Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Malwarebytes findet Befall von Koobface und OpenCandy-AWL kann Dateien nicht löschen (https://www.trojaner-board.de/152422-malwarebytes-findet-befall-koobface-opencandy-awl-dateien-loeschen.html)

primiprimi 13.04.2014 10:40
Malwarebytes findet Befall von Koobface und OpenCandy-AWL kann Dateien nicht löschen
 
Hallo,
ich hab dooferweise heute morgen ne Mail von einer Freundin bekommen, die mir nicht verdächtig war, da sie diese auch an andere Freundinnen geschickt hatte .. in der Mail war ein Link.. ich war noch verschlafen und hab draufgeklickt (in Outlook) :-(
Da kam dann im Firefox eine Seite, mit der Warnung, dass man eine Straftat begangen hat und Geld an die Polizei überweisen muss (was ich natürlich nicht mache).

Habe dann Malwarebytes Anti-Malware runtergeladen, dieses Programm hat worm.koobface und PuP.Optional.OpenCandy gefunden.
Habe die Dateien mit Malwarebyte in Quarantäne gesteckt, anschließend Neustart, wieder Prüfung mit Malwarebyte (diesmal keine Dateien mehr gefunden), dann Systemscan mit Avira (keine Viren gefunden).

Als Absicherung wollte ich jetzt nochmal einen Check mit ADWcleaner durchführen.. dort werden einige Dateien gefunden, die ich mit ADWcleaner einfach nicht löschen kann.. hab schon dreimal auf Löschen gedrückt, ADW hat dann auch den PC neugestartet, aber nach jedem Neustart und Neuscan mit ADW sind die Registry- und Firefoxergebnisse immer noch da. Was soll ich jetzt tun, damit mein PC wieder sicher ist? Bin ratlos:heulen:

P.S.: Bei Malwarebyte sind die gefundenen Dateien in Quarantäne - die sollte man lieber löschen, oder?

Hier die Logs: - Danke und viele Grüße!





Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 13.04.2014
Scan Time: 09:31:40
Logfile: malwarebyte12-57.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.13.02
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: annika

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276450
Time Elapsed: 18 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Worm.KoobFace, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PDRV, Quarantined, [b12552d74f2cf44234e5b5599b688080],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.OpenCandy, C:\Users\annika\AppData\Roaming\OpenCandy, Quarantined, [f6e07cad5e1ddc5a2e0d510903ffe31d],
PUP.Optional.OpenCandy, C:\Users\annika\AppData\Roaming\OpenCandy\AFCDCCBD425A401998370F12FEB299C4, Quarantined, [f6e07cad5e1ddc5a2e0d510903ffe31d],

Files: 2
Worm.KoobFace, C:\Windows\SysWOW64\drivers\PDRV.sys, Quarantined, [b323ac7d0774152109fa8a3949b920e0],
PUP.Optional.OpenCandy, C:\Users\annika\AppData\Roaming\OpenCandy\AFCDCCBD425A401998370F12FEB299C4\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe, Quarantined, [f6e07cad5e1ddc5a2e0d510903ffe31d],

Physical Sectors: 0
(No malicious items detected)


(end)

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 13.04.2014
Scan Time: 10:28:10
Logfile: malwarebyte 10-18.txt
Administrator: No

Version: 2.00.1.1004
Malware Database: v2014.04.13.02
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: annika

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 195730
Time Elapsed: 9 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Code:
Exportierte Ereignisse (Avira):

13.04.2014 10:17 [System-Scanner] Suche
      Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
      Anzahl Dateien:        250637
      Anzahl Verzeichnisse:        26413
      Anzahl Malware:        0
      Anzahl Warnungen:        0
Code:
# AdwCleaner v3.023 - Bericht erstellt am 13/04/2014 um 10:31:04
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : annika - ANNIKA-PC
# Gestartet von : C:\Users\annika\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner3023.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden C:\Users\annika\AppData\Local\Temp\OCS

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\5j446y5x.default\prefs.js ]


[ Datei : C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\qmlq7x7u.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1094 octets] - [13/04/2014 10:31:04]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [1154 octets] ##########
Code:
# AdwCleaner v3.023 - Bericht erstellt am 13/04/2014 um 10:42:24
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : annika - ANNIKA-PC
# Gestartet von : C:\Users\annika\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner3023.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\annika\AppData\Local\Temp\OCS

