| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Habe ich Viren oder Trojaner auf meinem PC?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.05.2013, 17:11
| #1 |
 |  Habe ich Viren oder Trojaner auf meinem PC? Hallo! leider habe ich mehrere verschiedene Probleme, die sich unterschiedlich auf meinen PC auswirken und ich weiß auch nicht, ob da ein Zusammenhang besteht. Daher stelle ich eine kleine Liste zusammen und hoffe, dass Ihr mir helfen könnt. Vielen Dank! 1. Avira: 'Gruppenrichtlinie' 2. Malebytesantimaleware: 'Gruppenrichtlinie' Beide Programme lassen sich nicht aufrufen! Es erscheint jeweils eine Meldung, dass die Ausführung des jeweiligen Programms durch eine 'Gruppenrichtlinie' nicht möglich ist. Ich weiß auch nicht, ob die Programme noch auf dem Rechner sind, da sie nicht mehr in der Liste der Software-Programme auftauchen. 3. mit Maus markieren: Einfaches Markieren mit der Maus ist nicht möglich da die Markierung immer 'verspringt'! 4. Mausklick: bei einem Einfachklick scheint es oft einen 'Doppel'-Klick zu machen! 5. Akzent: macht doppelten Akzent (z.B. ´´) bevor ich den dazugehörigen Vokal (z.B. e) eingeben kann! 6. Windows-Update: es bleibt immer ein nicht installiertes Update übrig mit dem Fehler-Code: 8004FF80 7. Nach dem Hochfahren des Computers kann ich oft nicht sofort Mozilla Thunderbird starten. Erst nach längerer Wartezeit lässt es sich starten und auch dann bockt es oft noch mit der Fehlermeldung: 'keine Rückmeldung'! Leider weiß ich nicht, ob es zwischen diesen diversen Problemen einen Zusammenhang gibt, aber ich wollte doch soweit mir bekannt alles angeben, was ich dazu mitteilen kann. Für eine Hilfe wäre ich sehr dankbar! P.S.: Leider konnte ich mir noch nicht das 'defogger' herunterladen, da ein kleines Fenster mit der Frage 'Disable' oder 'Re-enalbe' erscheint und ich nicht weiß, was ich da zuerst machen muss! Geändert von Bluebird55 (27.05.2013 um 17:20 Uhr) |
|
27.05.2013, 17:41
| #2 |
| /// the machine /// TB-Ausbilder    | Habe ich Viren oder Trojaner auf meinem PC? hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
27.05.2013, 19:08
| #3 |
| | Habe ich Viren oder Trojaner auf meinem PC? Hallo Schrauber, danke erstmal! Hier das Ergebnis:
__________________Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2013 Ran by Friedrich at 2013-05-27 20:06:51 Run: Running from C:\Users\Friedrich\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Acrobat.com (Version: 1.6.65) Adobe AIR (Version: 1.5.0.7220) Adobe Flash Player 11 ActiveX (Version: 11.7.700.202) Adobe Flash Player 11 Plugin (Version: 11.7.700.202) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) Advertising Center (Version: 0.0.0.2) Agatha Christie - Death on the Nile (Version: 2.2.0.95) Agent Ransack 2010 (64-bit) Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) Apple Application Support (Version: 2.1.7) Bejeweled 2 Deluxe (Version: 2.2.0.95) Build-a-lot 2 (Version: 2.2.0.95) CCleaner (Version: 4.00) Chuzzle Deluxe (Version: 2.2.0.95) D3DX10 (Version: 15.4.2368.0902) Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95) DRIVERfighter (Version: 1.1.31) Efficient Diary 3.0 eMachines Game Console eMachines Games (Version: 1.0.1.3) eMachines Recovery Management (Version: 4.05.3013) eMachines Registration (Version: 1.03.3003) eMachines ScreenSaver (Version: 1.1.0825.2010) eMachines Updater (Version: 1.02.3001) Farm Frenzy (Version: 2.2.0.95) FATE (Version: 2.2.0.95) Fighters (Version: 4.1.265) Final Drive Nitro (Version: 2.2.0.95) Free Studio version 5.5.0 (Version: 5.5.0) Free YouTube Download version 3.1.39.1015 (Version: 3.1.39.1015) Free YouTube to MP3 Converter version 3.11.26.706 (Version: 3.11.26.706) FULL-DISKfighter (Version: 1.4.28) GIMP 2.6.8 Google Update Helper (Version: 1.3.21.111) Hotkey Utility (Version: 2.05.3009) Identity Card (Version: 1.00.3003) ImagXpress (Version: 7.0.74.0) Insaniquarium Deluxe (Version: 2.2.0.95) Internet-TV für Windows Media Center (Version: 4.2.2.0) Jardinains! Java(TM) 6 Update 29 (Version: 6.0.290) Java(TM) 6 Update 31 (Version: 6.0.310) Jewel Quest Solitaire 2 (Version: 2.2.0.95) John Deere Drive Green (Version: 2.2.0.95) Junk Mail filter update (Version: 15.4.3502.0922) Malwarebytes Anti-Malware Version 1.65.0.1400 (Version: 1.65.0.1400) map&guide base (Version: 1.05.00000) Mesh Runtime (Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft AutoRoute 2002 (Version: 9.00.17.0200) Microsoft