TR/Patched.Ren.Gen in C:\Windows\Temp\ (Windows 7)

qumaira · 03.12.2013, 21:37

Hallo,

Antivir findet bei mir immer wieder einen Trojaner TR/Patched.Ren.Gen.

Zitat:

Exportierte Ereignisse:

03.12.2013 20:38 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\Temp\a1dec603-8488-417c-b247-55b5bc02406c\tmp00001827\tmp00008df5'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

03.12.2013 20:37 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\Temp\a1dec603-8488-417c-b247-55b5bc02406c\tmp00001827\tmp00008d71'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

Ich habe schon mehrere Virenprogramme drüberlaufen lassen (AdAware, SpyBot), seitdem ich mir versehentlich mit einem angeblichen Java-Update mehrere unerwünschte Programme runtergeladen habe. Habe alles wieder deinstalliert, aber dieses Problem taucht immer noch auf.

Hier das Defogger disable Log (ich habe nicht wieder "enablet"):

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:50 on 03/12/2013 (Munira)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Das Log FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2013 02
Ran by Munira (administrator) on HEXENKATZE on 03-12-2013 20:53:48
Running from C:\Users\Munira\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
() C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
() C:\Users\Munira\Desktop\Defogger.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-05] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe [2162008 2013-10-18] ()
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Update Service] - C:\Program Files\Common Files\Teknum Systems\update.exe [19456 2013-01-20] (Teknum Systems AS)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\Users\Munira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {2F457B8F-4310-4798-B3CE-D77BA09202D2} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Munira\AppData\Roaming\Mozilla\Firefox\Profiles\m5i4lydh.Munira
FF NewTab: about:blank
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Munira\AppData\Roaming\Mozilla\Firefox\Profiles\m5i4lydh.Munira\searchplugins\dictcc.xml
FF SearchPlugin: C:\Users\Munira\AppData\Roaming\Mozilla\Firefox\Profiles\m5i4lydh.Munira\searchplugins\linguee-de-en.xml
FF SearchPlugin: C:\Users\Munira\AppData\Roaming\Mozilla\Firefox\Profiles\m5i4lydh.Munira\searchplugins\thesaurus---referencecom.xml
FF SearchPlugin: C:\Users\Munira\AppData\Roaming\Mozilla\Firefox\Profiles\m5i4lydh.Munira\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

========================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2012-11-28] (Fork Ltd.)
R2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-30] ()
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [497744 2013-10-18] ()
R2 MSSQL$ACROSS; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 Samsung UPD Service; C:\Windows\System32\SUPDSvc.exe [132464 2010-03-16] (Samsung Electronics CO., LTD.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\STacSV.exe [229458 2010-01-05] (IDT, Inc.)
R2 wgsslvpnsrc; C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [101376 2012-06-13] ()

==================== Drivers (Whitelisted) ====================

R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-02] (ST Microelectronics)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-26] (Avira GmbH)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2011-10-24] (The OpenVPN Project)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Munira\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 20:53 - 2013-12-03 20:53 - 01092545 _____ (Farbar) C:\Users\Munira\Desktop\FRST.exe
2013-12-03 20:53 - 2013-12-03 20:53 - 00014008 _____ C:\Users\Munira\Desktop\FRST.txt
2013-12-03 20:50 - 2013-12-03 20:50 - 00000474 _____ C:\Users\Munira\Desktop\defogger_disable.log
2013-12-03 20:50 - 2013-12-03 20:50 - 00000000 _____ C:\Users\Munira\defogger_reenable
2013-12-03 20:49 - 2013-12-03 20:49 - 00050477 _____ C:\Users\Munira\Desktop\Defogger.exe
2013-12-02 20:53 - 2013-12-02 20:53 - 02347384 _____ (ESET) C:\Users\Munira\Desktop\esetsmartinstaller_enu.exe
2013-12-02 20:51 - 2013-12-02 20:51 - 00000000 ____D C:\Users\Munira\AppData\Local\adawarebp
2013-12-02 17:26 - 2013-12-02 17:26 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-02 17:26 - 2013-12-02 17:26 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Malwarebytes
2013-12-02 17:26 - 2013-12-02 17:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-02 17:26 - 2013-12-02 17:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-02 17:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-02 17:23 - 2013-12-02 17:24 - 00014363 _____ C:\Users\Munira\Desktop\Addition.txt
2013-12-02 17:22 - 2013-12-02 17:22 - 00000000 ____D C:\FRST
2013-12-02 17:18 - 2013-12-02 17:18 - 00002011 _____ C:\Users\Munira\Desktop\JRT.txt
2013-12-02 17:15 - 2013-12-02 17:15 - 01034531 _____ (Thisisu) C:\Users\Munira\Desktop\JRT.exe
2013-12-02 17:15 - 2013-12-02 17:15 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 17:07 - 2013-12-02 17:08 - 00000000 ____D C:\AdwCleaner
2013-12-02 17:07 - 2013-12-02 17:07 - 01110034 _____ C:\Users\Munira\Desktop\adwcleaner.exe
2013-12-02 17:05 - 2013-12-02 17:05 - 00001131 _____ C:\Users\Munira\Desktop\Continue Zip Opener Installation.lnk
2013-12-02 15:43 - 2013-12-02 15:43 - 00016096 _____ C:\ComboFix.txt
2013-12-02 15:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-02 15:19 - 2013-12-02 15:19 - 00000000 ____D C:\Users\Munira\Documents\ProcAlyzer Dumps
2013-12-02 14:16 - 2006-09-29 05:56 - 00028248 ____R (Adobe Systems Incorporated.) C:\Windows\system32\AdobePDF.dll
2013-12-02 13:16 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-02 13:16 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-02 13:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-02 13:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-02 13:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-02 13:16 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-02 13:16 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-02 13:15 - 2013-12-02 15:43 - 00000000 ____D C:\Qoobox
2013-12-02 13:14 - 2013-12-02 15:41 - 00000000 ____D C:\Windows\erdnt
2013-12-02 13:12 - 2013-12-02 13:13 - 05151572 ____R (Swearware) C:\Users\Munira\Desktop\ComboFix.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 14:13 - 2013-11-26 14:13 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 14:13 - 2013-11-26 14:13 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 14:13 - 2013-11-26 14:13 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 14:13 - 2013-11-26 14:13 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 14:13 - 2013-11-26 14:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 14:11 - 2013-11-26 14:15 - 00010956 _____ C:\Windows\IE11_main.log
2013-11-24 11:08 - 2013-11-24 11:08 - 00000943 _____ C:\Users\Public\Desktop\SaalDesignSoftware.lnk
2013-11-24 11:08 - 2013-11-24 11:08 - 00000000 ____D C:\Program Files\SaalDesignSoftware
2013-11-22 09:18 - 2013-11-22 09:18 - 00155752 _____ C:\Users\Munira\Desktop\haekelschal.jpeg
2013-11-18 12:22 - 2013-11-18 12:22 - 00000000 ____D C:\ProgramData\Oracle
2013-11-18 12:22 - 2013-11-18 12:22 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-18 12:21 - 2013-11-18 12:21 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-18 12:21 - 2013-11-18 12:21 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-17 16:04 - 2013-11-17 16:04 - 104695876 _____ C:\Windows\system32\꼥d
2013-11-15 20:33 - 2013-11-15 20:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 18:42 - 2013-11-15 18:42 - 104464595 _____ C:\Windows\system32\츹풡b
2013-11-14 20:01 - 2013-11-14 20:01 - 104278918 _____ C:\Windows\system32\Ḹ샜j
2013-11-14 11:49 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 11:49 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 11:49 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 11:49 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 11:49 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 11:49 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 11:49 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 11:49 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 11:49 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 11:49 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 11:49 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 11:49 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 11:49 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 11:49 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 11:49 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 11:49 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 11:49 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 11:49 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 06:59 - 2013-11-14 06:59 - 104179408 _____ C:\Windows\system32\䎉駍]
2013-11-13 19:16 - 2013-11-13 19:16 - 104136834 _____ C:\Windows\system32\䖟g
2013-11-12 08:25 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-12 08:25 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-12 08:25 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-12 08:25 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-12 08:25 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-12 08:25 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-12 08:25 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-11 10:38 - 2013-11-11 10:38 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-11 10:37 - 2013-11-11 10:38 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-11 10:37 - 2013-11-11 10:38 - 00000000 ____D C:\Program Files\iTunes
2013-11-11 10:37 - 2013-11-11 10:37 - 00000000 ____D C:\Program Files\iPod
2013-11-11 09:38 - 2013-11-11 09:38 - 00000680 _____ C:\Users\Munira\Desktop\wichteln.txt
2013-11-10 21:43 - 2013-11-10 21:43 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Lavasoft
2013-11-10 21:07 - 2009-06-10 22:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20131110-210708.backup
2013-11-10 21:04 - 2013-11-10 21:04 - 00000000 ____D C:\Users\Munira\AppData\Roaming\LavasoftStatistics
2013-11-10 20:26 - 2013-11-10 20:26 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-11-10 20:25 - 2013-11-10 20:26 - 00000000 ____D C:\Program Files\Lavasoft
2013-11-10 20:24 - 2013-11-10 20:24 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-11-10 20:22 - 2013-11-10 20:22 - 00000000 ____D C:\ProgramData\Lavasoft
2013-11-10 20:19 - 2013-12-02 15:23 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-11-10 20:19 - 2013-12-02 15:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-10 19:56 - 2013-11-10 19:56 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Roxio Log Files
2013-11-10 19:42 - 2013-11-10 19:42 - 00000000 ____D C:\Users\Munira\AppData\Local\Google
2013-11-09 19:37 - 2013-11-09 19:37 - 103387443 _____ C:\Windows\system32\Ꞥj
2013-11-05 07:31 - 2013-11-05 07:31 - 105017276 _____ C:\Windows\system32\濆詵`