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\5j446y5x.default\prefs.js ]


[ Datei : C:\Users\prima\AppData\Roaming\Mozilla\Firefox\Profiles\qmlq7x7u.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1236 octets] - [13/04/2014 10:31:04]
AdwCleaner[R1].txt - [1296 octets] - [13/04/2014 10:40:44]
AdwCleaner[S0].txt - [1175 octets] - [13/04/2014 10:42:24]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1235 octets] ##########

Code:
# AdwCleaner v3.023 - Bericht erstellt am 13/04/2014 um 10:40:44
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : annika - ANNIKA-PC
# Gestartet von : C:\Users\annika\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner3023.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden C:\Users\annika\AppData\Local\Temp\OCS

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\5j446y5x.default\prefs.js ]


[ Datei : C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\qmlq7x7u.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1236 octets] - [13/04/2014 10:31:04]
AdwCleaner[R1].txt - [1154 octets] - [13/04/2014 10:40:44]

########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [1214 octets] ##########
Code:
# AdwCleaner v3.023 - Bericht erstellt am 13/04/2014 um 10:47:58
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : annika - ANNIKA-PC
# Gestartet von : C:\Users\annika\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner3023.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\annika\AppData\Local\Temp\OCS

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\5j446y5x.default\prefs.js ]


[ Datei : C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\qmlq7x7u.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1236 octets] - [13/04/2014 10:31:04]
AdwCleaner[R1].txt - [1296 octets] - [13/04/2014 10:40:44]
AdwCleaner[R2].txt - [1323 octets] - [13/04/2014 10:46:19]
AdwCleaner[S0].txt - [1313 octets] - [13/04/2014 10:42:24]
AdwCleaner[S1].txt - [1202 octets] - [13/04/2014 10:47:58]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [1262 octets] ##########

Code:
# AdwCleaner v3.023 - Bericht erstellt am 13/04/2014 um 10:46:19
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : annika - ANNIKA-PC
# Gestartet von : C:\Users\annika\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner3023.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden C:\Users\annika\AppData\Local\Temp\OCS

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\5j446y5x.default\prefs.js ]


[ Datei : C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\qmlq7x7u.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1236 octets] - [13/04/2014 10:31:04]
AdwCleaner[R1].txt - [1296 octets] - [13/04/2014 10:40:44]
AdwCleaner[R2].txt - [1121 octets] - [13/04/2014 10:46:19]
AdwCleaner[S0].txt - [1313 octets] - [13/04/2014 10:42:24]

########## EOF - \AdwCleaner\AdwCleaner[R2].txt - [1241 octets] ##########
Code:
# AdwCleaner v3.023 - Bericht erstellt am 13/04/2014 um 10:51:32
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : annika - ANNIKA-PC
# Gestartet von : C:\Users\annika\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner3023.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden C:\Users\annika\AppData\Local\Temp\OCS

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\5j446y5x.default\prefs.js ]


[ Datei : C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\qmlq7x7u.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1236 octets] - [13/04/2014 10:31:04]
AdwCleaner[R1].txt - [1296 octets] - [13/04/2014 10:40:44]
AdwCleaner[R2].txt - [1323 octets] - [13/04/2014 10:46:19]
AdwCleaner[R3].txt - [1181 octets] - [13/04/2014 10:51:32]
AdwCleaner[S0].txt - [1313 octets] - [13/04/2014 10:42:24]
AdwCleaner[S1].txt - [1340 octets] - [13/04/2014 10:47:58]

########## EOF - \AdwCleaner\AdwCleaner[R3].txt - [1361 octets] ##########

deeprybka 13.04.2014 10:55
Kannst auch in der Quarantäne lassen. Schauen wir mal genauer nach.

:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean :daumenhoc bist.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier...

Ich bedanke mich für Deine Geduld! :)



Schritt 1 (Scan mit FRST)
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

primiprimi 13.04.2014 11:04
Hallo Jürgen,
ich danke die für deine Hilfe!!!

