C:\ProgramData\boost_interprocess taucht immer wieder auf

buzzaldrin · 25.02.2014, 09:20

Beim Runterladen einer Java Version habe ich mir am Sonntag einen Virus eingefangen, bei dem sich awesome hp ständig in meinem Browser öffnete. Das ist mittlerweile zum Glück nicht mehr der Fall. Ich habe mit Malware Bytes gescannt und mit meinem AVG Anti-Virusprogramm und alles gelöscht, was ich gefunden habe. Doch der adwcleaner findet bei jedem erneuten Suchlauf immer noch eine Datei, die ich einfach nicht loswerde.

Zitat:

# AdwCleaner v3.019 - Bericht erstellt am 25/02/2014 um 09:10:54
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Mara - SONNENZIMMER-PC
# Gestartet von : C:\Users\Mara\Downloads\adwcleaner_3.0.1.9.exe
# Option : Löschen

***** [ Dienste ] *****

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess

***** [ Verknüpfungen ] *****

***** [ Registrierungsdatenbank ] *****

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16798

-\\ Google Chrome v33.0.1750.117

[ Datei : C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5407 octets] - [23/02/2014 14:16:02]
AdwCleaner[R1].txt - [1082 octets] - [23/02/2014 15:34:12]
AdwCleaner[R2].txt - [1078 octets] - [23/02/2014 21:39:42]
AdwCleaner[R3].txt - [1199 octets] - [24/02/2014 06:49:48]
AdwCleaner[R4].txt - [1319 octets] - [24/02/2014 19:21:17]
AdwCleaner[R5].txt - [1440 octets] - [24/02/2014 19:53:49]
AdwCleaner[R6].txt - [1500 octets] - [24/02/2014 19:55:20]
AdwCleaner[R7].txt - [1556 octets] - [25/02/2014 09:10:29]
AdwCleaner[S0].txt - [4181 octets] - [23/02/2014 14:17:03]
AdwCleaner[S1].txt - [1146 octets] - [23/02/2014 15:35:07]
AdwCleaner[S2].txt - [1143 octets] - [23/02/2014 21:40:34]
AdwCleaner[S3].txt - [1263 octets] - [24/02/2014 06:50:14]
AdwCleaner[S4].txt - [1383 octets] - [24/02/2014 19:22:35]
AdwCleaner[S5].txt - [1479 octets] - [25/02/2014 09:10:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1539 octets] ##########

schrauber · 25.02.2014, 09:41

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

buzzaldrin · 25.02.2014, 09:49

Wow, danke für die schnelle Hilfe, ich hoffe, ich habe erst einmal alles richtig gemacht!

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2014 01
Ran by Mara (administrator) on SONNENZIMMER-PC on 25-02-2014 09:43:44
Running from C:\Users\Mara\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Telefónica) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [RadioController] - C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-05-27] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1658640 2013-11-11] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\Run: [Spotify Web Helper] - C:\Users\Mara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-06] (Spotify Ltd)
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {64c73376-003f-11e3-be74-001e101f131a} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {a8377cba-0a92-11e3-be7d-001e101f6087} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {ebc856d4-003e-11e3-be72-bc855697de2b} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {ebc8571e-003e-11e3-be72-bc855697de2b} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {fdb479b7-64a8-11e3-be90-001e101fa795} - "E:\AutoRun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {07D07743-3998-494C-A8D4-281150D212D4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - {07D07743-3998-494C-A8D4-281150D212D4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - {07D07743-3998-494C-A8D4-281150D212D4} URL = 
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-24]
CHR Extension: (Google Drive) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-24]
CHR Extension: (YouTube) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-24]
CHR Extension: (Google-Suche) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-24]
CHR Extension: (Google Wallet) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-24]
CHR Extension: (Google Mail) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-24]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-24]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-05-27] (Dritek System INC.)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-18] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-05-27] (Dritek System Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-25 09:43 - 2014-02-25 09:43 - 00013307 _____ () C:\Users\Mara\Downloads\FRST.txt
2014-02-25 09:43 - 2014-02-25 09:43 - 00000000 ____D () C:\FRST
2014-02-25 09:42 - 2014-02-25 09:42 - 02156032 _____ (Farbar) C:\Users\Mara\Downloads\FRST64.exe
2014-02-25 09:12 - 2014-02-25 09:12 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-24 19:41 - 2014-02-24 19:41 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-24 19:40 - 2014-02-24 19:45 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 19:40 - 2014-02-24 19:40 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-24 19:39 - 2014-02-25 09:12 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-24 19:39 - 2014-02-24 19:39 - 00003874 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-24 19:31 - 2014-02-24 19:31 - 00512784 _____ (AVAST Software) C:\Users\Mara\Downloads\avastclear_9.0.2013.exe