Encarta Enzyklopädie 2002 (Version: 2002) Microsoft Office 2010 (Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office Starter 2010 - Deutsch (Version: 14.0.4763.1000) Microsoft Picture It! Foto 2002 (Version: 6.0.0.0000) Microsoft PowerPoint Viewer (Version: 14.0.6029.1000) Microsoft Security Client (Version: 4.1.0522.0) Microsoft Security Essentials (Version: 4.1.522.0) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Word 2002 (Version: 10.0.6626.0) Microsoft Works 2002-Setup-Start Microsoft Works 6.0 (Version: 06.00.0000) Microsoft Works Suite-Add-Ins für Microsoft Word (Version: 2.0.0.0000) Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1) Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1) Mozilla Firefox 20.0.1 (x86 de) (Version: 20.0.1) Mozilla Maintenance Service (Version: 17.0.6) Mozilla Thunderbird 17.0.6 (x86 de) (Version: 17.0.6) MSVC80_x64_v2 (Version: 1.0.3.0) MSVC80_x86_v2 (Version: 1.0.3.0) MSVC90_x64 (Version: 1.0.1.2) MSVC90_x86 (Version: 1.0.1.2) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nero 9 Essentials Nero ControlCenter (Version: 9.0.0.1) Nero DiscSpeed (Version: 5.4.13.100) Nero DiscSpeed Help (Version: 5.4.4.100) Nero DriveSpeed (Version: 4.4.12.100) Nero DriveSpeed Help (Version: 4.4.4.100) Nero Express Help (Version: 9.4.37.100) Nero InfoTool (Version: 6.4.12.100) Nero InfoTool Help (Version: 6.4.4.100) Nero Installer (Version: 4.4.9.0) Nero Online Upgrade (Version: 1.3.0.0) Nero StartSmart (Version: 9.4.37.100) Nero StartSmart Help (Version: 9.4.27.100) Nero StartSmart OEM (Version: 9.15.0.100) NeroExpress (Version: 9.4.37.100) neroxml (Version: 1.0.0) Nokia Connectivity Cable Driver (Version: 7.1.101.0) Nokia Suite (Version: 3.7.22.0) NVIDIA Grafiktreiber 266.84 (Version: 266.84) NVIDIA Install Application (Version: 2.1002.109.718) NVIDIA PhysX (Version: 9.10.0514) NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514) NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6684) NVIDIA Systemsteuerung 266.84 (Version: 266.84) OpenOffice.org 3.3 (Version: 3.3.9567) Opera 12.15 (Version: 12.15.1748) PC Connectivity Solution (Version: 12.0.76.0) Penguins! (Version: 2.2.0.95) PhotoScape Plants vs. Zombies (Version: 2.2.0.95) Polar Bowler (Version: 2.2.0.95) Polar Golfer (Version: 2.2.0.95) Realtek High Definition Audio Driver (Version: 6.0.1.6662) Shockwave SLOW-PCfighter (Version: 1.7.35) Sonnensystem 3.0 (Version: 1.0.0) SPYWAREfighter (Version: 4.1.265) Stellarium 0.11.4 (Version: 0.11.4) Teachmaster 4.3 (nur Entfernen) TuneUp Utilities 2012 (Version: 12.0.3600.73) TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.73) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95) VLC media player 2.0.6 (Version: 2.0.6) Welcome Center (Version: 1.02.3005) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live Fotogalerie (Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Windows Media Center Add-in for Silverlight (Version: 4.7.3.0) Windows-Treiberpaket - Intel hdc (10/05/2012 9.1.9.1002) (Version: 10/05/2012 9.1.9.1002) Windows-Treiberpaket - Intel System (10/05/2012 9.1.9.1002) (Version: 10/05/2012 9.1.9.1002) Windows-Treiberpaket - Intel USB (10/05/2012 9.1.9.1002) (Version: 10/05/2012 9.1.9.1002) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0) Windows-Treiberpaket - NVIDIA Corporation (NVHDA) MEDIA (12/18/2012 1.3.23.1) (Version: 12/18/2012 1.3.23.1) Windows-Treiberpaket - Realtek (RTL8167) Net (12/26/2012 7.067.1226.2012) (Version: 12/26/2012 7.067.1226.2012) Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662) (Version: 06/19/2012 6.0.1.6662) Works Suite-Betriebssystem-Pack (Version: 1.0.0.0000) Works-Synchronisierung (Version: 1.0.0.0000) x-plugin-0 Zuma Deluxe (Version: 2.2.0.95) Zuma's Revenge (Version: 2.2.0.95) ==================== Restore Points ========================= 24-05-2013 18:23:35 Windows Update 27-05-2013 13:59:00 Wiederherstellungsvorgang 27-05-2013 15:05:49 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/27/2013 05:08:19 PM) (Source: Microsoft Security Client Setup) (User: MACK327) Description: HRESULT:0x8004FF80 Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80. Error: (05/27/2013 05:08:09 PM) (Source: MsiInstaller) (User: MACK327) Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services. Error: (05/26/2013 10:23:50 PM) (Source: Application Hang) (User: ) Description: Programm thunderbird.exe, Version 17.0.6.4877 