Hier die Logs:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01
Ran by prima (ATTENTION: The logged in user is not administrator) on ANNIKA-PC on 13-04-2014 12:00:35
Running from C:\Users\prima\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\prima\AppData\Roaming\Mozilla\Firefox\Profiles\qmlq7x7u.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon Price Tracker - Keepa.com - C:\Users\prima\AppData\Roaming\Mozilla\Firefox\Profiles\qmlq7x7u.default\Extensions\amptra@keepa.com.xpi [2014-03-09]
FF Extension: Adblock Plus - C:\Users\prima\AppData\Roaming\Mozilla\Firefox\Profiles\qmlq7x7u.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-25]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
U0 DLPortIO;
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-13 12:00 - 2014-04-13 12:00 - 00007198 _____ () C:\Users\prima\Downloads\FRST.txt
2014-04-13 12:00 - 2014-04-13 12:00 - 00000000 ____D () C:\FRST
2014-04-13 11:59 - 2014-04-13 11:59 - 02157568 _____ (Farbar) C:\Users\prima\Downloads\FRST64.exe
2014-04-13 11:58 - 2014-04-13 11:58 - 00016072 _____ () C:\Users\prima\Desktop\8uAp5SJg.htm
2014-04-13 11:27 - 2014-04-13 11:04 - 00001443 _____ () C:\Users\prima\Desktop\AdwCleaner[R3].txt
2014-04-13 11:27 - 2014-04-13 10:48 - 00001340 _____ () C:\Users\prima\Desktop\AdwCleaner[S1].txt
2014-04-13 11:27 - 2014-04-13 10:47 - 00001323 _____ () C:\Users\prima\Desktop\AdwCleaner[R2].txt
2014-04-13 11:27 - 2014-04-13 10:42 - 00001313 _____ () C:\Users\prima\Desktop\AdwCleaner[S0].txt
2014-04-13 11:27 - 2014-04-13 10:41 - 00001296 _____ () C:\Users\prima\Desktop\AdwCleaner[R1].txt
2014-04-13 11:27 - 2014-04-13 10:32 - 00001236 _____ () C:\Users\prima\Desktop\AdwCleaner[R0].txt
2014-04-13 11:26 - 2014-04-13 11:26 - 00000520 _____ () C:\Users\prima\Desktop\Ereignisse avira.txt
2014-04-13 11:24 - 2014-04-13 11:24 - 00001059 _____ () C:\Users\prima\Desktop\malwarebyte 10-18.txt
2014-04-13 11:23 - 2014-04-13 11:23 - 00001645 _____ () C:\Users\prima\Desktop\malwarebyte 09-12.txt
2014-04-13 10:50 - 2014-04-13 10:29 - 00613200 _____ (Chip Digital GmbH) C:\Users\prima\Desktop\AdwCleaner - CHIP-Downloader.exe
2014-04-13 10:30 - 2014-04-13 10:52 - 00000000 ____D () C:\AdwCleaner
2014-04-13 10:29 - 2014-04-13 10:29 - 00613200 _____ (Chip Digital GmbH) C:\Users\prima\Downloads\AdwCleaner - CHIP-Downloader.exe
2014-04-13 09:12 - 2014-04-13 09:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 09:12 - 2014-04-13 09:12 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 09:12 - 2014-04-13 09:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-13 09:12 - 2014-04-13 09:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 09:12 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-13 09:12 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-13 09:12 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-13 09:10 - 2014-04-13 09:10 - 00613200 _____ (Chip Digital GmbH) C:\Users\prima\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-04-10 01:24 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 01:24 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 01:24 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 01:24 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 01:23 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 01:23 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 01:23 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 01:23 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 01:23 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 01:22 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 01:22 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 01:22 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 01:22 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 01:22 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 01:22 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 01:22 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 01:22 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 01:22 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 01:22 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 01:22 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 01:22 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-30 21:08 - 2014-03-30 21:08 - 00000000 _____ () C:\Users\prima\Sti_Trace.log
2014-03-29 22:54 - 2014-03-29 22:57 - 00345581 _____ () C:\Users\prima\Desktop\gutschein mg.pptx
2014-03-29 21:42 - 2014-03-29 21:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 21:29 - 2014-03-29 21:29 - 00000000 ___RD () C:\Users\prima\AppData\Roaming\Brother
2014-03-27 15:17 - 2014-03-27 15:17 - 00000000 ____D () C:\Users\prima\AppData\Roaming\GoContactSyncMOD
2014-03-27 15:00 - 2014-03-27 15:00 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-03-27 15:00 - 2014-03-27 15:00 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-03-27 14:56 - 2014-03-27 14:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-27 14:56 - 2009-04-07 13:02 - 01560576 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWia09b.dll
2014-03-27 14:56 - 2009-02-24 11:37 - 00050176 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrUsi09a.dll
2014-03-27 14:56 - 2008-06-17 16:33 - 00167936 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2014-03-27 14:56 - 2007-12-13 23:16 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2014-03-27 14:56 - 2007-12-13 23:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2014-03-27 14:56 - 2007-01-15 22:54 - 00012288 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2014-03-27 14:56 - 2006-12-28 14:39 - 00176128 ____N (Brother Industries, Ltd.) C:\Windows\SysWOW64\BroSNMP.dll
2014-03-27 14:55 - 2014-03-27 14:55 - 00000000 ____D () C:\Users\annika\AppData\Roaming\InstallShield
2014-03-27 14:28 - 2014-03-27 14:56 - 00000050 _____ () C:\Windows\system32\bridf07a.dat
2014-03-27 14:27 - 2014-03-27 14:56 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-03-27 14:25 - 2014-03-27 14:25 - 00000000 ____D () C:\ProgramData\Brother
2014-03-27 14:23 - 2014-03-27 14:24 - 44631506 _____ (A.I.SOFT,INC.) C:\Users\prima\Downloads\465-INST-WIN7-A.EXE
2014-03-21 11:44 - 2014-03-21 11:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-21 11:44 - 2014-03-21 11:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-21 11:43 - 2014-03-21 11:43 - 13084896 _____ (Microsoft Corporation) C:\Users\prima\Downloads\Silverlight_x64.exe