2014-02-24 19:11 - 2014-02-25 09:12 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-24 19:10 - 2014-02-24 19:10 - 02800104 _____ (AVAST Software) C:\Users\Mara\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-02-24 19:09 - 2014-02-24 19:11 - 90578216 _____ (AVAST Software) C:\Users\Mara\Downloads\avast_free_antivirus_setup_9.0.2013.exe
2014-02-24 18:06 - 2014-02-24 18:07 - 02347384 _____ (ESET) C:\Users\Mara\Downloads\esetsmartinstaller_deu.exe
2014-02-24 17:05 - 2014-02-24 17:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-24 17:04 - 2014-02-24 17:04 - 02347384 _____ (ESET) C:\Users\Mara\Downloads\esetsmartinstaller_enu.exe
2014-02-23 15:33 - 2014-02-23 15:33 - 01241888 _____ () C:\Users\Mara\Downloads\adwcleaner_3.0.1.9 (1).exe
2014-02-23 14:15 - 2014-02-25 09:10 - 00000000 ____D () C:\AdwCleaner
2014-02-23 14:15 - 2014-02-23 14:15 - 01241888 _____ () C:\Users\Mara\Downloads\adwcleaner_3.0.1.9.exe
2014-02-23 14:08 - 2014-02-23 14:08 - 00000000 ____D () C:\Users\Mara\.android
2014-02-23 14:07 - 2014-02-23 14:10 - 00000000 ____D () C:\Users\Mara\AppData\Local\cache
2014-02-23 14:07 - 2014-02-23 14:07 - 00000000 _____ () C:\Users\Mara\daemonprocess.txt
2014-02-23 14:04 - 2014-02-23 14:10 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\awesomehp
2014-02-23 14:03 - 2014-02-24 18:59 - 00000000 ____D () C:\Program Files (x86)\Re-mark-it
2014-02-23 14:03 - 2014-02-23 14:03 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-23 13:57 - 2014-02-23 13:57 - 00056517 _____ () C:\Users\Mara\Downloads\DurchDenGöttingerWaldZumSeeburgerSee.kml
2014-02-16 10:28 - 2014-02-16 10:28 - 00001042 _____ () C:\Users\Mara\Desktop\Winmira 2001.lnk
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ___HD () C:\Program Files (x86)\InstallJammer Registry
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmira 2001
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ____D () C:\Program Files (x86)\Winmira 2001
2014-02-16 10:26 - 2014-02-16 10:26 - 05767335 _____ (Matthias von Davier) C:\Users\Mara\Downloads\winmira_2001.exe
2014-02-12 18:07 - 2014-02-25 09:12 - 00334646 _____ () C:\Windows\PFRO.log
2014-02-12 17:54 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 17:54 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 17:53 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 17:53 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 17:53 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 17:53 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-12 17:53 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 17:53 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 17:53 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 17:53 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 17:53 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 17:53 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 17:53 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-02-12 17:53 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 17:53 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 17:53 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-12 17:52 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 17:52 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 17:52 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 17:52 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 17:52 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 17:52 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 13:33 - 2014-02-11 13:33 - 00034697 _____ () C:\Users\Mara\Downloads\TS102829755.dotx
2014-02-09 20:49 - 2014-02-10 17:48 - 01818703 _____ () C:\Users\Mara\Desktop\stat_methoden_2.pptx
2014-02-09 20:48 - 2014-02-09 18:19 - 01957178 _____ () C:\Users\Mara\Desktop\stat_methoden.pptx
2014-02-09 20:27 - 2014-02-09 20:27 - 01382128 _____ () C:\Users\Mara\Downloads\Lokalisierung von Hirnfunktionen (Eine kurze Geschichte).pptx
2014-02-09 12:34 - 2014-02-09 12:34 - 00006314 _____ () C:\Users\Mara\Desktop\Microsoft Excel Worksheet (neu).xlsx
2014-02-03 17:50 - 2014-02-03 17:50 - 00024347 _____ () C:\Users\Mara\Downloads\JoyRätsel.xwd
2014-02-02 17:18 - 2014-02-02 17:29 - 14159810 _____ () C:\Users\Mara\Desktop\DSC_9571.AVI
2014-02-02 17:18 - 2014-02-02 17:22 - 21657288 _____ () C:\Users\Mara\Desktop\DSC_9563.AVI
2014-02-01 18:47 - 2014-01-31 16:21 - 137880446 _____ () C:\Users\Mara\Desktop\Lernen_JB2.pptx
2014-01-30 11:57 - 2014-01-30 11:57 - 00000000 ____D () C:\Users\Mara\Downloads\wpkey_v1.4.7d
2014-01-30 11:56 - 2014-01-30 11:56 - 00005593 _____ () C:\Users\Mara\Downloads\wpkey_v1.4.7d.zip
2014-01-29 12:01 - 2014-01-29 12:01 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-29 12:01 - 2014-01-29 12:01 - 00000000 ____D () C:\Windows\system32\NV
2014-01-29 11:42 - 2014-01-29 11:42 - 00000000 _____ () C:\Windows\setupact.log
2014-01-29 11:41 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-01-29 11:41 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-01-28 11:32 - 2014-01-28 11:32 - 05791174 _____ () C:\Users\Mara\Downloads\Bandit läuft Video.AVI