==================== One Month Modified Files and Folders =======

2013-12-03 20:54 - 2013-12-03 20:53 - 00014008 _____ C:\Users\Munira\Desktop\FRST.txt
2013-12-03 20:53 - 2013-12-03 20:53 - 01092545 _____ (Farbar) C:\Users\Munira\Desktop\FRST.exe
2013-12-03 20:53 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 20:53 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 20:50 - 2013-12-03 20:50 - 00000474 _____ C:\Users\Munira\Desktop\defogger_disable.log
2013-12-03 20:50 - 2013-12-03 20:50 - 00000000 _____ C:\Users\Munira\defogger_reenable
2013-12-03 20:50 - 2010-06-04 21:59 - 00000000 ____D C:\Users\Munira
2013-12-03 20:49 - 2013-12-03 20:49 - 00050477 _____ C:\Users\Munira\Desktop\Defogger.exe
2013-12-03 20:31 - 2013-01-20 18:11 - 00000029 _____ C:\Windows\system32\TempWmicBatchFile.bat
2013-12-03 20:27 - 2010-06-11 17:07 - 00000000 ____D C:\Users\Munira\Documents\fofi
2013-12-03 20:23 - 2012-10-20 11:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 18:31 - 2010-06-07 15:08 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Skype
2013-12-03 17:35 - 2009-07-14 05:55 - 01725776 _____ C:\Windows\WindowsUpdate.log
2013-12-03 17:31 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 17:31 - 2009-07-14 05:39 - 00108132 _____ C:\Windows\setupact.log
2013-12-03 15:01 - 2013-03-26 16:07 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-03 07:00 - 2010-05-29 18:52 - 01658670 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-02 20:53 - 2013-12-02 20:53 - 02347384 _____ (ESET) C:\Users\Munira\Desktop\esetsmartinstaller_enu.exe
2013-12-02 20:51 - 2013-12-02 20:51 - 00000000 ____D C:\Users\Munira\AppData\Local\adawarebp
2013-12-02 20:50 - 2010-05-29 11:42 - 00143216 _____ C:\Windows\PFRO.log
2013-12-02 17:26 - 2013-12-02 17:26 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-02 17:26 - 2013-12-02 17:26 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Malwarebytes
2013-12-02 17:26 - 2013-12-02 17:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-02 17:26 - 2013-12-02 17:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-02 17:24 - 2013-12-02 17:23 - 00014363 _____ C:\Users\Munira\Desktop\Addition.txt
2013-12-02 17:22 - 2013-12-02 17:22 - 00000000 ____D C:\FRST
2013-12-02 17:18 - 2013-12-02 17:18 - 00002011 _____ C:\Users\Munira\Desktop\JRT.txt
2013-12-02 17:15 - 2013-12-02 17:15 - 01034531 _____ (Thisisu) C:\Users\Munira\Desktop\JRT.exe
2013-12-02 17:15 - 2013-12-02 17:15 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 17:08 - 2013-12-02 17:07 - 00000000 ____D C:\AdwCleaner
2013-12-02 17:07 - 2013-12-02 17:07 - 01110034 _____ C:\Users\Munira\Desktop\adwcleaner.exe
2013-12-02 17:05 - 2013-12-02 17:05 - 00001131 _____ C:\Users\Munira\Desktop\Continue Zip Opener Installation.lnk
2013-12-02 15:43 - 2013-12-02 15:43 - 00016096 _____ C:\ComboFix.txt
2013-12-02 15:43 - 2013-12-02 13:15 - 00000000 ____D C:\Qoobox
2013-12-02 15:43 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2013-12-02 15:41 - 2013-12-02 13:14 - 00000000 ____D C:\Windows\erdnt
2013-12-02 15:40 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-12-02 15:23 - 2013-11-10 20:19 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-02 15:22 - 2013-11-10 20:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-02 15:19 - 2013-12-02 15:19 - 00000000 ____D C:\Users\Munira\Documents\ProcAlyzer Dumps
2013-12-02 13:13 - 2013-12-02 13:12 - 05151572 ____R (Swearware) C:\Users\Munira\Desktop\ComboFix.exe
2013-12-02 13:09 - 2010-06-07 14:31 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Adobe
2013-11-26 19:27 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-26 18:24 - 2010-06-07 15:07 - 00000000 ___RD C:\Program Files\Skype
2013-11-26 18:24 - 2010-06-07 15:07 - 00000000 ____D C:\ProgramData\Skype
2013-11-26 18:19 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-26 14:15 - 2013-11-26 14:11 - 00010956 _____ C:\Windows\IE11_main.log
2013-11-26 14:13 - 2013-11-26 14:13 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 14:13 - 2013-11-26 14:13 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 14:13 - 2013-11-26 14:13 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 14:13 - 2013-11-26 14:13 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 14:13 - 2013-11-26 14:13 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 14:13 - 2013-11-26 14:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-25 21:34 - 2010-06-07 15:01 - 00000000 ____D C:\Users\Munira\.gimp-2.6
2013-11-25 11:45 - 2010-07-30 16:50 - 00000000 ____D C:\Users\Munira\Documents\planung
2013-11-24 12:13 - 2010-07-30 16:14 - 00000000 ____D C:\Users\Munira\Documents\fotoszurentwicklung
2013-11-24 11:08 - 2013-11-24 11:08 - 00000943 _____ C:\Users\Public\Desktop\SaalDesignSoftware.lnk
2013-11-24 11:08 - 2013-11-24 11:08 - 00000000 ____D C:\Program Files\SaalDesignSoftware
2013-11-24 11:08 - 2011-10-03 12:25 - 00000000 ____D C:\Users\Munira\AppData\Roaming\SaalDesignSoftware
2013-11-24 11:07 - 2011-10-03 12:24 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-11-22 11:50 - 2013-04-03 11:35 - 00000000 ____D C:\Users\Munira\AppData\Local\DoNotTrackPlus
2013-11-22 09:18 - 2013-11-22 09:18 - 00155752 _____ C:\Users\Munira\Desktop\haekelschal.jpeg
2013-11-21 15:16 - 2012-04-25 07:30 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-21 07:26 - 2013-10-16 09:53 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-11-19 15:55 - 2013-05-07 13:31 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-19 15:55 - 2013-03-26 16:07 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-19 15:55 - 2013-03-26 16:07 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-18 14:25 - 2013-08-18 16:00 - 00000000 ____D C:\Users\Munira\Desktop\forestfinance
2013-11-18 12:25 - 2010-06-11 14:02 - 00000000 ____D C:\Users\Munira\AppData\Local\Adobe
2013-11-18 12:24 - 2011-05-23 07:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-18 12:22 - 2013-11-18 12:22 - 00000000 ____D C:\ProgramData\Oracle
2013-11-18 12:22 - 2013-11-18 12:22 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-18 12:21 - 2013-11-18 12:21 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-18 12:21 - 2013-11-18 12:21 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-18 12:21 - 2012-10-20 11:36 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-18 12:21 - 2012-10-20 11:36 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-18 10:59 - 2010-10-27 15:48 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Canon
2013-11-17 16:04 - 2013-11-17 16:04 - 104695876 _____ C:\Windows\system32\꼥d
2013-11-15 20:33 - 2013-11-15 20:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 18:42 - 2013-11-15 18:42 - 104464595 _____ C:\Windows\system32\츹풡b
2013-11-14 20:01 - 2013-11-14 20:01 - 104278918 _____ C:\Windows\system32\Ḹ샜j
2013-11-14 14:10 - 2010-05-29 18:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 14:07 - 2013-08-15 14:42 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 14:04 - 2010-08-02 20:38 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 06:59 - 2013-11-14 06:59 - 104179408 _____ C:\Windows\system32\䎉駍]
2013-11-13 19:16 - 2013-11-13 19:16 - 104136834 _____ C:\Windows\system32\䖟g
2013-11-11 10:38 - 2013-11-11 10:38 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-11 10:38 - 2013-11-11 10:37 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-11 10:38 - 2013-11-11 10:37 - 00000000 ____D C:\Program Files\iTunes
2013-11-11 10:37 - 2013-11-11 10:37 - 00000000 ____D C:\Program Files\iPod
2013-11-11 10:37 - 2010-11-26 10:17 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-11 09:38 - 2013-11-11 09:38 - 00000680 _____ C:\Users\Munira\Desktop\wichteln.txt
2013-11-11 05:50 - 2010-06-04 22:16 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 21:43 - 2013-11-10 21:43 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Lavasoft
2013-11-10 21:04 - 2013-11-10 21:04 - 00000000 ____D C:\Users\Munira\AppData\Roaming\LavasoftStatistics
2013-11-10 20:26 - 2013-11-10 20:26 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-11-10 20:26 - 2013-11-10 20:25 - 00000000 ____D C:\Program Files\Lavasoft
2013-11-10 20:24 - 2013-11-10 20:24 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-11-10 20:22 - 2013-11-10 20:22 - 00000000 ____D C:\ProgramData\Lavasoft
2013-11-10 20:00 - 2010-05-29 19:01 - 00000000 ____D C:\Program Files\Creative
2013-11-10 20:00 - 2010-05-29 18:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-10 19:58 - 2013-01-20 17:06 - 00000000 ____D C:\Program Files\HandyBits
2013-11-10 19:58 - 2012-05-03 08:03 - 00000000 ____D C:\ProgramData\Screentime
2013-11-10 19:57 - 2010-05-29 18:55 - 00000000 ____D C:\Program Files\Common Files\Roxio Shared
2013-11-10 19:57 - 2010-05-29 18:55 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-11-10 19:56 - 2013-11-10 19:56 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Roxio Log Files
2013-11-10 19:56 - 2010-05-29 18:55 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-11-10 19:42 - 2013-11-10 19:42 - 00000000 ____D C:\Users\Munira\AppData\Local\Google
2013-11-09 19:37 - 2013-11-09 19:37 - 103387443 _____ C:\Windows\system32\Ꞥj
2013-11-05 07:31 - 2013-11-05 07:31 - 105017276 _____ C:\Windows\system32\濆詵`