2014-03-20 07:30 - 2013-12-21 11:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-20 07:30 - 2013-12-21 10:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-19 22:51 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-19 22:51 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-19 22:51 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-19 22:51 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-19 22:51 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-19 22:51 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-19 22:51 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-19 22:51 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-19 22:51 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-19 22:51 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-19 22:51 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-19 22:51 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-19 22:51 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-19 22:51 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-19 22:51 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-19 22:51 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-19 22:51 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-19 22:51 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-19 22:51 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-19 22:51 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-19 22:51 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-19 22:51 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-19 22:51 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-19 22:51 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-19 22:51 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-19 22:51 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-19 22:51 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-19 22:51 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-19 22:51 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-19 22:51 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-19 22:51 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-19 22:51 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-19 22:51 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-19 22:51 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-19 22:51 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-19 22:51 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-19 07:57 - 2013-10-14 19:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-03-19 07:51 - 2014-03-19 07:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-19 07:51 - 2014-03-19 07:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-19 07:51 - 2014-03-19 07:51 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-19 07:51 - 2014-03-19 07:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-19 07:51 - 2014-03-19 07:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-19 07:51 - 2014-03-19 07:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-19 07:51 - 2014-03-19 07:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-19 07:51 - 2014-03-19 07:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-19 07:50 - 2014-03-19 07:50 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-19 07:50 - 2014-03-19 07:50 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-19 07:50 - 2014-03-19 07:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-19 07:50 - 2014-03-19 07:50 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-19 07:50 - 2014-03-19 07:50 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-19 07:50 - 2014-03-19 07:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-19 07:50 - 2014-03-19 07:50 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-19 07:50 - 2014-03-19 07:50 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-19 07:50 - 2014-03-19 07:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-19 07:50 - 2014-03-19 07:50 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-18 22:12 - 2014-03-18 22:34 - 00000000 ____D () C:\Users\prima\Desktop\studien düren dysphagiefobi
2014-03-18 22:06 - 2014-03-18 22:07 - 00001594 _____ () C:\Windows\VPNInstall.MIF
2014-03-18 22:06 - 2014-03-18 22:06 - 00000000 ____D () C:\Program Files\Common Files\Deterministic Networks
2014-03-18 22:06 - 2014-03-18 22:06 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
2014-03-14 20:11 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 20:11 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 20:11 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 20:11 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 20:11 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-14 20:11 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-14 20:11 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-14 20:11 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-14 20:11 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-14 20:11 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-14 20:11 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-03-14 20:11 - 2011-02-25 07:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-03-14 20:10 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 20:10 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 20:10 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 20:10 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-14 20:10 - 2012-02-11 08:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-03-14 20:10 - 2012-02-11 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2014-03-14 20:10 - 2011-03-11 08:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-03-14 20:10 - 2011-03-11 08:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-03-14 20:10 - 2011-03-11 08:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-03-14 20:10 - 2011-03-11 08:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-03-14 20:10 - 2011-03-11 08:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-03-14 20:10 - 2011-03-11 08:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-03-14 20:10 - 2011-03-11 08:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-03-14 20:10 - 2011-03-11 07:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-03-14 20:10 - 2011-03-11 07:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-03-14 20:10 - 2011-03-11 06:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-03-14 20:04 - 2014-03-14 07:57 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