==================== One Month Modified Files and Folders =======

2014-02-25 09:43 - 2014-02-25 09:43 - 00013307 _____ () C:\Users\Mara\Downloads\FRST.txt
2014-02-25 09:43 - 2014-02-25 09:43 - 00000000 ____D () C:\FRST
2014-02-25 09:42 - 2014-02-25 09:42 - 02156032 _____ (Farbar) C:\Users\Mara\Downloads\FRST64.exe
2014-02-25 09:26 - 2013-08-15 16:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-25 09:18 - 2013-05-28 01:29 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-02-25 09:18 - 2013-05-28 01:29 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-02-25 09:18 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-25 09:12 - 2014-02-25 09:12 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-25 09:12 - 2014-02-24 19:39 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 09:12 - 2014-02-24 19:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-25 09:12 - 2014-02-12 18:07 - 00334646 _____ () C:\Windows\PFRO.log
2014-02-25 09:12 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-25 09:11 - 2013-05-27 15:54 - 01092307 _____ () C:\Windows\WindowsUpdate.log
2014-02-25 09:10 - 2014-02-23 14:15 - 00000000 ____D () C:\AdwCleaner
2014-02-25 09:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-24 19:46 - 2013-08-21 13:53 - 00005158 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Sonnenzimmer-PC-Mara Sonnenzimmer-PC
2014-02-24 19:45 - 2014-02-24 19:40 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 19:41 - 2014-02-24 19:41 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-24 19:41 - 2013-08-08 10:49 - 00000000 ____D () C:\Users\Mara\AppData\Local\Google
2014-02-24 19:40 - 2014-02-24 19:40 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-24 19:40 - 2013-08-08 10:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-24 19:39 - 2014-02-24 19:39 - 00003874 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-24 19:39 - 2013-08-08 10:49 - 00000000 ____D () C:\Users\Mara\AppData\Local\Deployment
2014-02-24 19:31 - 2014-02-24 19:31 - 00512784 _____ (AVAST Software) C:\Users\Mara\Downloads\avastclear_9.0.2013.exe
2014-02-24 19:11 - 2014-02-24 19:09 - 90578216 _____ (AVAST Software) C:\Users\Mara\Downloads\avast_free_antivirus_setup_9.0.2013.exe
2014-02-24 19:10 - 2014-02-24 19:10 - 02800104 _____ (AVAST Software) C:\Users\Mara\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-02-24 18:59 - 2014-02-23 14:03 - 00000000 ____D () C:\Program Files (x86)\Re-mark-it
2014-02-24 18:07 - 2014-02-24 18:06 - 02347384 _____ (ESET) C:\Users\Mara\Downloads\esetsmartinstaller_deu.exe
2014-02-24 17:05 - 2014-02-24 17:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-24 17:04 - 2014-02-24 17:04 - 02347384 _____ (ESET) C:\Users\Mara\Downloads\esetsmartinstaller_enu.exe
2014-02-23 15:33 - 2014-02-23 15:33 - 01241888 _____ () C:\Users\Mara\Downloads\adwcleaner_3.0.1.9 (1).exe
2014-02-23 15:25 - 2014-01-19 14:36 - 00000000 ____D () C:\ProgramData\Licenses
2014-02-23 15:25 - 2013-12-08 20:42 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\RStudio
2014-02-23 15:25 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-23 15:25 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-23 15:24 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-23 15:24 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-02-23 15:24 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\registration
2014-02-23 15:24 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-02-23 15:12 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-02-23 14:15 - 2014-02-23 14:15 - 01241888 _____ () C:\Users\Mara\Downloads\adwcleaner_3.0.1.9.exe
2014-02-23 14:11 - 2013-08-08 16:33 - 00000000 ___RD () C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-23 14:10 - 2014-02-23 14:07 - 00000000 ____D () C:\Users\Mara\AppData\Local\cache
2014-02-23 14:10 - 2014-02-23 14:04 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\awesomehp
2014-02-23 14:09 - 2013-08-08 16:32 - 00001442 _____ () C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-23 14:08 - 2014-02-23 14:08 - 00000000 ____D () C:\Users\Mara\.android
2014-02-23 14:08 - 2013-08-08 16:31 - 00000000 ____D () C:\Users\Mara
2014-02-23 14:07 - 2014-02-23 14:07 - 00000000 _____ () C:\Users\Mara\daemonprocess.txt
2014-02-23 14:03 - 2014-02-23 14:03 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-23 13:57 - 2014-02-23 13:57 - 00056517 _____ () C:\Users\Mara\Downloads\DurchDenGöttingerWaldZumSeeburgerSee.kml
2014-02-23 11:33 - 2013-08-08 16:31 - 00000000 ____D () C:\Users\Mara\AppData\Local\Packages
2014-02-22 20:59 - 2013-08-08 11:33 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\Spotify
2014-02-22 20:08 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-02-18 10:33 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-17 23:03 - 2013-03-27 09:39 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 23:03 - 2013-03-27 09:39 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 16:12 - 2013-08-13 16:51 - 00000000 ____D () C:\Users\Mara\Documents\Zukunft
2014-02-17 11:11 - 2013-08-08 10:42 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1991021413-518742360-3350079218-1002
2014-02-16 10:28 - 2014-02-16 10:28 - 00001042 _____ () C:\Users\Mara\Desktop\Winmira 2001.lnk
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ___HD () C:\Program Files (x86)\InstallJammer Registry
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmira 2001
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ____D () C:\Program Files (x86)\Winmira 2001
2014-02-16 10:26 - 2014-02-16 10:26 - 05767335 _____ (Matthias von Davier) C:\Users\Mara\Downloads\winmira_2001.exe
2014-02-13 17:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-02-12 17:58 - 2013-08-10 16:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:56 - 2013-08-09 11:20 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-11 13:33 - 2014-02-11 13:33 - 00034697 _____ () C:\Users\Mara\Downloads\TS102829755.dotx
2014-02-10 21:11 - 2013-11-16 20:46 - 00000000 ____D () C:\Users\Mara\AppData\Local\Microsoft Help
2014-02-10 17:48 - 2014-02-09 20:49 - 01818703 _____ () C:\Users\Mara\Desktop\stat_methoden_2.pptx
2014-02-09 20:27 - 2014-02-09 20:27 - 01382128 _____ () C:\Users\Mara\Downloads\Lokalisierung von Hirnfunktionen (Eine kurze Geschichte).pptx
2014-02-09 18:19 - 2014-02-09 20:48 - 01957178 _____ () C:\Users\Mara\Desktop\stat_methoden.pptx
2014-02-09 12:34 - 2014-02-09 12:34 - 00006314 _____ () C:\Users\Mara\Desktop\Microsoft Excel Worksheet (neu).xlsx
2014-02-06 13:19 - 2013-08-08 11:33 - 00000000 ____D () C:\Users\Mara\AppData\Local\Spotify
2014-02-03 17:50 - 2014-02-03 17:50 - 00024347 _____ () C:\Users\Mara\Downloads\JoyRätsel.xwd
2014-02-03 17:28 - 2013-12-28 17:54 - 00000000 ____D () C:\Users\Mara\AppData\Local\CrashDumps
2014-02-02 17:29 - 2014-02-02 17:18 - 14159810 _____ () C:\Users\Mara\Desktop\DSC_9571.AVI
2014-02-02 17:22 - 2014-02-02 17:18 - 21657288 _____ () C:\Users\Mara\Desktop\DSC_9563.AVI
2014-02-01 17:33 - 2013-08-08 12:21 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-02-01 10:20 - 2014-02-12 17:53 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-12 17:53 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-12 17:53 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-12 17:53 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-12 17:53 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-12 17:53 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-12 17:53 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-12 17:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-12 17:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-12 17:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-12 17:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-01-31 16:21 - 2014-02-01 18:47 - 137880446 _____ () C:\Users\Mara\Desktop\Lernen_JB2.pptx
2014-01-30 11:57 - 2014-01-30 11:57 - 00000000 ____D () C:\Users\Mara\Downloads\wpkey_v1.4.7d
2014-01-30 11:56 - 2014-01-30 11:56 - 00005593 _____ () C:\Users\Mara\Downloads\wpkey_v1.4.7d.zip
2014-01-29 12:01 - 2014-01-29 12:01 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-29 12:01 - 2014-01-29 12:01 - 00000000 ____D () C:\Windows\system32\NV
2014-01-29 12:01 - 2013-05-27 15:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-01-29 11:42 - 2014-01-29 11:42 - 00000000 _____ () C:\Windows\setupact.log
2014-01-28 18:04 - 2013-09-29 12:53 - 00000000 ____D () C:\Users\Mara\Documents\Göttingen
2014-01-28 11:32 - 2014-01-28 11:32 - 05791174 _____ () C:\Users\Mara\Downloads\Bandit läuft Video.AVI
2014-01-27 14:44 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\Mara\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mara\AppData\Local\Temp\Quarantine.exe
C:\Users\Mara\AppData\Local\Temp\SETUP.EXE
C:\Users\Mara\AppData\Local\Temp\_ISDEL.EXE
C:\Users\Mara\AppData\Local\Temp\_SETUP.DLL