Some content of TEMP:
====================
C:\Users\Munira\AppData\Local\Temp\avgnt.exe
C:\Users\Munira\AppData\Local\Temp\catchme.dll
C:\Users\Munira\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 12:34

==================== End Of Log ============================

--- --- ---

Das Log Addition:

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-12-2013
Ran by Munira at 2013-12-02 17:23:47
Running from C:\Users\Munira\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)
AAVUpdateManager (Version: 18.00.0000)
Accelerometer (Version: 1.06.08.33)
Across Personal Edition (Version: 5.00.0)
Ad-Aware Antivirus (Version: 11.0.4555.0)
AdAwareInstaller (Version: 11.0.4555.0)
AdAwareUpdater (Version: 11.0.4555.0)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.1.6)
Adobe Acrobat 8.1.6 - CPSID_49167
Adobe Acrobat 8.1.6 Professional (Version: 8.1.6)
Adobe AIR (Version: 3.9.0.1210)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0.1)
Adobe Color EU Recommended Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Extra Settings (Version: 1.0)
Adobe Creative Suite 3 Design Premium (Version: 1.0)
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05)
Adobe Setup (Version: 1.0)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Advanced Audio FX Engine (Version: 1.12.05)
AHV content for Acrobat and Flash (Version: 1)
Amazon Kindle
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17)
AntimalwareEngine (Version: 2.6.0.0)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Audible Download Manager (Version: 6.6.0.12)
Avira Free Antivirus (Version: 14.0.1.749)
Bonjour (Version: 3.0.0.10)
D3DX10 (Version: 15.4.2368.0902)
Dell Backup and Recovery Manager (Version: 1.2.3)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 15.0.2.0)
Dell Webcam Central (Version: 1.40.05)
DW WLAN Card (Version: 5.60.18.34)
FreeCommander 2009.02a (Version: 2009.02)
FreeOCR 3.0 (Version: 3.0)
GIMP 2.6.11 (Version: 2.6.11)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2104)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java(TM) 6 Update 30 (Version: 6.0.300)
Kindle Previewer
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Basic 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (ACROSS) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mobile Partner (Version: 11.302.09.02.511)
Mobipocket Creator 4.2 (Version: 4.2.41)
Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 24.1.1)
Mozilla Thunderbird 24.1.1 (x86 de) (Version: 24.1.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
PDF Settings (Version: 1.0)
PhotoME (Version: 0.79R17)
PhotoScape
PowerDVD DX (Version: 8.3.6029)
QuickSet32 (Version: 1.3.2)
QuickTime (Version: 7.74.80.86)
Saal Design Software (Version: 3.2.24)
Samsung Universal Print Driver
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.11 (Version: 6.11.102)
Steuer-Spar-Erklärung 2011 (Version: 16.09)
Steuer-Spar-Erklärung 2012 (Version: 17.05)
Steuer-Spar-Erklärung 2013 (Version: 18.04)
Trillian
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Word 2007 Help (KB963665)
WatchGuard Mobile VPN with SSL client 11.6.0
Winamp (Version: 5.572 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