==================== One Month Modified Files and Folders =======

2014-04-13 12:00 - 2014-04-13 12:00 - 00007198 _____ () C:\Users\prima\Downloads\FRST.txt
2014-04-13 12:00 - 2014-04-13 12:00 - 00000000 ____D () C:\FRST
2014-04-13 11:59 - 2014-04-13 11:59 - 02157568 _____ (Farbar) C:\Users\prima\Downloads\FRST64.exe
2014-04-13 11:59 - 2014-03-09 18:18 - 01055240 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 11:58 - 2014-04-13 11:58 - 00016072 _____ () C:\Users\prima\Desktop\8uAp5SJg.htm
2014-04-13 11:57 - 2014-03-10 20:14 - 00000000 ____D () C:\Users\prima\Documents\Outlook-Dateien
2014-04-13 11:52 - 2014-03-09 23:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-13 11:26 - 2014-04-13 11:26 - 00000520 _____ () C:\Users\prima\Desktop\Ereignisse avira.txt
2014-04-13 11:24 - 2014-04-13 11:24 - 00001059 _____ () C:\Users\prima\Desktop\malwarebyte 10-18.txt
2014-04-13 11:23 - 2014-04-13 11:23 - 00001645 _____ () C:\Users\prima\Desktop\malwarebyte 09-12.txt
2014-04-13 11:04 - 2014-04-13 11:27 - 00001443 _____ () C:\Users\prima\Desktop\AdwCleaner[R3].txt
2014-04-13 10:57 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 10:57 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 10:53 - 2011-04-12 09:43 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2014-04-13 10:53 - 2011-04-12 09:43 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2014-04-13 10:53 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-13 10:52 - 2014-04-13 10:30 - 00000000 ____D () C:\AdwCleaner
2014-04-13 10:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-13 10:48 - 2014-04-13 11:27 - 00001340 _____ () C:\Users\prima\Desktop\AdwCleaner[S1].txt
2014-04-13 10:48 - 2009-07-14 06:51 - 00030365 _____ () C:\Windows\setupact.log
2014-04-13 10:47 - 2014-04-13 11:27 - 00001323 _____ () C:\Users\prima\Desktop\AdwCleaner[R2].txt
2014-04-13 10:42 - 2014-04-13 11:27 - 00001313 _____ () C:\Users\prima\Desktop\AdwCleaner[S0].txt
2014-04-13 10:41 - 2014-04-13 11:27 - 00001296 _____ () C:\Users\prima\Desktop\AdwCleaner[R1].txt
2014-04-13 10:32 - 2014-04-13 11:27 - 00001236 _____ () C:\Users\prima\Desktop\AdwCleaner[R0].txt
2014-04-13 10:29 - 2014-04-13 10:50 - 00613200 _____ (Chip Digital GmbH) C:\Users\prima\Desktop\AdwCleaner - CHIP-Downloader.exe
2014-04-13 10:29 - 2014-04-13 10:29 - 00613200 _____ (Chip Digital GmbH) C:\Users\prima\Downloads\AdwCleaner - CHIP-Downloader.exe
2014-04-13 09:34 - 2010-11-21 05:47 - 00134706 _____ () C:\Windows\PFRO.log
2014-04-13 09:12 - 2014-04-13 09:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 09:12 - 2014-04-13 09:12 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 09:12 - 2014-04-13 09:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-13 09:12 - 2014-04-13 09:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 09:10 - 2014-04-13 09:10 - 00613200 _____ (Chip Digital GmbH) C:\Users\prima\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-04-10 06:36 - 2014-03-09 20:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-06 00:37 - 2014-03-09 20:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-05 15:25 - 2014-03-09 23:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-05 15:25 - 2014-03-09 23:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-03 09:51 - 2014-04-13 09:12 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-13 09:12 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-13 09:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 03:16 - 2014-04-10 01:24 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-10 01:24 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 21:08 - 2014-03-30 21:08 - 00000000 _____ () C:\Users\prima\Sti_Trace.log
2014-03-30 21:08 - 2014-03-09 23:20 - 00000000 ____D () C:\Users\prima
2014-03-29 22:57 - 2014-03-29 22:54 - 00345581 _____ () C:\Users\prima\Desktop\gutschein mg.pptx
2014-03-29 21:42 - 2014-03-29 21:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 21:29 - 2014-03-29 21:29 - 00000000 ___RD () C:\Users\prima\AppData\Roaming\Brother
2014-03-27 15:17 - 2014-03-27 15:17 - 00000000 ____D () C:\Users\prima\AppData\Roaming\GoContactSyncMOD