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-16 11:14

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Additional text

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2014 01
Ran by Mara (administrator) on SONNENZIMMER-PC on 25-02-2014 09:43:44
Running from C:\Users\Mara\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Telefónica) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [RadioController] - C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-05-27] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1658640 2013-11-11] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\Run: [Spotify Web Helper] - C:\Users\Mara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-06] (Spotify Ltd)
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {64c73376-003f-11e3-be74-001e101f131a} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {a8377cba-0a92-11e3-be7d-001e101f6087} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {ebc856d4-003e-11e3-be72-bc855697de2b} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {ebc8571e-003e-11e3-be72-bc855697de2b} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {fdb479b7-64a8-11e3-be90-001e101fa795} - "E:\AutoRun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {07D07743-3998-494C-A8D4-281150D212D4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - {07D07743-3998-494C-A8D4-281150D212D4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - {07D07743-3998-494C-A8D4-281150D212D4} URL = 
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-24]
CHR Extension: (Google Drive) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-24]
CHR Extension: (YouTube) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-24]
CHR Extension: (Google-Suche) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-24]
CHR Extension: (Google Wallet) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-24]
CHR Extension: (Google Mail) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-24]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-24]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-05-27] (Dritek System INC.)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-18] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-05-27] (Dritek System Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-25 09:43 - 2014-02-25 09:43 - 00013307 _____ () C:\Users\Mara\Downloads\FRST.txt
2014-02-25 09:43 - 2014-02-25 09:43 - 00000000 ____D () C:\FRST
2014-02-25 09:42 - 2014-02-25 09:42 - 02156032 _____ (Farbar) C:\Users\Mara\Downloads\FRST64.exe
2014-02-25 09:12 - 2014-02-25 09:12 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-24 19:41 - 2014-02-24 19:41 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-24 19:40 - 2014-02-24 19:45 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 19:40 - 2014-02-24 19:40 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-24 19:39 - 2014-02-25 09:12 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-24 19:39 - 2014-02-24 19:39 - 00003874 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-24 19:31 - 2014-02-24 19:31 - 00512784 _____ (AVAST Software) C:\Users\Mara\Downloads\avastclear_9.0.2013.exe
2014-02-24 19:11 - 2014-02-25 09:12 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-24 19:10 - 2014-02-24 19:10 - 02800104 _____ (AVAST Software) C:\Users\Mara\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-02-24 19:09 - 2014-02-24 19:11 - 90578216 _____ (AVAST Software) C:\Users\Mara\Downloads\avast_free_antivirus_setup_9.0.2013.exe
2014-02-24 18:06 - 2014-02-24 18:07 - 02347384 _____ (ESET) C:\Users\Mara\Downloads\esetsmartinstaller_deu.exe
2014-02-24 17:05 - 2014-02-24 17:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-24 17:04 - 2014-02-24 17:04 - 02347384 _____ (ESET) C:\Users\Mara\Downloads\esetsmartinstaller_enu.exe
2014-02-23 15:33 - 2014-02-23 15:33 - 01241888 _____ () C:\Users\Mara\Downloads\adwcleaner_3.0.1.9 (1).exe
2014-02-23 14:15 - 2014-02-25 09:10 - 00000000 ____D () C:\AdwCleaner
2014-02-23 14:15 - 2014-02-23 14:15 - 01241888 _____ () C:\Users\Mara\Downloads\adwcleaner_3.0.1.9.exe
2014-02-23 14:08 - 2014-02-23 14:08 - 00000000 ____D () C:\Users\Mara\.android
2014-02-23 14:07 - 2014-02-23 14:10 - 00000000 ____D () C:\Users\Mara\AppData\Local\cache
2014-02-23 14:07 - 2014-02-23 14:07 - 00000000 _____ () C:\Users\Mara\daemonprocess.txt
2014-02-23 14:04 - 2014-02-23 14:10 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\awesomehp
2014-02-23 14:03 - 2014-02-24 18:59 - 00000000 ____D () C:\Program Files (x86)\Re-mark-it
2014-02-23 14:03 - 2014-02-23 14:03 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-23 13:57 - 2014-02-23 13:57 - 00056517 _____ () C:\Users\Mara\Downloads\DurchDenGöttingerWaldZumSeeburgerSee.kml
2014-02-16 10:28 - 2014-02-16 10:28 - 00001042 _____ () C:\Users\Mara\Desktop\Winmira 2001.lnk
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ___HD () C:\Program Files (x86)\InstallJammer Registry
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmira 2001
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ____D () C:\Program Files (x86)\Winmira 2001
2014-02-16 10:26 - 2014-02-16 10:26 - 05767335 _____ (Matthias von Davier) C:\Users\Mara\Downloads\winmira_2001.exe
2014-02-12 18:07 - 2014-02-25 09:12 - 00334646 _____ () C:\Windows\PFRO.log
2014-02-12 17:54 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 17:54 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 17:53 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 17:53 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 17:53 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 17:53 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-12 17:53 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 17:53 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 17:53 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 17:53 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 17:53 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 17:53 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 17:53 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-02-12 17:53 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 17:53 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 17:53 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-12 17:52 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 17:52 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 17:52 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 17:52 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 17:52 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 17:52 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 13:33 - 2014-02-11 13:33 - 00034697 _____ () C:\Users\Mara\Downloads\TS102829755.dotx
2014-02-09 20:49 - 2014-02-10 17:48 - 01818703 _____ () C:\Users\Mara\Desktop\stat_methoden_2.pptx
2014-02-09 20:48 - 2014-02-09 18:19 - 01957178 _____ () C:\Users\Mara\Desktop\stat_methoden.pptx
2014-02-09 20:27 - 2014-02-09 20:27 - 01382128 _____ () C:\Users\Mara\Downloads\Lokalisierung von Hirnfunktionen (Eine kurze Geschichte).pptx
2014-02-09 12:34 - 2014-02-09 12:34 - 00006314 _____ () C:\Users\Mara\Desktop\Microsoft Excel Worksheet (neu).xlsx
2014-02-03 17:50 - 2014-02-03 17:50 - 00024347 _____ () C:\Users\Mara\Downloads\JoyRätsel.xwd
2014-02-02 17:18 - 2014-02-02 17:29 - 14159810 _____ () C:\Users\Mara\Desktop\DSC_9571.AVI
2014-02-02 17:18 - 2014-02-02 17:22 - 21657288 _____ () C:\Users\Mara\Desktop\DSC_9563.AVI
2014-02-01 18:47 - 2014-01-31 16:21 - 137880446 _____ () C:\Users\Mara\Desktop\Lernen_JB2.pptx
2014-01-30 11:57 - 2014-01-30 11:57 - 00000000 ____D () C:\Users\Mara\Downloads\wpkey_v1.4.7d
2014-01-30 11:56 - 2014-01-30 11:56 - 00005593 _____ () C:\Users\Mara\Downloads\wpkey_v1.4.7d.zip
2014-01-29 12:01 - 2014-01-29 12:01 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-29 12:01 - 2014-01-29 12:01 - 00000000 ____D () C:\Windows\system32\NV
2014-01-29 11:42 - 2014-01-29 11:42 - 00000000 _____ () C:\Windows\setupact.log
2014-01-29 11:41 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-01-29 11:41 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-01-28 11:32 - 2014-01-28 11:32 - 05791174 _____ () C:\Users\Mara\Downloads\Bandit läuft Video.AVI