==================== Restore Points =========================

14-11-2013 13:04:14 Windows Update
18-11-2013 11:19:04 Installed Java 7 Update 45
19-11-2013 08:03:13 Windows Update
26-11-2013 06:07:16 Windows Update
26-11-2013 13:10:28 Windows Update
02-12-2013 12:18:13 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {12FAFD70-F241-4598-B0D3-975287FA90EA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1B196BAF-DFDE-458E-A290-F113C45EB1D2} - System32\Tasks\{5603A90F-1F03-4437-8466-E6027166D0B6} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {42C5E84A-D606-4D66-B942-2F7FC4307954} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-18] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-18 18:05 - 2013-10-18 18:05 - 00131920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\pugixml.dll
2013-10-18 18:05 - 2013-10-18 18:05 - 02038088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\RCF.dll
2013-10-18 18:05 - 2013-10-18 18:05 - 00107392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_filesystem-vc100-mt-1_53.dll
2013-10-18 18:05 - 2013-10-18 18:05 - 00021880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_system-vc100-mt-1_53.dll
2013-10-18 18:05 - 2013-10-18 18:05 - 00048000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_date_time-vc100-mt-1_53.dll
2013-10-18 18:05 - 2013-10-18 18:05 - 00086904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_thread-vc100-mt-1_53.dll
2013-10-18 18:05 - 2013-10-18 18:05 - 00405368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_locale-vc100-mt-1_53.dll
2013-10-18 18:05 - 2013-10-18 18:05 - 00227168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\HtmlFramework.dll
2013-10-18 18:05 - 2013-10-18 18:05 - 00232272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\Logger.dll
2013-10-18 18:05 - 2013-10-18 18:05 - 00055128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\DllStorage.dll
2013-10-18 18:05 - 2013-10-18 18:05 - 00643952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTrayDefaultSkin.dll
2013-10-18 18:05 - 2013-10-18 18:05 - 00119640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\Localization.dll
2013-10-18 18:05 - 2013-10-18 18:05 - 00541008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\SQLite.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-04 14:36 - 2010-05-04 14:36 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2013-11-15 20:33 - 2013-11-15 20:33 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (04/12/2012 03:11:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7316 seconds with 3600 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 1910.68 MB
Available physical RAM: 695.18 MB
Total Pagefile: 3821.36 MB
Available Pagefile: 2051.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.23 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:91.82 GB) NTFS
Drive d: (Apr 06 2013) (CDROM) (Total:0.69 GB) (Free:0.59 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 3876DA77)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Das Log GMER (wollte erst nicht durchlaufen, beim zweiten Mal ging es):

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-03 21:19:52
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Munira\AppData\Local\Temp\pfloyaow.sys


---- System - GMER 2.1 ----

SSDT            8E740EAE                                                                                    ZwCreateSection
SSDT            8E740EB8                                                                                    ZwRequestWaitReplyPort
SSDT            8E740EB3                                                                                    ZwSetContextThread
SSDT            8E740EBD                                                                                    ZwSetSecurityObject
SSDT            8E740EC2                                                                                    ZwSystemDebugControl
SSDT            8E740E4F                                                                                    ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                    82C3EA15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                      82C78212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                         82C7F58C 4 Bytes  [AE, 0E, 74, 8E] {SCASB ; PUSH CS; JZ 0xffffff92}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                         82C7F92C 4 Bytes  [B3, 0E, 74, 8E] {MOV BL, 0xe; JZ 0xffffff92}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                         82C7F9A8 4 Bytes  [BD, 0E, 74, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 166F                                                         82C7FA04 4 Bytes  [4F, 0E, 74, 8E] {DEC EDI; PUSH CS; JZ 0xffffff92}

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4040] kernel32.dll!FindResourceW     75545517 5 Bytes  JMP 0042B700 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4040] kernel32.dll!FindResourceA     7554A4BD 5 Bytes  JMP 0042B6C0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4040] user32.DLL!LoadStringA         76CA66A7 5 Bytes  JMP 0042B990 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4040] user32.DLL!LoadStringW         76CADFBA 5 Bytes  JMP 0042B8E0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4040] user32.DLL!LoadMenuW           76CAF214 5 Bytes  JMP 0042B880 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4040] user32.DLL!LoadMenuA           76CBF92C 5 Bytes  JMP 0042B820 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4040] user32.DLL!CreateDialogParamA  76CC1F42 5 Bytes  JMP 0042B740 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[4040] user32.DLL!CreateDialogParamW  76CD5630 5 Bytes  JMP 0042B7B0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                     Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                     Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                    fltmgr.sys

---- EOF - GMER 2.1 ----

--- --- ---

Daneben habe ich noch Combofix, JRT und ADWCleaner installiert.
Viele Grüße

qumaira

cosinus · 03.12.2013, 21:52

Hallo und

Zitat:

Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.1.6)
Adobe Acrobat 8.1.6 - CPSID_49167
Adobe Acrobat 8.1.6 Professional (Version: 8.1.6)

Ist das ein gewerblich genutztes System?

Zitat:

Daneben habe ich noch Combofix, JRT und ADWCleaner installiert.

Und mindestens auch Malwarebytes. Wo sind die Logs von MBAM, adwCleaner, JRT und Combofix?
Und wer hat dich angewiesen CF auszuführen, hier steht doch überall, dass es nicht auf eigene Faust gestartet werden soll

qumaira · 03.12.2013, 22:34

Hallo cosinus,

ich habe das ganze Adobe Paket in der Student Edition. Das ist mein Privatrechner.

Leider habe ich zu spät gelesen, dass man nichts auf eigene Faust tun soll. Ich habe nach dem Trojaner gegoogelt und verschiedene Tipps befolgt. Nachdem das nichts gebracht hat, hab ich mich erst hier registriert.

Die Log-Dateien der verschiedenen Programme habe ich leider nicht mehr, kann die Scans aber nochmal starten.

Außerdem muss ich noch erwähnen, dass ich alle Prozesse beendet und dann den Temp-Ordner komplett gelöscht habe. Daraufhin hat Avira den Trojaner im Papierkorb entdeckt. Keine Ahnung, ob das etwas gebracht hat.

Viele Grüße

qumaira

cosinus · 03.12.2013, 22:39

Schau mal bitte nach, Logs zu entsorgen per Hand macht wenig Sinn und ist recht aufwändig.

Combofix.txt müsste direkt auf C sein. Evtl findest du auch was im Ordner C:\Qoobox.
Malwarebytes und andere Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520

qumaira · 03.12.2013, 23:10

Gesucht, gefunden - allerdings sind diese Logfiles schon von gestern.

