414EA9} - System32\Tasks\Pricora 6.1-firefoxinstaller => C:\Program Files (x86)\Pricora 6.1\Pricora 6.1-firefoxinstaller.exe
*****************

C:\Windows\Tasks\Pricora 6.1-firefoxinstaller.job => Moved successfully.
"C:\Program Files (x86)\Pricora 6.1" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5B18C35-1A0A-4544-AD12-491C98414EA9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5B18C35-1A0A-4544-AD12-491C98414EA9} => Key deleted successfully.
C:\Windows\System32\Tasks\Pricora 6.1-firefoxinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pricora 6.1-firefoxinstaller => Key deleted successfully.

==== End of Fixlog ====
Allerdings kam danach ein Windows-update, und nach dem Hochfahren auch ein Bluescreen (warum auch immer).

Schritt 2 werde ich morgen machen.
Ist es wichtig alle Festplatten und USB Sticks anzuschliessen?

Alt 14.09.2013, 12:31   #10
aharonov
/// TB-Ausbilder
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


Hallo,

Kommen die Bluescreens regelmässig oder war das ein einmaliger Vorfall?

Zitat:
Ist es wichtig alle Festplatten und USB Sticks anzuschliessen?
Nein ist nicht wichtig. Wenn du etwas anschliesst, dann wird es einfach auch grad noch mitüberprüft.
__________________
cheers,
Leo

Alt 17.09.2013, 06:06   #11
Giacomo
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


Vorhin hatte ich wieder 2 Bluescreens nacheinander. Undzwar beide als "fltmgr.sys


Hier ist nochmal das Bild mit dem Antivirenprogramm was 2 Viren gefunden hat.
hxxp://s1.directupload.net/file/d/3381/pm2emets_jpg.htm

Ich werde jetzt nochmal versuchen Schritt 2 über Nacht laufen zu lassen, und gucken ob es jetzt funktioniert

Hier ist der log von Eset. Es hat ca. 6,5 Stunden gedauert, aber hat leider nichts gefunden..

Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4e621e7909a13544b88f7c4bb1cfc4db
# engine=15123
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-14 03:48:24
# local_time=2013-09-14 05:48:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 0 149845009 10962 0
# compatibility_mode=5893 16776573 100 94 98441 130803554 0 0
# scanned=269149
# found=0
# cleaned=0
# scan_time=16998
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4e621e7909a13544b88f7c4bb1cfc4db
# engine=15156
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-17 04:36:36
# local_time=2013-09-17 06:36:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 26966 150063901 19735 0
# compatibility_mode=5893 16776573 100 94 317333 131022446 0 0
# scanned=489057
# found=0
# cleaned=0
# scan_time=23860
Geändert von Giacomo (16.09.2013 um 22:58 Uhr)

Alt 18.09.2013, 09:47   #12
aharonov
/// TB-Ausbilder
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


Hi,

was sind denn die genauen Angaben des Bluescreens (Stop-code etc.)? (allenfalls: Systemsteuerung -> System -> Erweitert -> Starten und Wiederherstellen -> Einstellungen -> Systemfehler: Haken bei "Automatischer Neustart durchführen" entfernen)
__________________
cheers,
Leo

Alt 18.09.2013, 22:00   #13
Giacomo
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


Hallo,

also die genaueren Angaben kenne ich nicht. Ich kann mir immer nur den .sys Fehler merken.
Und komischer weise ist vorhin wieder ein Bluescreen gekommen, aber diesmal mit der Meldung als: atikmpag.sys

Ich bin wirklich ratlos..

Und den Haken bei "Automatischer Neustart durchführen" habe ich auch jetzt entfernt.

Alt 19.09.2013, 07:49   #14
aharonov
/// TB-Ausbilder
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


Ok, dann schreib beim nächsten Bluescreen mal den Stop-Code und die Parameter auf.
__________________
cheers,
Leo

Alt 20.09.2013, 13:10   #15
Giacomo
 
Pricora + Trojan Virus endeckt - Standard

Pricora + Trojan Virus endeckt


was genau ist der stop-code und das Parameter?
und nochmal, kommt gerade eine "Skriptfehler" Meldung, die so aussieht:
Directupload.net - ujh3gc6m.jpg

soll ich Ja, oder Nein klicken?

Antwort
Seite 1 von 2 1 2

Themen zu Pricora + Trojan Virus endeckt
deaktiviert, entfernen, firefox, friert, hängt, keine rückmeldung, laden, langsamer, malwarebytes, mozilla, neustart, nichts, pricora, problem, probleme, programm, programme, rückmeldung, schnell, systemsteuerung, trojan, virus, webseite, windows, windows 7, öffnen


« QVO6 trotz Virenscan noch auf dem Laptop | software.updater.ui.exe legt Rechner komplett Lahm »


Ähnliche Themen: Pricora + Trojan Virus endeckt


  1. Pricora 12 entfernen
    Anleitungen, FAQs & Links - 25.05.2014 (2)
  2. Win32Somoto.a von avast! endeckt. Was tun?
    Plagegeister aller Art und deren Bekämpfung - 14.12.2013 (19)
  3. Nach Programmdownload Pricora auf dem Rechner. Löschen nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (15)
  4. a variant of Win32/Spy.Banker.YIL trojan mit ESET online scan endeckt
    Log-Analyse und Auswertung - 29.07.2013 (9)
  5. Trojaner TR/ATRAPS.Gen2 endeckt von Avira
    Log-Analyse und Auswertung - 17.10.2012 (44)
  6. doppelt Trojaner TR/ATRAPS.Gen2 endeckt von Avira
    Mülltonne - 19.09.2012 (0)
  7. Avira hat TR/ATRAPS.Gen Virus endeckt, was soll ich tun?
    Log-Analyse und Auswertung - 27.04.2012 (32)
  8. Trojaner mit Warnstuffe Schwerwiegend endeckt
    Plagegeister aller Art und deren Bekämpfung - 26.12.2010 (1)
  9. Trojaner endeckt>Blokiert AV,TaskM
    Log-Analyse und Auswertung - 29.08.2009 (1)
  10. Trojaner von BitDefender endeckt
    Mülltonne - 18.10.2008 (0)
  11. Avira endeckt mehrere Probleme (Swizzor, Malware...)
    Log-Analyse und Auswertung - 12.08.2008 (2)
  12. Vieren endeckt. Hijack und Malware Berichte liegen bei
    Mülltonne - 10.07.2008 (1)
  13. PC hatte Rootkit endeckt.... Ist er weg?
    Mülltonne - 05.04.2008 (0)
  14. trojaner endeckt
    Log-Analyse und Auswertung - 17.02.2008 (2)
  15. Escan endeckt ezula in einer unauffindbaren datei
    Plagegeister aller Art und deren Bekämpfung - 06.02.2008 (2)
  16. Die NTVDM-CPU hat einen ungültigen Befehl endeckt???
    Mülltonne - 11.11.2007 (0)
  17. Trojaner endeckt in C:\Windows\system32\TFTP2456
    Plagegeister aller Art und deren Bekämpfung - 23.12.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Pricora + Trojan Virus endeckt - Hallo, ich habe mal wieder ein Problem mit meinem Laptop. (Windows 7) Da ein Freund von mir die meisten Probleme lösen kann- jetzt aber ohne Rat ist, hat er mich - Pricora + Trojan Virus endeckt...
Archiv
Du betrachtest: Pricora + Trojan Virus endeckt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131