==================== One Month Modified Files and Folders =======

2014-02-25 09:43 - 2014-02-25 09:43 - 00013307 _____ () C:\Users\Mara\Downloads\FRST.txt
2014-02-25 09:43 - 2014-02-25 09:43 - 00000000 ____D () C:\FRST
2014-02-25 09:42 - 2014-02-25 09:42 - 02156032 _____ (Farbar) C:\Users\Mara\Downloads\FRST64.exe
2014-02-25 09:26 - 2013-08-15 16:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-25 09:18 - 2013-05-28 01:29 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-02-25 09:18 - 2013-05-28 01:29 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-02-25 09:18 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-25 09:12 - 2014-02-25 09:12 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-25 09:12 - 2014-02-24 19:39 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 09:12 - 2014-02-24 19:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-25 09:12 - 2014-02-12 18:07 - 00334646 _____ () C:\Windows\PFRO.log
2014-02-25 09:12 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-25 09:11 - 2013-05-27 15:54 - 01092307 _____ () C:\Windows\WindowsUpdate.log
2014-02-25 09:10 - 2014-02-23 14:15 - 00000000 ____D () C:\AdwCleaner
2014-02-25 09:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-24 19:46 - 2013-08-21 13:53 - 00005158 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Sonnenzimmer-PC-Mara Sonnenzimmer-PC
2014-02-24 19:45 - 2014-02-24 19:40 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 19:41 - 2014-02-24 19:41 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-24 19:41 - 2013-08-08 10:49 - 00000000 ____D () C:\Users\Mara\AppData\Local\Google
2014-02-24 19:40 - 2014-02-24 19:40 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-24 19:40 - 2013-08-08 10:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-24 19:39 - 2014-02-24 19:39 - 00003874 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-24 19:39 - 2013-08-08 10:49 - 00000000 ____D () C:\Users\Mara\AppData\Local\Deployment
2014-02-24 19:31 - 2014-02-24 19:31 - 00512784 _____ (AVAST Software) C:\Users\Mara\Downloads\avastclear_9.0.2013.exe
2014-02-24 19:11 - 2014-02-24 19:09 - 90578216 _____ (AVAST Software) C:\Users\Mara\Downloads\avast_free_antivirus_setup_9.0.2013.exe
2014-02-24 19:10 - 2014-02-24 19:10 - 02800104 _____ (AVAST Software) C:\Users\Mara\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-02-24 18:59 - 2014-02-23 14:03 - 00000000 ____D () C:\Program Files (x86)\Re-mark-it
2014-02-24 18:07 - 2014-02-24 18:06 - 02347384 _____ (ESET) C:\Users\Mara\Downloads\esetsmartinstaller_deu.exe
2014-02-24 17:05 - 2014-02-24 17:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-24 17:04 - 2014-02-24 17:04 - 02347384 _____ (ESET) C:\Users\Mara\Downloads\esetsmartinstaller_enu.exe
2014-02-23 15:33 - 2014-02-23 15:33 - 01241888 _____ () C:\Users\Mara\Downloads\adwcleaner_3.0.1.9 (1).exe
2014-02-23 15:25 - 2014-01-19 14:36 - 00000000 ____D () C:\ProgramData\Licenses
2014-02-23 15:25 - 2013-12-08 20:42 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\RStudio
2014-02-23 15:25 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-23 15:25 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-23 15:24 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-23 15:24 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-02-23 15:24 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\registration
2014-02-23 15:24 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-02-23 15:12 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-02-23 14:15 - 2014-02-23 14:15 - 01241888 _____ () C:\Users\Mara\Downloads\adwcleaner_3.0.1.9.exe
2014-02-23 14:11 - 2013-08-08 16:33 - 00000000 ___RD () C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-23 14:10 - 2014-02-23 14:07 - 00000000 ____D () C:\Users\Mara\AppData\Local\cache
2014-02-23 14:10 - 2014-02-23 14:04 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\awesomehp
2014-02-23 14:09 - 2013-08-08 16:32 - 00001442 _____ () C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-23 14:08 - 2014-02-23 14:08 - 00000000 ____D () C:\Users\Mara\.android
2014-02-23 14:08 - 2013-08-08 16:31 - 00000000 ____D () C:\Users\Mara
2014-02-23 14:07 - 2014-02-23 14:07 - 00000000 _____ () C:\Users\Mara\daemonprocess.txt
2014-02-23 14:03 - 2014-02-23 14:03 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-02-23 13:57 - 2014-02-23 13:57 - 00056517 _____ () C:\Users\Mara\Downloads\DurchDenGöttingerWaldZumSeeburgerSee.kml
2014-02-23 11:33 - 2013-08-08 16:31 - 00000000 ____D () C:\Users\Mara\AppData\Local\Packages
2014-02-22 20:59 - 2013-08-08 11:33 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\Spotify
2014-02-22 20:08 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-02-18 10:33 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-17 23:03 - 2013-03-27 09:39 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 23:03 - 2013-03-27 09:39 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 16:12 - 2013-08-13 16:51 - 00000000 ____D () C:\Users\Mara\Documents\Zukunft
2014-02-17 11:11 - 2013-08-08 10:42 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1991021413-518742360-3350079218-1002
2014-02-16 10:28 - 2014-02-16 10:28 - 00001042 _____ () C:\Users\Mara\Desktop\Winmira 2001.lnk
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ___HD () C:\Program Files (x86)\InstallJammer Registry
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmira 2001
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ____D () C:\Program Files (x86)\Winmira 2001
2014-02-16 10:26 - 2014-02-16 10:26 - 05767335 _____ (Matthias von Davier) C:\Users\Mara\Downloads\winmira_2001.exe
2014-02-13 17:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-02-12 17:58 - 2013-08-10 16:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:56 - 2013-08-09 11:20 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-11 13:33 - 2014-02-11 13:33 - 00034697 _____ () C:\Users\Mara\Downloads\TS102829755.dotx
2014-02-10 21:11 - 2013-11-16 20:46 - 00000000 ____D () C:\Users\Mara\AppData\Local\Microsoft Help
2014-02-10 17:48 - 2014-02-09 20:49 - 01818703 _____ () C:\Users\Mara\Desktop\stat_methoden_2.pptx
2014-02-09 20:27 - 2014-02-09 20:27 - 01382128 _____ () C:\Users\Mara\Downloads\Lokalisierung von Hirnfunktionen (Eine kurze Geschichte).pptx
2014-02-09 18:19 - 2014-02-09 20:48 - 01957178 _____ () C:\Users\Mara\Desktop\stat_methoden.pptx
2014-02-09 12:34 - 2014-02-09 12:34 - 00006314 _____ () C:\Users\Mara\Desktop\Microsoft Excel Worksheet (neu).xlsx
2014-02-06 13:19 - 2013-08-08 11:33 - 00000000 ____D () C:\Users\Mara\AppData\Local\Spotify
2014-02-03 17:50 - 2014-02-03 17:50 - 00024347 _____ () C:\Users\Mara\Downloads\JoyRätsel.xwd
2014-02-03 17:28 - 2013-12-28 17:54 - 00000000 ____D () C:\Users\Mara\AppData\Local\CrashDumps
2014-02-02 17:29 - 2014-02-02 17:18 - 14159810 _____ () C:\Users\Mara\Desktop\DSC_9571.AVI
2014-02-02 17:22 - 2014-02-02 17:18 - 21657288 _____ () C:\Users\Mara\Desktop\DSC_9563.AVI
2014-02-01 17:33 - 2013-08-08 12:21 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-02-01 10:20 - 2014-02-12 17:53 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-12 17:53 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-12 17:53 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-12 17:53 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-12 17:53 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-12 17:53 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-12 17:53 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-12 17:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-12 17:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-12 17:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-12 17:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-01-31 16:21 - 2014-02-01 18:47 - 137880446 _____ () C:\Users\Mara\Desktop\Lernen_JB2.pptx
2014-01-30 11:57 - 2014-01-30 11:57 - 00000000 ____D () C:\Users\Mara\Downloads\wpkey_v1.4.7d
2014-01-30 11:56 - 2014-01-30 11:56 - 00005593 _____ () C:\Users\Mara\Downloads\wpkey_v1.4.7d.zip
2014-01-29 12:01 - 2014-01-29 12:01 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-29 12:01 - 2014-01-29 12:01 - 00000000 ____D () C:\Windows\system32\NV
2014-01-29 12:01 - 2013-05-27 15:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-01-29 11:42 - 2014-01-29 11:42 - 00000000 _____ () C:\Windows\setupact.log
2014-01-28 18:04 - 2013-09-29 12:53 - 00000000 ____D () C:\Users\Mara\Documents\Göttingen
2014-01-28 11:32 - 2014-01-28 11:32 - 05791174 _____ () C:\Users\Mara\Downloads\Bandit läuft Video.AVI
2014-01-27 14:44 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\Mara\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mara\AppData\Local\Temp\Quarantine.exe
C:\Users\Mara\AppData\Local\Temp\SETUP.EXE
C:\Users\Mara\AppData\Local\Temp\_ISDEL.EXE
C:\Users\Mara\AppData\Local\Temp\_SETUP.DLL


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-16 11:14

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 26.02.2014, 10:14

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
2014-02-25 09:12 - 2014-02-25 09:12 - 00000000 ____D () C:\ProgramData\boost_interprocess

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

buzzaldrin · 26.02.2014, 17:36

Hallo schrauber,

danke für deine schnelle Antwort und deine Mühe, anbei sind die geforderten Logs:

Fixlog.txt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-02-2014
Ran by Mara at 2014-02-26 14:45:26 Run:1
Running from C:\Users\Mara\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
2014-02-25 09:12 - 2014-02-25 09:12 - 00000000 ____D () C:\ProgramData\boost_interprocess
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.