Combofix:

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-12-01.01 - Munira 02.12.2013  15:28:29.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1911.669 [GMT 1:00]
ausgeführt von:: c:\users\Munira\Desktop\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files\BrowserCompanion
c:\program files\BrowserCompanion\logo.ico
c:\program files\BrowserCompanion\terms.lnk.url
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\FlashPlayerApp.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-02 bis 2013-12-02  ))))))))))))))))))))))))))))))
.
.
2013-12-02 13:16 . 2006-09-29 04:56	28248	----a-r-	c:\windows\system32\AdobePDF.dll
2013-12-02 12:23 . 2013-12-02 12:23	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBDC7A9F-1CFD-4A8D-B770-21A48E84215F}\offreg.dll
2013-11-29 07:09 . 2013-11-08 01:15	7772552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBDC7A9F-1CFD-4A8D-B770-21A48E84215F}\mpengine.dll
2013-11-24 10:08 . 2013-11-24 10:08	--------	d-----w-	c:\program files\SaalDesignSoftware
2013-11-18 11:22 . 2013-11-18 11:22	--------	d-----w-	c:\programdata\Oracle
2013-11-18 11:22 . 2013-11-18 11:22	--------	d-----w-	c:\program files\Common Files\Java
2013-11-18 11:21 . 2013-11-18 11:21	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-11-12 07:25 . 2013-09-04 01:15	258560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-11-12 07:25 . 2013-09-04 01:14	76288	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-11-12 07:25 . 2013-09-04 01:14	284672	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-11-12 07:25 . 2013-09-04 01:14	43008	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-11-12 07:25 . 2013-09-04 01:14	20480	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-11-12 07:25 . 2013-09-04 01:14	24064	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-11-12 07:25 . 2013-09-04 01:14	6016	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-11-11 09:37 . 2013-11-11 09:37	--------	d-----w-	c:\program files\iPod
2013-11-11 09:37 . 2013-11-11 09:38	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-11 09:37 . 2013-11-11 09:38	--------	d-----w-	c:\program files\iTunes
2013-11-10 20:43 . 2013-11-10 20:43	--------	d-----w-	c:\users\Munira\AppData\Roaming\Lavasoft
2013-11-10 19:26 . 2013-11-10 19:26	--------	d-----w-	c:\users\Munira\AppData\Local\adawarebp
2013-11-10 19:26 . 2013-11-10 19:26	--------	d-----w-	c:\programdata\blekko toolbars
2013-11-10 19:26 . 2013-11-10 19:26	--------	d-----w-	c:\programdata\Ad-Aware Browsing Protection
2013-11-10 19:26 . 2013-11-10 19:26	--------	d-----w-	c:\program files\Toolbar Cleaner
2013-11-10 19:25 . 2013-11-10 19:26	--------	d-----w-	c:\program files\Lavasoft
2013-11-10 19:24 . 2013-11-10 19:24	--------	d-----w-	c:\program files\Common Files\Lavasoft
2013-11-10 19:22 . 2013-11-10 19:22	--------	d-----w-	c:\programdata\Lavasoft
2013-11-10 19:19 . 2013-12-02 14:22	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-11-10 19:19 . 2013-12-02 14:23	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2013-11-10 18:56 . 2013-11-10 18:56	--------	d-sh--we	c:\windows\system32\config\systemprofile\Startmenü
2013-11-10 18:56 . 2013-11-10 18:56	--------	d-----w-	c:\users\Munira\AppData\Roaming\Roxio Log Files
2013-11-10 18:46 . 2013-11-10 18:46	--------	d-----w-	c:\program files\Uninstaller
2013-11-10 18:43 . 2013-11-10 19:02	--------	d-----w-	c:\program files\MyPC Backup
2013-11-10 18:43 . 2013-11-10 19:13	--------	d-----w-	c:\program files\Optimizer Pro
2013-11-10 18:43 . 2013-11-10 18:43	--------	d-----w-	c:\users\Munira\AppData\Local\Programs
2013-11-10 18:42 . 2013-11-10 18:42	--------	d-----w-	c:\users\Munira\AppData\Roaming\DealPly
2013-11-10 18:42 . 2013-11-10 18:42	--------	d-----w-	c:\users\Munira\AppData\Local\Google
2013-11-10 18:41 . 2013-11-10 18:41	--------	d-----w-	c:\program files\SearchProtect
2013-11-10 18:41 . 2013-11-10 18:41	--------	d-----w-	c:\users\Munira\AppData\Local\SearchProtect
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-02 14:26 . 2013-01-20 17:11	29	----a-w-	c:\windows\system32\TempWmicBatchFile.bat
2013-11-19 14:55 . 2013-05-07 12:31	67680	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-11-19 14:55 . 2013-03-26 15:07	90400	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-11-19 14:55 . 2013-03-26 15:07	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-11-19 14:55 . 2013-03-26 15:07	137208	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-11-18 11:24 . 2011-05-23 06:51	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-11 04:50 . 2010-06-04 21:16	230048	------w-	c:\windows\system32\MpSigStub.exe
2013-09-14 00:48 . 2013-10-13 16:44	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2013-09-08 02:07 . 2013-10-13 16:44	1294272	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03 . 2013-10-13 16:44	231424	----a-w-	c:\windows\system32\mswsock.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-10-31 18:22	116248	----a-w-	c:\program files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll" [2013-10-31 116248]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Update Service"="c:\progra~1\COMMON~1\TEKNUM~1\update.exe" [2013-01-20 19456]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-07 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-05 495708]
"FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-04-30 1648264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-11-19 683576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe" [2013-10-18 2162008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Munira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe /Startup [2009-12-17 1795488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 60928]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R2 wgsslvpnsrc;WatchGuard SSLVPN Service;c:\program files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [2012-06-12 101376]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-03-16 132464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 16176]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-19 37352]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\aestsrv.exe [2009-03-02 81920]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-11-19 440376]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-11-19 1164360]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2012-11-28 23552]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 497744]
S2 MSSQL$ACROSS;SQL Server (ACROSS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-02 41648]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 11:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:8080
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=08832fd1-7845-3081-413d-bef63c3d5fcc&searchtype=ds&q={searchTerms}&installDate=10/11/2013
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Munira\AppData\Roaming\Mozilla\Firefox\Profiles\m5i4lydh.Munira\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_7&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-02  15:43:17
ComboFix-quarantined-files.txt  2013-12-02 14:43
.
Vor Suchlauf: 14 Verzeichnis(se), 98.352.820.224 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 98.703.044.608 Bytes frei
.
- - End Of File - - 9B3CDCA63066AD7B25C6A99B1AF539EF

--- --- ---
5C616939100B85E558DA92B899A0FC36
[/QUOTE]

JRT:

Zitat:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by Munira on 02.12.2013 at 17:15:49,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B1073F54-002B-42DD-ADB1-A6099229BD5C}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Munira\appdata\local\adawarebp"
Successfully deleted: [Empty Folder] C:\Users\Munira\appdata\local\{9B39C221-A4B9-41D0-8658-8E23CA999A68}
Successfully deleted: [Empty Folder] C:\Users\Munira\appdata\local\{EDC211E0-EFD5-4BA8-8C04-8A859EAB3C10}

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Munira\AppData\Roaming\mozilla\firefox\profiles\peb56947.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Successfully deleted: [Folder] C:\Users\Munira\AppData\Roaming\mozilla\firefox\profiles\m5i4lydh.Munira\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Successfully deleted the following from C:\Users\Munira\AppData\Roaming\mozilla\firefox\profiles\m5i4lydh.Munira\prefs.js

user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_7&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\Munira\AppData\Roaming\mozilla\firefox\profiles\m5i4lydh.Munira\minidumps [366 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.12.2013 at 17:18:14,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes:

Zitat:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.02.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Munira :: HEXENKATZE [Administrator]

02.12.2013 17:37:44
mbam-log-2013-12-02 (17-37-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 390230
Laufzeit: 1 Stunde(n), 6 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Munira\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe (PUP.Optional.JumpyApps.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-2832443122-2223555467-674166490-1000\$R85GZZL.exe (PUP.Optional.JumpyApps.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Beim ADWCleaner scheint nix da zu sein (Log-Symbol ist nicht klickbar) (?)

Viele Grüße
qumaira

Ach ja, das Zipopenerding, das Malwarebytes da gefunden hat, hab ich noch versehentlich bei FilePony runtergeladen

Das sollte aber hoffentlich weg sein.

cosinus · 03.12.2013, 23:16

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

qumaira · 04.12.2013, 11:03

Hallo cosinus,

das Programm sagt "Congratulations, no cleanup is required! Scan finished: No malware found!"