2014-03-27 15:14 - 2014-03-09 23:20 - 00001425 _____ () C:\Users\prima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-27 15:14 - 2014-03-09 23:20 - 00000000 ___RD () C:\Users\prima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-27 15:14 - 2014-03-09 23:20 - 00000000 ___RD () C:\Users\prima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-27 15:00 - 2014-03-27 15:00 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-03-27 15:00 - 2014-03-27 15:00 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-03-27 14:56 - 2014-03-27 14:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-27 14:56 - 2014-03-27 14:28 - 00000050 _____ () C:\Windows\system32\bridf07a.dat
2014-03-27 14:56 - 2014-03-27 14:27 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-03-27 14:55 - 2014-03-27 14:55 - 00000000 ____D () C:\Users\annika\AppData\Roaming\InstallShield
2014-03-27 14:25 - 2014-03-27 14:25 - 00000000 ____D () C:\ProgramData\Brother
2014-03-27 14:24 - 2014-03-27 14:23 - 44631506 _____ (A.I.SOFT,INC.) C:\Users\prima\Downloads\465-INST-WIN7-A.EXE
2014-03-22 19:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-21 11:44 - 2014-03-21 11:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-21 11:44 - 2014-03-21 11:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-21 11:43 - 2014-03-21 11:43 - 13084896 _____ (Microsoft Corporation) C:\Users\prima\Downloads\Silverlight_x64.exe
2014-03-19 07:57 - 2014-03-11 04:32 - 00018792 _____ () C:\Windows\IE11_main.log
2014-03-19 07:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-19 07:51 - 2014-03-19 07:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-19 07:51 - 2014-03-19 07:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-19 07:51 - 2014-03-19 07:51 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-19 07:51 - 2014-03-19 07:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-19 07:51 - 2014-03-19 07:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-19 07:51 - 2014-03-19 07:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-19 07:51 - 2014-03-19 07:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-19 07:51 - 2014-03-19 07:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-19 07:51 - 2014-03-19 07:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-19 07:50 - 2014-03-19 07:50 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-19 07:50 - 2014-03-19 07:50 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-19 07:50 - 2014-03-19 07:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-19 07:50 - 2014-03-19 07:50 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-19 07:50 - 2014-03-19 07:50 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-19 07:50 - 2014-03-19 07:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-19 07:50 - 2014-03-19 07:50 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-19 07:50 - 2014-03-19 07:50 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-19 07:50 - 2014-03-19 07:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-19 07:50 - 2014-03-19 07:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-19 07:50 - 2014-03-19 07:50 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-19 07:48 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-03-18 22:34 - 2014-03-18 22:12 - 00000000 ____D () C:\Users\prima\Desktop\studien düren dysphagiefobi
2014-03-18 22:07 - 2014-03-18 22:06 - 00001594 _____ () C:\Windows\VPNInstall.MIF
2014-03-18 22:06 - 2014-03-18 22:06 - 00000000 ____D () C:\Program Files\Common Files\Deterministic Networks
2014-03-18 22:06 - 2014-03-18 22:06 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
2014-03-18 08:38 - 2014-03-09 18:28 - 00000000 ____D () C:\Users\annika
2014-03-17 22:27 - 2014-03-10 22:04 - 00000000 ____D () C:\Users\prima\AppData\Roaming\Foxit Software
2014-03-15 09:40 - 2009-07-14 06:45 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 07:20 - 2014-03-11 05:06 - 01592784 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-14 07:57 - 2014-03-14 20:04 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