"C:\ProgramData\boost_interprocess" directory move:

C:\ProgramData\boost_interprocess\Nobu64AgentService => Moved successfully.
C:\ProgramData\boost_interprocess\Nobu64TrayIcon => Moved successfully.
"C:\ProgramData\boost_interprocess" => Directory moved successfully.



The system needs a manual reboot. 

==== End of Fixlog ====

JRT LOG

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Mara on 26.02.2014 at 14:48:18,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Mara\appdata\local\software"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.02.2014 at 14:51:50,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Log

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5eb27facac52fe49b226734485422fe5
# engine=17238
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-26 04:31:47
# local_time=2014-02-26 05:31:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode=1044 16777213 100 88 22093 80566291 0 0
# compatibility_mode=5893 16776574 100 94 16776332 38600695 0 0
# scanned=185802
# found=0
# cleaned=0
# scan_time=4025

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-02-2014 01
Ran by Mara (administrator) on SONNENZIMMER-PC on 26-02-2014 16:12:31
Running from C:\Users\Mara\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Telefónica) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [RadioController] - C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-05-27] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TrojanScanner] - C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1658640 2013-11-11] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\Run: [Spotify Web Helper] - C:\Users\Mara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-06] (Spotify Ltd)
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {64c73376-003f-11e3-be74-001e101f131a} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {a8377cba-0a92-11e3-be7d-001e101f6087} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {ebc856d4-003e-11e3-be72-bc855697de2b} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {ebc8571e-003e-11e3-be72-bc855697de2b} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1991021413-518742360-3350079218-1002\...\MountPoints2: {fdb479b7-64a8-11e3-be90-001e101fa795} - "E:\AutoRun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {07D07743-3998-494C-A8D4-281150D212D4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - {07D07743-3998-494C-A8D4-281150D212D4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {07D07743-3998-494C-A8D4-281150D212D4} URL = 
SearchScopes: HKCU - {07D07743-3998-494C-A8D4-281150D212D4} URL = 
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-24]
CHR Extension: (Google Drive) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-24]
CHR Extension: (YouTube) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-24]
CHR Extension: (Google-Suche) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-24]
CHR Extension: (Google Wallet) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-24]
CHR Extension: (Google Mail) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-24]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-24]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-05-27] (Dritek System INC.)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-18] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-05-27] (Dritek System Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-26 16:11 - 2014-02-26 16:11 - 00000000 ____D () C:\Users\Mara\Desktop\FRST-OlderVersion
2014-02-26 16:10 - 2014-02-26 16:10 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-26 16:07 - 2014-02-26 16:07 - 00987425 _____ () C:\Users\Mara\Desktop\SecurityCheck.exe
2014-02-26 14:51 - 2014-02-26 14:51 - 00000684 _____ () C:\Users\Mara\Desktop\JRT.txt
2014-02-26 14:48 - 2014-02-26 14:48 - 00000000 ____D () C:\Windows\ERUNT
2014-02-26 14:47 - 2014-02-26 14:47 - 01037734 _____ (Thisisu) C:\Users\Mara\Downloads\JRT.exe
2014-02-26 14:44 - 2014-02-26 14:44 - 00000000 ____D () C:\Users\Mara\Downloads\FRST-OlderVersion
2014-02-25 09:44 - 2014-02-25 09:44 - 00031375 _____ () C:\Users\Mara\Desktop\Addition.txt
2014-02-25 09:43 - 2014-02-26 16:12 - 00012858 _____ () C:\Users\Mara\Desktop\FRST.txt
2014-02-25 09:43 - 2014-02-26 16:12 - 00000000 ____D () C:\FRST
2014-02-25 09:42 - 2014-02-26 16:11 - 02155008 _____ (Farbar) C:\Users\Mara\Desktop\FRST64.exe
2014-02-24 19:41 - 2014-02-24 19:41 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-24 19:40 - 2014-02-26 15:45 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 19:40 - 2014-02-24 19:40 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-24 19:39 - 2014-02-26 16:11 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-24 19:39 - 2014-02-24 19:39 - 00003874 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-24 19:31 - 2014-02-24 19:31 - 00512784 _____ (AVAST Software) C:\Users\Mara\Downloads\avastclear_9.0.2013.exe
2014-02-24 19:11 - 2014-02-25 09:12 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-24 19:10 - 2014-02-24 19:10 - 02800104 _____ (AVAST Software) C:\Users\Mara\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-02-24 19:09 - 2014-02-24 19:11 - 90578216 _____ (AVAST Software) C:\Users\Mara\Downloads\avast_free_antivirus_setup_9.0.2013.exe
2014-02-24 18:06 - 2014-02-24 18:07 - 02347384 _____ (ESET) C:\Users\Mara\Downloads\esetsmartinstaller_deu.exe
2014-02-24 17:04 - 2014-02-24 17:04 - 02347384 _____ (ESET) C:\Users\Mara\Downloads\esetsmartinstaller_enu.exe
2014-02-23 15:33 - 2014-02-23 15:33 - 01241888 _____ () C:\Users\Mara\Downloads\adwcleaner_3.0.1.9 (1).exe
2014-02-23 14:15 - 2014-02-25 09:10 - 00000000 ____D () C:\AdwCleaner
2014-02-23 14:15 - 2014-02-23 14:15 - 01241888 _____ () C:\Users\Mara\Downloads\adwcleaner_3.0.1.9.exe
2014-02-23 14:08 - 2014-02-23 14:08 - 00000000 ____D () C:\Users\Mara\.android
2014-02-23 14:07 - 2014-02-23 14:10 - 00000000 ____D () C:\Users\Mara\AppData\Local\cache
2014-02-23 14:07 - 2014-02-23 14:07 - 00000000 _____ () C:\Users\Mara\daemonprocess.txt
2014-02-23 14:04 - 2014-02-23 14:10 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\awesomehp
2014-02-23 14:03 - 2014-02-26 16:10 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-02-23 14:03 - 2014-02-24 18:59 - 00000000 ____D () C:\Program Files (x86)\Re-mark-it
2014-02-23 13:57 - 2014-02-23 13:57 - 00056517 _____ () C:\Users\Mara\Downloads\DurchDenGöttingerWaldZumSeeburgerSee.kml
2014-02-16 10:28 - 2014-02-16 10:28 - 00001042 _____ () C:\Users\Mara\Desktop\Winmira 2001.lnk
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ___HD () C:\Program Files (x86)\InstallJammer Registry
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmira 2001
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ____D () C:\Program Files (x86)\Winmira 2001
2014-02-16 10:26 - 2014-02-16 10:26 - 05767335 _____ (Matthias von Davier) C:\Users\Mara\Downloads\winmira_2001.exe
2014-02-12 18:07 - 2014-02-25 09:12 - 00334646 _____ () C:\Windows\PFRO.log
2014-02-12 17:54 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 17:54 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 17:53 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 17:53 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 17:53 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 17:53 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-12 17:53 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 17:53 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 17:53 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 17:53 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 17:53 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 17:53 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 17:53 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 17:53 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 17:53 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-02-12 17:53 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 17:53 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 17:53 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-12 17:52 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 17:52 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 17:52 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 17:52 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 17:52 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 17:52 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 13:33 - 2014-02-11 13:33 - 00034697 _____ () C:\Users\Mara\Downloads\TS102829755.dotx
2014-02-09 20:49 - 2014-02-10 17:48 - 01818703 _____ () C:\Users\Mara\Desktop\stat_methoden_2.pptx
2014-02-09 20:48 - 2014-02-09 18:19 - 01957178 _____ () C:\Users\Mara\Desktop\stat_methoden.pptx
2014-02-09 20:27 - 2014-02-09 20:27 - 01382128 _____ () C:\Users\Mara\Downloads\Lokalisierung von Hirnfunktionen (Eine kurze Geschichte).pptx
2014-02-09 12:34 - 2014-02-09 12:34 - 00006314 _____ () C:\Users\Mara\Desktop\Microsoft Excel Worksheet (neu).xlsx
2014-02-03 17:50 - 2014-02-03 17:50 - 00024347 _____ () C:\Users\Mara\Downloads\JoyRätsel.xwd
2014-02-02 17:18 - 2014-02-02 17:29 - 14159810 _____ () C:\Users\Mara\Desktop\DSC_9571.AVI
2014-02-02 17:18 - 2014-02-02 17:22 - 21657288 _____ () C:\Users\Mara\Desktop\DSC_9563.AVI
2014-02-01 18:47 - 2014-01-31 16:21 - 137880446 _____ () C:\Users\Mara\Desktop\Lernen_JB2.pptx
2014-01-30 11:57 - 2014-01-30 11:57 - 00000000 ____D () C:\Users\Mara\Downloads\wpkey_v1.4.7d
2014-01-30 11:56 - 2014-01-30 11:56 - 00005593 _____ () C:\Users\Mara\Downloads\wpkey_v1.4.7d.zip
2014-01-29 12:01 - 2014-01-29 12:01 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-29 12:01 - 2014-01-29 12:01 - 00000000 ____D () C:\Windows\system32\NV
2014-01-29 11:42 - 2014-01-29 11:42 - 00000000 _____ () C:\Windows\setupact.log
2014-01-29 11:41 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-01-29 11:41 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-01-28 11:32 - 2014-01-28 11:32 - 05791174 _____ () C:\Users\Mara\Downloads\Bandit läuft Video.AVI