Soll ich es trotzdem ein zweites Mal durchlaufen lassen?

Viele Grüße

qumaira

cosinus · 04.12.2013, 11:17

Ein Frisches FRST-Log bitte

qumaira · 04.12.2013, 11:20

Hier kommt es:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2013 02
Ran by Munira (administrator) on HEXENKATZE on 04-12-2013 11:19:20
Running from C:\Users\Munira\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
() C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-05] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe [2162008 2013-10-18] ()
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Update Service] - [x]
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
Startup: C:\Users\Munira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {2F457B8F-4310-4798-B3CE-D77BA09202D2} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Munira\AppData\Roaming\Mozilla\Firefox\Profiles\m5i4lydh.Munira
FF NewTab: about:blank
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Munira\AppData\Roaming\Mozilla\Firefox\Profiles\m5i4lydh.Munira\searchplugins\dictcc.xml
FF SearchPlugin: C:\Users\Munira\AppData\Roaming\Mozilla\Firefox\Profiles\m5i4lydh.Munira\searchplugins\linguee-de-en.xml
FF SearchPlugin: C:\Users\Munira\AppData\Roaming\Mozilla\Firefox\Profiles\m5i4lydh.Munira\searchplugins\thesaurus---referencecom.xml
FF SearchPlugin: C:\Users\Munira\AppData\Roaming\Mozilla\Firefox\Profiles\m5i4lydh.Munira\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

========================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2012-11-28] (Fork Ltd.)
R2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-30] ()
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [497744 2013-10-18] ()
R2 MSSQL$ACROSS; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 Samsung UPD Service; C:\Windows\System32\SUPDSvc.exe [132464 2010-03-16] (Samsung Electronics CO., LTD.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\STacSV.exe [229458 2010-01-05] (IDT, Inc.)
R2 wgsslvpnsrc; C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [101376 2012-06-13] ()

==================== Drivers (Whitelisted) ====================

R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-02] (ST Microelectronics)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-26] (Avira GmbH)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2011-10-24] (The OpenVPN Project)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Munira\AppData\Local\Temp\catchme.sys [x]
U5 MBAMSwissArmy; C:\Windows\System32\Drivers\MBAMSwissArmy.sys [105176 2013-12-04] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-04 11:19 - 2013-12-04 11:19 - 00013588 _____ C:\Users\Munira\Desktop\FRST.txt
2013-12-04 07:23 - 2013-12-04 11:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-04 07:23 - 2013-12-04 07:23 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-04 07:04 - 2013-12-04 11:04 - 00000000 ____D C:\Users\Munira\Desktop\mbar
2013-12-04 07:04 - 2013-12-04 07:22 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-04 07:03 - 2013-12-04 07:03 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Munira\Desktop\mbar-1.07.0.1007.exe
2013-12-03 20:56 - 2013-12-03 20:56 - 00377856 _____ C:\Users\Munira\Desktop\gmer_2.1.19163.exe
2013-12-03 20:53 - 2013-12-03 20:53 - 01092545 _____ (Farbar) C:\Users\Munira\Desktop\FRST.exe
2013-12-03 20:50 - 2013-12-03 20:50 - 00000000 _____ C:\Users\Munira\defogger_reenable
2013-12-03 20:49 - 2013-12-03 20:49 - 00050477 _____ C:\Users\Munira\Desktop\Defogger.exe
2013-12-02 20:53 - 2013-12-02 20:53 - 02347384 _____ (ESET) C:\Users\Munira\Desktop\esetsmartinstaller_enu.exe
2013-12-02 20:51 - 2013-12-02 20:51 - 00000000 ____D C:\Users\Munira\AppData\Local\adawarebp
2013-12-02 17:26 - 2013-12-02 17:26 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-02 17:26 - 2013-12-02 17:26 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Malwarebytes
2013-12-02 17:26 - 2013-12-02 17:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-02 17:26 - 2013-12-02 17:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-02 17:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-02 17:22 - 2013-12-02 17:22 - 00000000 ____D C:\FRST
2013-12-02 17:15 - 2013-12-02 17:15 - 01034531 _____ (Thisisu) C:\Users\Munira\Desktop\JRT.exe
2013-12-02 17:15 - 2013-12-02 17:15 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 17:07 - 2013-12-02 17:08 - 00000000 ____D C:\AdwCleaner
2013-12-02 17:07 - 2013-12-02 17:07 - 01110034 _____ C:\Users\Munira\Desktop\adwcleaner.exe
2013-12-02 15:43 - 2013-12-02 15:43 - 00016096 _____ C:\ComboFix.txt
2013-12-02 15:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-02 15:19 - 2013-12-02 15:19 - 00000000 ____D C:\Users\Munira\Documents\ProcAlyzer Dumps
2013-12-02 14:16 - 2006-09-29 05:56 - 00028248 ____R (Adobe Systems Incorporated.) C:\Windows\system32\AdobePDF.dll
2013-12-02 13:16 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-02 13:16 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-02 13:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-02 13:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-02 13:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-02 13:16 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-02 13:16 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-02 13:15 - 2013-12-02 15:43 - 00000000 ____D C:\Qoobox
2013-12-02 13:14 - 2013-12-02 15:41 - 00000000 ____D C:\Windows\erdnt
2013-12-02 13:12 - 2013-12-02 13:13 - 05151572 ____R (Swearware) C:\Users\Munira\Desktop\ComboFix.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 14:13 - 2013-11-26 14:13 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 14:13 - 2013-11-26 14:13 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 14:13 - 2013-11-26 14:13 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 14:13 - 2013-11-26 14:13 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 14:13 - 2013-11-26 14:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 14:11 - 2013-11-26 14:15 - 00010956 _____ C:\Windows\IE11_main.log
2013-11-24 11:08 - 2013-11-24 11:08 - 00000943 _____ C:\Users\Public\Desktop\SaalDesignSoftware.lnk
2013-11-24 11:08 - 2013-11-24 11:08 - 00000000 ____D C:\Program Files\SaalDesignSoftware
2013-11-22 09:18 - 2013-11-22 09:18 - 00155752 _____ C:\Users\Munira\Desktop\haekelschal.jpeg
2013-11-18 12:22 - 2013-11-18 12:22 - 00000000 ____D C:\ProgramData\Oracle
2013-11-18 12:22 - 2013-11-18 12:22 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-18 12:21 - 2013-11-18 12:21 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-18 12:21 - 2013-11-18 12:21 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-17 16:04 - 2013-11-17 16:04 - 104695876 _____ C:\Windows\system32\꼥d
2013-11-15 20:33 - 2013-11-15 20:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 18:42 - 2013-11-15 18:42 - 104464595 _____ C:\Windows\system32\츹풡b
2013-11-14 20:01 - 2013-11-14 20:01 - 104278918 _____ C:\Windows\system32\Ḹ샜j
2013-11-14 11:49 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 11:49 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 11:49 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 11:49 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 11:49 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 11:49 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 11:49 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 11:49 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 11:49 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 11:49 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 11:49 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 11:49 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 11:49 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 11:49 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 11:49 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 11:49 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 11:49 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 11:49 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 06:59 - 2013-11-14 06:59 - 104179408 _____ C:\Windows\system32\䎉駍]
2013-11-13 19:16 - 2013-11-13 19:16 - 104136834 _____ C:\Windows\system32\䖟g
2013-11-12 08:25 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-12 08:25 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-12 08:25 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-12 08:25 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-12 08:25 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-12 08:25 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-12 08:25 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-11 10:38 - 2013-11-11 10:38 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-11 10:37 - 2013-11-11 10:38 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-11 10:37 - 2013-11-11 10:38 - 00000000 ____D C:\Program Files\iTunes
2013-11-11 10:37 - 2013-11-11 10:37 - 00000000 ____D C:\Program Files\iPod
2013-11-11 09:38 - 2013-11-11 09:38 - 00000680 _____ C:\Users\Munira\Desktop\wichteln.txt
2013-11-10 21:43 - 2013-11-10 21:43 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Lavasoft
2013-11-10 21:07 - 2009-06-10 22:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20131110-210708.backup
2013-11-10 21:04 - 2013-11-10 21:04 - 00000000 ____D C:\Users\Munira\AppData\Roaming\LavasoftStatistics
2013-11-10 20:26 - 2013-11-10 20:26 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-11-10 20:25 - 2013-11-10 20:26 - 00000000 ____D C:\Program Files\Lavasoft
2013-11-10 20:24 - 2013-11-10 20:24 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-11-10 20:22 - 2013-11-10 20:22 - 00000000 ____D C:\ProgramData\Lavasoft
2013-11-10 20:19 - 2013-12-02 15:23 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-11-10 20:19 - 2013-12-02 15:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-10 19:56 - 2013-11-10 19:56 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Roxio Log Files
2013-11-10 19:42 - 2013-11-10 19:42 - 00000000 ____D C:\Users\Munira\AppData\Local\Google
2013-11-09 19:37 - 2013-11-09 19:37 - 103387443 _____ C:\Windows\system32\Ꞥj
2013-11-05 07:31 - 2013-11-05 07:31 - 105017276 _____ C:\Windows\system32\濆詵`