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d80 Startzeit: 01ce5a4ea23a6e53 Endzeit: 34 Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Berichts-ID: 24426c1a-c642-11e2-b819-1078d2cc536b Error: (05/24/2013 09:19:32 PM) (Source: Application Hang) (User: ) Description: Programm thunderbird.exe, Version 17.0.6.4877 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 944 Startzeit: 01ce58b181db7fde Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Berichts-ID: d8d04c3a-c4a6-11e2-aff2-1078d2cc536b Error: (05/24/2013 09:03:57 PM) (Source: Application Hang) (User: ) Description: Programm thunderbird.exe, Version 17.0.6.4877 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d94 Startzeit: 01ce58b132376ec3 Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Berichts-ID: ab264267-c4a4-11e2-aff2-1078d2cc536b Error: (05/24/2013 08:24:47 PM) (Source: Microsoft Security Client Setup) (User: NT-AUTORITÄT) Description: HRESULT:0x8004FF80 Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80. Error: (05/24/2013 08:24:46 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services. Error: (05/24/2013 08:23:34 PM) (Source: Application Hang) (User: ) Description: Programm thunderbird.exe, Version 17.0.6.4877 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 608 Startzeit: 01ce58a79b47838a Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Berichts-ID: 05e4d97f-c49f-11e2-9529-1078d2cc536b Error: (05/24/2013 07:55:48 PM) (Source: Microsoft Security Client Setup) (User: MACK327) Description: HRESULT:0x8004FF80 Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80. Error: (05/24/2013 07:55:39 PM) (Source: MsiInstaller) (User: MACK327) Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services. System errors: ============= Error: (05/27/2013 05:53:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (05/27/2013 05:09:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update for Microsoft Security Essentials - KB2804527 (4.2.223.1) Error: (05/27/2013 04:09:42 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (05/27/2013 04:07:06 PM) (Source: Microsoft Antimalware) (User: ) Description: Beim Laden der Signaturen wurde von %60 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte Signaturen: %24 Fehlercode: 0x80070002 Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden. Signaturversion: 1.151.842.0;1.151.842.0 Modulversion: %600 Error: (05/27/2013 03:10:50 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (05/27/2013 03:10:49 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (05/27/2013 02:25:34 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (05/27/2013 00:09:03 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (05/26/2013 11:44:12 PM) (Source: Service Control Manager) (User: ) Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/26/2013 11:36:25 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Microsoft Office Sessions: ========================= Error: (05/27/2013 05:08:19 PM) (Source: Microsoft Security Client Setup)(User: MACK327) Description: HRESULT:0x8004FF80 Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80. Error: (05/27/2013 05:08:09 PM) (Source: MsiInstaller)(User: MACK327) Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/26/2013 10:23:50 PM) (Source: Application Hang)(User: ) Description: thunderbird.exe17.0.6.4877d8001ce5a4ea23a6e5334C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe24426c1a-c642-11e2-b819-1078d2cc536b Error: (05/24/2013 09:19:32 PM) (Source: Application Hang)(User: ) Description: thunderbird.exe17.0.6.487794401ce58b181db7fde15C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exed8d04c3a-c4a6-11e2-aff2-1078d2cc536b Error: (05/24/2013 09:03:57 PM) (Source: Application Hang)(User: ) Description: thunderbird.exe17.0.6.4877d9401ce58b132376ec331C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeab264267-c4a4-11e2-aff2-1078d2cc536b Error: (05/24/2013 08:24:47 PM) (Source: Microsoft Security Client Setup)(User: NT-AUTORITÄT) Description: HRESULT:0x8004FF80 Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80. Error: (05/24/2013 08:24:46 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/24/2013 08:23:34 PM) (Source: Application Hang)(User: ) Description: thunderbird.exe17.0.6.487760801ce58a79b47838a16C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe05e4d97f-c49f-11e2-9529-1078d2cc536b Error: (05/24/2013 07:55:48 PM) (Source: Microsoft Security Client Setup)(User: MACK327) Description: HRESULT:0x8004FF80 Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x8004FF80. Error: (05/24/2013 07:55:39 PM) (Source: MsiInstaller)(User: MACK327) Description: Product: Microsoft Security Client -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL) ==================== Memory info =========================== Percentage of memory in use: 46% Total physical RAM: 4095.24 MB Available physical RAM: 2182.3 MB Total Pagefile: 8188.67 MB Available Pagefile: 6007.9 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (eMachines) (Fixed) (Total:916.91 GB) (Free:843.7 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0F7E7F14) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-05-2013 Ran by Friedrich (administrator) on 27-05-2013 20:05:32 Running from C:\Users\Friedrich\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) C:\Users\Friedrich\AppData\Roaming\Qyynu\onis.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (Preventon Technologies Limited) C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe (Preventon Technologies Limited) C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE (Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\MSWorks.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation) HKCU\...\Run: [] [x] HKCU\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1090040 2012-12-21] (Nokia) HKCU\...\Run: [Rybearpye] C:\Users\Friedrich\AppData\Roaming\Qyynu\onis.exe [229888 2012-03-21] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] () HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1480736 2013-03-29] (SPAMfighter ApS) HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] () IMEO: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\nokiasuite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" Startup: C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {DFE479D3-C985-4C4F-B631-AAC8F63DFD2B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=c07f8587-d6ca-47e1-9882-df6556140c4b&apn_sauid=35394BE4-D0DB-41CB-B55D-389AAA2E4BDB BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - xplugin - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - C:\Users\Friedrich\AppData\Roaming\xplugin\toolbar.dll () Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - No File Handler: msdaipp - No CLSID Value - Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: msdaipp - No CLSID Value - Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Flagfox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF Extension: ReminderFox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} FF Extension: IMinent Toolbar - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} FF Extension: movie2kdownloader - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi FF Extension: text2voice - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\text2voice@vik.josh.xpi FF Extension: No Name - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Chrome: ======= ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG) S3 Common Toolkit 2; C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe [338432 2013-04-08] (SPAMfighter ApS) S4 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.) S4 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-07] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-07] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation) R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1281568 2013-03-18] (SPAMfighter ApS) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software) R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) R2 AV Engine Scanning Service; C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe [x] R2 AV Watch Service; C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe [x] S2 HPSLPSVC; C:\Users\FRIEDR~1\AppData\Local\Temp\7zS2056\hpslpsvc64.dll [x] ==================== Drivers (Whitelisted) ==================== R3 AVFSFilter; C:\Windows\System32\DRIVERS\avfsfilter.sys [13720 2012-09-17] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software) R2 avgntflt; system32\DRIVERS\avgntflt.sys [x] R1 avipbb; system32\DRIVERS\avipbb.sys [x] R1 avkmgr; system32\DRIVERS\avkmgr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-27 20:05 - 2013-05-27 20:05 - 00000000 ____D C:\FRST 2013-05-27 20:04 - 2013-05-27 20:04 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64 (1).exe 2013-05-27 20:03 - 2013-05-27 20:03 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe 2013-05-27 17:57 - 2013-05-27 17:57 - 00050477 ____A C:\Users\Friedrich\Downloads\Defogger.exe 2013-05-27 17:51 - 2013-05-27 17:51 - 00000056 ____A C:\Windows\setupact.log 2013-05-27 17:50 - 2013-05-27 17:50 - 00410824 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-27 17:08 - 2013-05-27 17:08 - 00109120 ____A C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT 2013-05-27 17:07 - 2013-05-27 17:07 - 00000000 ____D C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures 2013-05-24 20:24 - 2013-05-27 16:04 - 00000000 ____D C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures 2013-05-24 19:55 - 2013-05-24 19:55 - 00000000 ____D C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures 2013-05-22 16:37 - 2013-05-22 16:38 - 19677152 ____A (Mozilla) C:\Users\Friedrich\Downloads\Thunderbird_Setup_17.0.6.exe 2013-05-19 16:24 - 2013-05-19 16:24 - 00000000 ____D C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures 2013-05-18 21:53 - 2013-05-18 21:53 - 00000000 ____D C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures 2013-05-18 21:51 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-18 21:51 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-18 21:51 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-18 21:51 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-18 21:51 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-18 21:51 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-18 21:51 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-18 21:51 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-18 21:51 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-18 21:51 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-18 21:50 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-18 21:50 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-18 21:50 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-18 21:50 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-18 21:50 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-18 21:50 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-18 21:50 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-18 21:50 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-18 21:50 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-18 21:50 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-18 21:50 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-18 21:50 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-18 21:50 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-18 21:50 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-14 18:48 - 2013-05-14 18:48 - 00000000 ____D C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures 2013-05-14 14:05 - 2013-05-14 14:07 - 00000000 ____D C:\Users\Friedrich\CT 2013-05-13 21:56 - 2013-05-22 23:34 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Azxeu 2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Qyynu 2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Mied 2013-05-10 19:14 - 2013-05-10 19:14 - 00000000 ____D C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures 2013-05-10 02:28 - 2013-05-10 02:28 - 00000037 ____A C:\Users\Friedrich\.gtk-bookmarks 2013-05-07 16:09 - 2013-05-07 16:09 - 00000000 ____D C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures 2013-05-06 20:19 - 2013-05-06 20:19 - 00000000 ____D C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures 2013-05-06 02:10 - 2012-06-19 16:54 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys 2013-05-06 02:10 - 2012-06-19 13:31 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT 2013-05-06 02:10 - 2012-06-14 13:43 - 05096448 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat 2013-05-06 02:10 - 2012-06-08 16:18 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll 2013-05-06 02:10 - 2012-06-06 10:44 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll 2013-05-06 02:10 - 2012-06-01 09:37 - 02674320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll 2013-05-06 02:10 - 2012-05-31 18:08 - 00105616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 00141152 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 00123744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 00074592 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll 2013-05-06 02:10 - 2012-05-10 15:22 - 01262696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll 2013-05-06 02:10 - 2012-04-10 14:40 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll 2013-05-06 02:10 - 2012-04-03 18:42 - 01345368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll 2013-05-06 02:10 - 2012-04-03 18:42 - 01015640 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll 2013-05-06 02:10 - 2012-02-21 19:45 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll 2013-05-06 02:10 - 2012-02-17 15:54 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll 2013-05-06 02:10 - 2012-02-14 00:05 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll 2013-05-06 02:10 - 2012-01-30 11:43 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll 2013-05-06 02:10 - 2012-01-23 22:30 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll 2013-05-06 02:10 - 2012-01-23 22:30 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll 2013-05-06 02:10 - 2012-01-23 22:30 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll 2013-05-06 02:10 - 2012-01-10 10:20 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll 2013-05-06 02:10 - 2011-12-20 15:32 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll 2013-05-06 02:10 - 2011-12-20 05:43 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll 2013-05-06 02:10 - 2011-12-18 17:58 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll 2013-05-06 02:10 - 2011-12-13 16:58 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl 2013-05-06 02:10 - 2011-11-22 16:28 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll 2013-05-06 02:10 - 2011-09-02 14:21 - 00221024 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll 2013-05-06 02:10 - 2011-09-02 14:21 - 00081248 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll 2013-05-06 02:10 - 2011-09-02 14:21 - 00078688 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll 2013-05-06 02:10 - 2011-08-23 17:00 - 00603984 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 01756264 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 01568360 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00712296 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00693352 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00491112 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00432744 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00241768 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll 2013-05-06 02:10 - 2011-03-17 12:17 - 01361336 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll 2013-05-06 02:10 - 2011-03-07 17:11 - 00148416 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll 2013-05-06 02:10 - 2010-11-03 18:30 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll 2013-05-06 02:10 - 2010-10-03 13:46 - 00341336 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll 2013-05-06 02:10 - 2010-09-27 09:34 - 00318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll 2013-05-06 02:10 - 2010-07-22 16:48 - 00074064 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll 2013-05-06 02:10 - 2009-11-24 09:55 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll 2013-05-06 02:10 - 2009-11-24 09:55 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll 2013-05-06 02:10 - 2009-11-24 09:55 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll 2013-05-06 02:10 - 2009-11-24 09:55 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll 2013-05-06 02:09 - 2012-03-08 11:47 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll 2013-05-06 02:09 - 2012-03-08 11:47 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll 2013-05-06 02:09 - 2011-05-31 09:42 - 01486952 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll 2013-05-06 02:09 - 2011-05-31 09:42 - 00728680 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll 2013-05-06 02:09 - 2011-05-31 09:42 - 00428648 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll 2013-05-06 02:09 - 2011-05-31 09:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll 2013-05-06 02:08 - 2012-12-26 18:26 - 00805088 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys 2013-05-06 02:08 - 2012-12-26 18:26 - 00074344 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll 2013-05-06 02:05 - 2013-01-29 05:35 - 00194488 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys 2013-05-06 02:05 - 2013-01-29 05:35 - 00031672 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll 2013-05-05 01:00 - 2013-05-05 01:00 - 00000000 ____A C:\Windows\setuperr.log 2013-05-05 00:42 - 2013-05-05 00:42 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2013-05-05 00:42 - 2013-05-05 