==================== One Month Modified Files and Folders =======

2014-02-26 16:12 - 2014-02-25 09:43 - 00012858 _____ () C:\Users\Mara\Desktop\FRST.txt
2014-02-26 16:12 - 2014-02-25 09:43 - 00000000 ____D () C:\FRST
2014-02-26 16:12 - 2013-08-21 13:53 - 00005160 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Sonnenzimmer-PC-Mara Sonnenzimmer-PC
2014-02-26 16:11 - 2014-02-26 16:11 - 00000000 ____D () C:\Users\Mara\Desktop\FRST-OlderVersion
2014-02-26 16:11 - 2014-02-25 09:42 - 02155008 _____ (Farbar) C:\Users\Mara\Desktop\FRST64.exe
2014-02-26 16:11 - 2014-02-24 19:39 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-26 16:10 - 2014-02-26 16:10 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-26 16:10 - 2014-02-23 14:03 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-02-26 16:10 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 16:07 - 2014-02-26 16:07 - 00987425 _____ () C:\Users\Mara\Desktop\SecurityCheck.exe
2014-02-26 16:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-26 15:45 - 2014-02-24 19:40 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-26 15:28 - 2013-08-15 16:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-26 14:51 - 2014-02-26 14:51 - 00000684 _____ () C:\Users\Mara\Desktop\JRT.txt
2014-02-26 14:48 - 2014-02-26 14:48 - 00000000 ____D () C:\Windows\ERUNT
2014-02-26 14:47 - 2014-02-26 14:47 - 01037734 _____ (Thisisu) C:\Users\Mara\Downloads\JRT.exe
2014-02-26 14:45 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-26 14:44 - 2014-02-26 14:44 - 00000000 ____D () C:\Users\Mara\Downloads\FRST-OlderVersion
2014-02-26 12:41 - 2013-05-27 15:54 - 01168276 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 10:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-25 09:44 - 2014-02-25 09:44 - 00031375 _____ () C:\Users\Mara\Desktop\Addition.txt
2014-02-25 09:18 - 2013-05-28 01:29 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-02-25 09:18 - 2013-05-28 01:29 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-02-25 09:18 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-25 09:12 - 2014-02-24 19:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-25 09:12 - 2014-02-12 18:07 - 00334646 _____ () C:\Windows\PFRO.log
2014-02-25 09:10 - 2014-02-23 14:15 - 00000000 ____D () C:\AdwCleaner
2014-02-24 19:41 - 2014-02-24 19:41 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-24 19:41 - 2013-08-08 10:49 - 00000000 ____D () C:\Users\Mara\AppData\Local\Google
2014-02-24 19:40 - 2014-02-24 19:40 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-24 19:40 - 2013-08-08 10:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-24 19:39 - 2014-02-24 19:39 - 00003874 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-24 19:39 - 2013-08-08 10:49 - 00000000 ____D () C:\Users\Mara\AppData\Local\Deployment
2014-02-24 19:31 - 2014-02-24 19:31 - 00512784 _____ (AVAST Software) C:\Users\Mara\Downloads\avastclear_9.0.2013.exe
2014-02-24 19:11 - 2014-02-24 19:09 - 90578216 _____ (AVAST Software) C:\Users\Mara\Downloads\avast_free_antivirus_setup_9.0.2013.exe
2014-02-24 19:10 - 2014-02-24 19:10 - 02800104 _____ (AVAST Software) C:\Users\Mara\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-02-24 18:59 - 2014-02-23 14:03 - 00000000 ____D () C:\Program Files (x86)\Re-mark-it
2014-02-24 18:07 - 2014-02-24 18:06 - 02347384 _____ (ESET) C:\Users\Mara\Downloads\esetsmartinstaller_deu.exe
2014-02-24 17:04 - 2014-02-24 17:04 - 02347384 _____ (ESET) C:\Users\Mara\Downloads\esetsmartinstaller_enu.exe
2014-02-23 15:33 - 2014-02-23 15:33 - 01241888 _____ () C:\Users\Mara\Downloads\adwcleaner_3.0.1.9 (1).exe
2014-02-23 15:25 - 2014-01-19 14:36 - 00000000 ____D () C:\ProgramData\Licenses
2014-02-23 15:25 - 2013-12-08 20:42 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\RStudio
2014-02-23 15:25 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-23 15:24 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-23 15:24 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-02-23 15:24 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\registration
2014-02-23 15:24 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-02-23 15:12 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-02-23 14:15 - 2014-02-23 14:15 - 01241888 _____ () C:\Users\Mara\Downloads\adwcleaner_3.0.1.9.exe
2014-02-23 14:11 - 2013-08-08 16:33 - 00000000 ___RD () C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-23 14:10 - 2014-02-23 14:07 - 00000000 ____D () C:\Users\Mara\AppData\Local\cache
2014-02-23 14:10 - 2014-02-23 14:04 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\awesomehp
2014-02-23 14:09 - 2013-08-08 16:32 - 00001442 _____ () C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-23 14:08 - 2014-02-23 14:08 - 00000000 ____D () C:\Users\Mara\.android
2014-02-23 14:08 - 2013-08-08 16:31 - 00000000 ____D () C:\Users\Mara
2014-02-23 14:07 - 2014-02-23 14:07 - 00000000 _____ () C:\Users\Mara\daemonprocess.txt
2014-02-23 13:57 - 2014-02-23 13:57 - 00056517 _____ () C:\Users\Mara\Downloads\DurchDenGöttingerWaldZumSeeburgerSee.kml
2014-02-23 11:33 - 2013-08-08 16:31 - 00000000 ____D () C:\Users\Mara\AppData\Local\Packages
2014-02-22 20:59 - 2013-08-08 11:33 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\Spotify
2014-02-22 20:08 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-02-17 23:03 - 2013-03-27 09:39 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 23:03 - 2013-03-27 09:39 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 16:12 - 2013-08-13 16:51 - 00000000 ____D () C:\Users\Mara\Documents\Zukunft