==================== One Month Modified Files and Folders =======

2013-12-04 11:20 - 2010-06-07 15:08 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Skype
2013-12-04 11:19 - 2013-12-04 11:19 - 00013588 _____ C:\Users\Munira\Desktop\FRST.txt
2013-12-04 11:04 - 2013-12-04 07:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-04 11:04 - 2013-12-04 07:04 - 00000000 ____D C:\Users\Munira\Desktop\mbar
2013-12-04 11:00 - 2010-05-29 18:52 - 01658670 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-04 10:58 - 2013-01-20 18:11 - 00000029 _____ C:\Windows\system32\TempWmicBatchFile.bat
2013-12-04 10:58 - 2012-10-20 11:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-04 08:33 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-04 08:33 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-04 08:28 - 2009-07-14 05:55 - 01759845 _____ C:\Windows\WindowsUpdate.log
2013-12-04 07:23 - 2013-12-04 07:23 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-04 07:22 - 2013-12-04 07:04 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-04 07:19 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-04 07:19 - 2009-07-14 05:39 - 00108985 _____ C:\Windows\setupact.log
2013-12-04 07:03 - 2013-12-04 07:03 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Munira\Desktop\mbar-1.07.0.1007.exe
2013-12-03 20:58 - 2010-06-11 17:07 - 00000000 ____D C:\Users\Munira\Documents\fofi
2013-12-03 20:56 - 2013-12-03 20:56 - 00377856 _____ C:\Users\Munira\Desktop\gmer_2.1.19163.exe
2013-12-03 20:53 - 2013-12-03 20:53 - 01092545 _____ (Farbar) C:\Users\Munira\Desktop\FRST.exe
2013-12-03 20:50 - 2013-12-03 20:50 - 00000000 _____ C:\Users\Munira\defogger_reenable
2013-12-03 20:50 - 2010-06-04 21:59 - 00000000 ____D C:\Users\Munira
2013-12-03 20:49 - 2013-12-03 20:49 - 00050477 _____ C:\Users\Munira\Desktop\Defogger.exe
2013-12-03 15:01 - 2013-03-26 16:07 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-02 20:53 - 2013-12-02 20:53 - 02347384 _____ (ESET) C:\Users\Munira\Desktop\esetsmartinstaller_enu.exe
2013-12-02 20:51 - 2013-12-02 20:51 - 00000000 ____D C:\Users\Munira\AppData\Local\adawarebp
2013-12-02 20:50 - 2010-05-29 11:42 - 00143216 _____ C:\Windows\PFRO.log
2013-12-02 17:26 - 2013-12-02 17:26 - 00001069 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-02 17:26 - 2013-12-02 17:26 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Malwarebytes
2013-12-02 17:26 - 2013-12-02 17:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-02 17:26 - 2013-12-02 17:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-02 17:22 - 2013-12-02 17:22 - 00000000 ____D C:\FRST
2013-12-02 17:15 - 2013-12-02 17:15 - 01034531 _____ (Thisisu) C:\Users\Munira\Desktop\JRT.exe
2013-12-02 17:15 - 2013-12-02 17:15 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 17:08 - 2013-12-02 17:07 - 00000000 ____D C:\AdwCleaner
2013-12-02 17:07 - 2013-12-02 17:07 - 01110034 _____ C:\Users\Munira\Desktop\adwcleaner.exe
2013-12-02 15:43 - 2013-12-02 15:43 - 00016096 _____ C:\ComboFix.txt
2013-12-02 15:43 - 2013-12-02 13:15 - 00000000 ____D C:\Qoobox
2013-12-02 15:43 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2013-12-02 15:41 - 2013-12-02 13:14 - 00000000 ____D C:\Windows\erdnt
2013-12-02 15:40 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2013-12-02 15:23 - 2013-11-10 20:19 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-02 15:22 - 2013-11-10 20:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-02 15:19 - 2013-12-02 15:19 - 00000000 ____D C:\Users\Munira\Documents\ProcAlyzer Dumps
2013-12-02 13:13 - 2013-12-02 13:12 - 05151572 ____R (Swearware) C:\Users\Munira\Desktop\ComboFix.exe
2013-12-02 13:09 - 2010-06-07 14:31 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Adobe
2013-11-26 19:27 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-26 18:24 - 2010-06-07 15:07 - 00000000 ___RD C:\Program Files\Skype
2013-11-26 18:24 - 2010-06-07 15:07 - 00000000 ____D C:\ProgramData\Skype
2013-11-26 18:19 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-26 14:15 - 2013-11-26 14:11 - 00010956 _____ C:\Windows\IE11_main.log
2013-11-26 14:13 - 2013-11-26 14:13 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 14:13 - 2013-11-26 14:13 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 14:13 - 2013-11-26 14:13 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 14:13 - 2013-11-26 14:13 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 14:13 - 2013-11-26 14:13 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 14:13 - 2013-11-26 14:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 14:13 - 2013-11-26 14:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 14:13 - 2013-11-26 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-25 21:34 - 2010-06-07 15:01 - 00000000 ____D C:\Users\Munira\.gimp-2.6
2013-11-25 11:45 - 2010-07-30 16:50 - 00000000 ____D C:\Users\Munira\Documents\planung
2013-11-24 12:13 - 2010-07-30 16:14 - 00000000 ____D C:\Users\Munira\Documents\fotoszurentwicklung
2013-11-24 11:08 - 2013-11-24 11:08 - 00000943 _____ C:\Users\Public\Desktop\SaalDesignSoftware.lnk
2013-11-24 11:08 - 2013-11-24 11:08 - 00000000 ____D C:\Program Files\SaalDesignSoftware
2013-11-24 11:08 - 2011-10-03 12:25 - 00000000 ____D C:\Users\Munira\AppData\Roaming\SaalDesignSoftware
2013-11-24 11:07 - 2011-10-03 12:24 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-11-22 11:50 - 2013-04-03 11:35 - 00000000 ____D C:\Users\Munira\AppData\Local\DoNotTrackPlus
2013-11-22 09:18 - 2013-11-22 09:18 - 00155752 _____ C:\Users\Munira\Desktop\haekelschal.jpeg
2013-11-21 15:16 - 2012-04-25 07:30 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-21 07:26 - 2013-10-16 09:53 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-11-19 15:55 - 2013-05-07 13:31 - 00067680 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-19 15:55 - 2013-03-26 16:07 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-19 15:55 - 2013-03-26 16:07 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-18 14:25 - 2013-08-18 16:00 - 00000000 ____D C:\Users\Munira\Desktop\forestfinance
2013-11-18 12:25 - 2010-06-11 14:02 - 00000000 ____D C:\Users\Munira\AppData\Local\Adobe
2013-11-18 12:24 - 2011-05-23 07:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-18 12:22 - 2013-11-18 12:22 - 00000000 ____D C:\ProgramData\Oracle
2013-11-18 12:22 - 2013-11-18 12:22 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-18 12:21 - 2013-11-18 12:21 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-18 12:21 - 2013-11-18 12:21 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-18 12:21 - 2012-10-20 11:36 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-18 12:21 - 2012-10-20 11:36 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-18 10:59 - 2010-10-27 15:48 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Canon
2013-11-17 16:04 - 2013-11-17 16:04 - 104695876 _____ C:\Windows\system32\꼥d
2013-11-15 20:33 - 2013-11-15 20:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 18:42 - 2013-11-15 18:42 - 104464595 _____ C:\Windows\system32\츹풡b
2013-11-14 20:01 - 2013-11-14 20:01 - 104278918 _____ C:\Windows\system32\Ḹ샜j
2013-11-14 14:10 - 2010-05-29 18:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 14:07 - 2013-08-15 14:42 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 14:04 - 2010-08-02 20:38 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 06:59 - 2013-11-14 06:59 - 104179408 _____ C:\Windows\system32\䎉駍]
2013-11-13 19:16 - 2013-11-13 19:16 - 104136834 _____ C:\Windows\system32\䖟g
2013-11-11 10:38 - 2013-11-11 10:38 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-11 10:38 - 2013-11-11 10:37 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-11 10:38 - 2013-11-11 10:37 - 00000000 ____D C:\Program Files\iTunes
2013-11-11 10:37 - 2013-11-11 10:37 - 00000000 ____D C:\Program Files\iPod
2013-11-11 10:37 - 2010-11-26 10:17 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-11 09:38 - 2013-11-11 09:38 - 00000680 _____ C:\Users\Munira\Desktop\wichteln.txt
2013-11-11 05:50 - 2010-06-04 22:16 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 21:43 - 2013-11-10 21:43 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Lavasoft
2013-11-10 21:04 - 2013-11-10 21:04 - 00000000 ____D C:\Users\Munira\AppData\Roaming\LavasoftStatistics
2013-11-10 20:26 - 2013-11-10 20:26 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-11-10 20:26 - 2013-11-10 20:25 - 00000000 ____D C:\Program Files\Lavasoft
2013-11-10 20:24 - 2013-11-10 20:24 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-11-10 20:22 - 2013-11-10 20:22 - 00000000 ____D C:\ProgramData\Lavasoft
2013-11-10 20:00 - 2010-05-29 19:01 - 00000000 ____D C:\Program Files\Creative
2013-11-10 20:00 - 2010-05-29 18:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-10 19:58 - 2013-01-20 17:06 - 00000000 ____D C:\Program Files\HandyBits
2013-11-10 19:58 - 2012-05-03 08:03 - 00000000 ____D C:\ProgramData\Screentime
2013-11-10 19:57 - 2010-05-29 18:55 - 00000000 ____D C:\Program Files\Common Files\Roxio Shared
2013-11-10 19:57 - 2010-05-29 18:55 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-11-10 19:56 - 2013-11-10 19:56 - 00000000 ____D C:\Users\Munira\AppData\Roaming\Roxio Log Files
2013-11-10 19:56 - 2010-05-29 18:55 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-11-10 19:42 - 2013-11-10 19:42 - 00000000 ____D C:\Users\Munira\AppData\Local\Google
2013-11-09 19:37 - 2013-11-09 19:37 - 103387443 _____ C:\Windows\system32\Ꞥj
2013-11-05 07:31 - 2013-11-05 07:31 - 105017276 _____ C:\Windows\system32\濆詵`