Some content of TEMP:
====================
C:\Users\prima\AppData\Local\Temp\avgnt.exe
C:\Users\prima\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\prima\AppData\Local\Temp\vpnclient_setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2014 01
Ran by prima at 2014-04-13 12:01:22
Running from C:\Users\prima\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Audition 1.5 (HKLM-x32\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-135C (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
GO Contact Sync Mod (HKLM-x32\...\{CD178FDD-086A-4C2E-935E-8CDB747B0F29}) (Version: 3.6.1 - WebGear, Create Software, Stru.be, saller.NET)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Presentation 0.70 08.19.03 (HKLM-x32\...\{0E7D9154-2E18-4371-9CF0-2F440C980DC7}) (Version: 70.08.19.03 - Neurobehavioral Systems, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2014 10:49:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2014 10:44:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2014 09:35:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 04:53:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5538

Error: (04/12/2014 04:53:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5538

Error: (04/12/2014 04:53:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2014 04:53:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4539

Error: (04/12/2014 04:53:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4539

Error: (04/12/2014 04:53:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2014 04:53:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3432


System errors:
=============
Error: (04/13/2014 10:48:50 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/13/2014 10:43:29 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/13/2014 09:35:02 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/12/2014 03:19:32 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/12/2014 02:42:42 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (04/11/2014 05:59:23 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/11/2014 05:59:23 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/11/2014 05:20:30 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (04/10/2014 11:08:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NBS Win2k-XP Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (04/10/2014 11:08:11 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PDRV.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================
Error: (04/13/2014 10:49:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2014 10:44:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2014 09:35:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 04:53:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5538

Error: (04/12/2014 04:53:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5538

Error: (04/12/2014 04:53:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2014 04:53:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4539

Error: (04/12/2014 04:53:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4539

Error: (04/12/2014 04:53:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2014 04:53:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3432


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 4061.02 MB
Available physical RAM: 2299.11 MB
Total Pagefile: 8120.23 MB
Available Pagefile: 6217.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:32.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:204.03 GB) (Free:69.64 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

deeprybka 13.04.2014 11:08
Ok. ;)
Bitte auf weitere Anweisungen warten.

primiprimi 13.04.2014 11:20
alles klar! ich warte

deeprybka 13.04.2014 13:27
Hallo,
wie ich gesehen habe, hast Du Dir http://filepony.de/icon/adwcleaner.pngAdwarecleaner nicht von der von uns empfohlenen Quelle geladen. Wir empfehlen diese hier. Am besten löschst Du diese Dateien:

Code:
C:\Users\prima\Desktop\AdwCleaner - CHIP-Downloader.exe
C:\Users\prima\Downloads\AdwCleaner - CHIP-Downloader.exe
und lädst Dir von der empfohlenen Quelle Adwarecleaner neu herunter.
Zudem solltest Du die Programme immer auf die Desktopoberfläche vom Administratorkonto laden und starten.
Die Dateien sind Benutzerprofile des Firefox und keine Malware.
Code:
[ Datei : C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\5j446y5x.default\prefs.js ]
[ Datei : C:\Users\annika\AppData\Roaming\Mozilla\Firefox\Profiles\qmlq7x7u.default\prefs.js ]
Wir machen zum Abschluss nur noch einen Kontrollscan:

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte poste mir das ESET-Log. Hinweis: Der Scan kann etwas länger dauern... ;)

primiprimi 13.04.2014 13:41
Ok, werde ich machen.

Wenn Firefox unbedenklich ist, was haltet ihr denn von diesen Dateien?:

***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS

Muss ich mri da Sorgen machen, ist das Malware?

deeprybka 13.04.2014 13:45
;)

Hi,
schonmal geschaut von wo Du Adwarecleaner startest?

Code:
Gestartet von : C:\Users\annika\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner3023.exe
Keine Angst also, einfach meine Anweisungen von oben durchführen... :)

deeprybka 16.04.2014 10:36
Hi,

ich hab schon länger keine Antwort mehr von Dir erhalten. Brauchst Du noch Hilfe?

Hinweis: Sollte ich die nächsten 24h keine Nachricht von Dir bekommen, lösche ich das Thema aus meinen Abos und werde daher über Änderungen oder Beiträge nicht weiter informiert. Wenn Du weitermachen möchtest, schreib mir dann einfach eine PM.

:dankeschoen:


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131