2014-02-17 11:11 - 2013-08-08 10:42 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1991021413-518742360-3350079218-1002
2014-02-16 10:28 - 2014-02-16 10:28 - 00001042 _____ () C:\Users\Mara\Desktop\Winmira 2001.lnk
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ___HD () C:\Program Files (x86)\InstallJammer Registry
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ____D () C:\Users\Mara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmira 2001
2014-02-16 10:28 - 2014-02-16 10:28 - 00000000 ____D () C:\Program Files (x86)\Winmira 2001
2014-02-16 10:26 - 2014-02-16 10:26 - 05767335 _____ (Matthias von Davier) C:\Users\Mara\Downloads\winmira_2001.exe
2014-02-13 17:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-02-12 17:58 - 2013-08-10 16:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:56 - 2013-08-09 11:20 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-11 13:33 - 2014-02-11 13:33 - 00034697 _____ () C:\Users\Mara\Downloads\TS102829755.dotx
2014-02-10 21:11 - 2013-11-16 20:46 - 00000000 ____D () C:\Users\Mara\AppData\Local\Microsoft Help
2014-02-10 17:48 - 2014-02-09 20:49 - 01818703 _____ () C:\Users\Mara\Desktop\stat_methoden_2.pptx
2014-02-09 20:27 - 2014-02-09 20:27 - 01382128 _____ () C:\Users\Mara\Downloads\Lokalisierung von Hirnfunktionen (Eine kurze Geschichte).pptx
2014-02-09 18:19 - 2014-02-09 20:48 - 01957178 _____ () C:\Users\Mara\Desktop\stat_methoden.pptx
2014-02-09 12:34 - 2014-02-09 12:34 - 00006314 _____ () C:\Users\Mara\Desktop\Microsoft Excel Worksheet (neu).xlsx
2014-02-06 13:19 - 2013-08-08 11:33 - 00000000 ____D () C:\Users\Mara\AppData\Local\Spotify
2014-02-03 17:50 - 2014-02-03 17:50 - 00024347 _____ () C:\Users\Mara\Downloads\JoyRätsel.xwd
2014-02-03 17:28 - 2013-12-28 17:54 - 00000000 ____D () C:\Users\Mara\AppData\Local\CrashDumps
2014-02-02 17:29 - 2014-02-02 17:18 - 14159810 _____ () C:\Users\Mara\Desktop\DSC_9571.AVI
2014-02-02 17:22 - 2014-02-02 17:18 - 21657288 _____ () C:\Users\Mara\Desktop\DSC_9563.AVI
2014-02-01 17:33 - 2013-08-08 12:21 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-02-01 10:20 - 2014-02-12 17:53 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-12 17:53 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-12 17:53 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-12 17:53 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-12 17:53 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-12 17:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-12 17:53 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-12 17:53 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-12 17:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-12 17:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-12 17:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-12 17:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-12 17:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-01-31 16:21 - 2014-02-01 18:47 - 137880446 _____ () C:\Users\Mara\Desktop\Lernen_JB2.pptx
2014-01-30 11:57 - 2014-01-30 11:57 - 00000000 ____D () C:\Users\Mara\Downloads\wpkey_v1.4.7d
2014-01-30 11:56 - 2014-01-30 11:56 - 00005593 _____ () C:\Users\Mara\Downloads\wpkey_v1.4.7d.zip
2014-01-29 12:01 - 2014-01-29 12:01 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-29 12:01 - 2014-01-29 12:01 - 00000000 ____D () C:\Windows\system32\NV
2014-01-29 12:01 - 2013-05-27 15:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-01-29 11:42 - 2014-01-29 11:42 - 00000000 _____ () C:\Windows\setupact.log
2014-01-28 18:04 - 2013-09-29 12:53 - 00000000 ____D () C:\Users\Mara\Documents\Göttingen
2014-01-28 11:32 - 2014-01-28 11:32 - 05791174 _____ () C:\Users\Mara\Downloads\Bandit läuft Video.AVI
2014-01-27 14:44 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\Mara\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mara\AppData\Local\Temp\Quarantine.exe
C:\Users\Mara\AppData\Local\Temp\SETUP.EXE
C:\Users\Mara\AppData\Local\Temp\_ISDEL.EXE
C:\Users\Mara\AppData\Local\Temp\_SETUP.DLL


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-26 13:30

==================== End Of Log ============================

--- --- ---

--- --- ---

Security Check

Code:

ATTFilter

 UNSUPPORTED OPERATING SYSTEM! ABORTED!

Was bedeutet das alles? Ist mein System nun wieder sauber? :-)

Ich habe gerade noch einmal adwcleaner drüber laufen lassen und der findet diesen ominösen Ordner immer noch.

schrauber · 27.02.2014, 14:02

Falls noch nicht vorhanden, lade Dir OTM von OldTimer herunter.

Speichere die Datei auf deinem Desktop.
Sollte Dein Anti-Virus-Programm "Alarm" schlagen, bitte ignorieren und/oder OTM auf die Liste der Ausnahmen setzen.
Starte bitte die OTM.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere den Inhalt der folgenden Codebox komplett in die Box.
Code:
ATTFilter
```
:files
C:\ProgramData\boost_interprocess
         
```
Klicke nun auf .
Bitte alles aus dem Ergebnisfenster ( ) herauskopieren
oder
den Inhalt der Datei C:\_OTM\MovedFiles\<datum_nr.>.log kopieren
und das Ergebnis in Deine nächste Antwort posten.
Schließe OTM

Sollte eine Datei oder ein Ordner nicht verschoben werden können, wirst Du eventuell aufgefordert, den PC neuzustarten damit der Prozess abgeschlossen werden kann. Sollte dies der Fall sein, bestätige das mit Ja..

C:\ProgramData\boost_interprocess taucht immer wieder auf

Plagegeister aller Art und deren Bekämpfung: C:\ProgramData\boost_interprocess taucht immer wieder auf