Some content of TEMP:
====================
C:\Users\Munira\AppData\Local\Temp\avgnt.exe
C:\Users\Munira\AppData\Local\Temp\catchme.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 12:34

==================== End Of Log ============================

--- --- ---

cosinus · 04.12.2013, 11:27

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

qumaira · 04.12.2013, 11:43

Hier schon mal die erste Logdatei von Malwarebytes, hat nix gefunden:

Zitat:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.04.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Munira :: HEXENKATZE [Administrator]

04.12.2013 11:33:30
mbam-log-2013-12-04 (11-33-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214848
Laufzeit: 8 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 04.12.2013, 11:59

Ok...aber bitte CODE-Tags verwenden

qumaira · 04.12.2013, 12:11

Leider gerade wieder eine Meldung von Avira erhalten, dass der Trojaner gefunden wurde

Wieder im Windows-Temp-Ordner.

Ich lasse den ESET Scanner gleich laufen.

cosinus · 04.12.2013, 13:13

Avira bitte deaktivieren! Ein Aktivier Virenscanner verfälscht die Ergebnisse von MBAM und ESET!

qumaira · 04.12.2013, 13:50

Hier das Log vom Eset Scanner (Avira und Firewall waren deaktiviert):

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=17fcf363b6114e42b9cd2bdfbbd4a4e7
# engine=16129
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-04 12:20:12
# local_time=2013-12-04 01:20:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 26479 156830917 19239 0
# compatibility_mode=5893 16776573 100 94 26368 137790803 0 0
# scanned=188954
# found=0
# cleaned=0
# scan_time=3778

Malwarebytes lasse ich dann nochmal ohne Avira laufen.

PS: In eurer Eset-Anleitung ist ein Tippfehler (threads statt threats)

Log Malwarebytes ohne Antivir:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.04.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Munira :: HEXENKATZE [Administrator]

04.12.2013 13:41:59
mbam-log-2013-12-04 (13-41-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 215144
Laufzeit: 7 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

04.12.2013, 11:17	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$TR/Patched.Ren.Gen in C:\Windows\Temp\ (Windows 7) - Standard$ TR/Patched.Ren.Gen in C:\Windows\Temp\ (Windows 7) Ein Frisches FRST-Log bitte __________________ Logfiles bitte immer in CODE-Tags posten

04.12.2013, 11:59	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$TR/Patched.Ren.Gen in C:\Windows\Temp\ (Windows 7) - Standard$ TR/Patched.Ren.Gen in C:\Windows\Temp\ (Windows 7) Ok...aber bitte CODE-Tags verwenden __________________ Logfiles bitte immer in CODE-Tags posten

04.12.2013, 13:13	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$TR/Patched.Ren.Gen in C:\Windows\Temp\ (Windows 7) - Standard$ TR/Patched.Ren.Gen in C:\Windows\Temp\ (Windows 7) Avira bitte deaktivieren! Ein Aktivier Virenscanner verfälscht die Ergebnisse von MBAM und ESET! __________________ Logfiles bitte immer in CODE-Tags posten

TR/Patched.Ren.Gen in C:\Windows\Temp\ (Windows 7)

Log-Analyse und Auswertung: TR/Patched.Ren.Gen in C:\Windows\Temp\ (Windows 7)