00:42 - 00074752 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE 2013-05-05 00:41 - 2013-05-05 00:41 - 00000315 ____A C:\Windows\ST6UNST.000 2013-05-02 22:56 - 2013-05-02 22:56 - 00000000 ____D C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures 2013-05-02 22:47 - 2013-05-02 22:47 - 00000000 ____D C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures 2013-05-02 16:09 - 2013-05-02 16:09 - 00000000 ___AD C:\Program Files (x86)\FromDocToPDF_65EI 2013-05-02 15:53 - 2013-05-27 18:00 - 00000406 ____A C:\Windows\Tasks\DRIVERfighter Auto Start.job 2013-05-02 15:53 - 2013-05-02 15:54 - 00000000 ____D C:\ProgramData\BSD 2013-05-02 15:53 - 2013-05-02 15:53 - 00002145 ____A C:\Users\Public\Desktop\DRIVERfighter.lnk 2013-05-01 23:31 - 2013-05-02 21:57 - 00000583 ____A C:\Windows\System32\MyDefrag.debuglog 2013-05-01 23:30 - 2013-05-01 23:30 - 00002013 ____A C:\Users\Public\Desktop\FULL-DISKfighter.lnk 2013-05-01 23:12 - 2013-05-01 23:12 - 00000206 ____A C:\Users\Friedrich\Documents\cc_20130501_231214.reg 2013-05-01 22:52 - 2013-05-27 17:51 - 00000392 ____A C:\Windows\Tasks\SLOW-PCfighter64-Friedrich-Notification.job 2013-05-01 22:52 - 2013-05-01 22:52 - 00002057 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk 2013-05-01 22:51 - 2013-05-01 22:51 - 00000000 ____D C:\Program Files\Fighters 2013-05-01 14:17 - 2013-05-01 14:18 - 00000000 ____D C:\Windows\Temp55F0949B-8A90-1527-5654-B1366872E9CB-Signatures 2013-05-01 13:10 - 2013-05-01 13:10 - 00000000 ____D C:\Windows\TempFB35FD7F-1ED1-8A86-7D89-C36D3F2738BB-Signatures 2013-04-30 01:57 - 2013-04-30 01:57 - 00000000 ___HD C:\Windows\AxInstSV 2013-04-28 23:43 - 2013-04-29 20:30 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Emwied 2013-04-28 23:43 - 2013-04-28 23:43 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Awhan 2013-04-27 14:19 - 2013-04-29 21:10 - 00000000 ____D C:\Windows\Temp22A20089-2110-14E1-9571-C221261B9BC4-Signatures 2013-04-27 13:47 - 2013-04-27 13:48 - 00000000 ____D C:\Windows\Temp0B095ADC-70E4-20B4-1963-D2799FB171D2-Signatures ==================== One Month Modified Files and Folders ======= 2013-05-27 20:05 - 2013-05-27 20:05 - 00000000 ____D C:\FRST 2013-05-27 20:04 - 2013-05-27 20:04 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64 (1).exe 2013-05-27 20:03 - 2013-05-27 20:03 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe 2013-05-27 20:00 - 2011-09-23 12:48 - 00000000 ___RD C:\Users\Friedrich\Eigene Texte 2013-05-27 19:55 - 2012-11-10 13:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-27 18:00 - 2013-05-02 15:53 - 00000406 ____A C:\Windows\Tasks\DRIVERfighter Auto Start.job 2013-05-27 17:58 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-27 17:58 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-27 17:57 - 2013-05-27 17:57 - 00050477 ____A C:\Users\Friedrich\Downloads\Defogger.exe 2013-05-27 17:55 - 2012-09-08 01:35 - 01868839 ____A C:\Windows\WindowsUpdate.log 2013-05-27 17:53 - 2009-07-14 04:34 - 00000466 ____A C:\Windows\win.ini 2013-05-27 17:51 - 2013-05-27 17:51 - 00000056 ____A C:\Windows\setupact.log 2013-05-27 17:51 - 2013-05-01 22:52 - 00000392 ____A C:\Windows\Tasks\SLOW-PCfighter64-Friedrich-Notification.job 2013-05-27 17:51 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-27 17:50 - 2013-05-27 17:50 - 00410824 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-27 17:08 - 2013-05-27 17:08 - 00109120 ____A C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT 2013-05-27 17:08 - 2012-11-07 19:26 - 00002113 ____A C:\Windows\epplauncher.mif 2013-05-27 17:07 - 2013-05-27 17:07 - 00000000 ____D C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures 2013-05-27 16:06 - 2011-10-21 14:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-27 16:06 - 2011-09-21 17:16 - 00000000 ____D C:\users\Friedrich 2013-05-27 16:04 - 2013-05-24 20:24 - 00000000 ____D C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures 2013-05-27 16:04 - 2012-11-19 19:44 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Mozilla 2013-05-27 16:04 - 2011-11-10 00:53 - 00000000 ____D C:\ProgramData\clp 2013-05-27 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-05-25 02:33 - 2011-10-12 19:27 - 00000000 ____D C:\Users\Friedrich\AppData\Local\CrashDumps 2013-05-24 19:55 - 2013-05-24 19:55 - 00000000 ____D C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures 2013-05-22 23:34 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Azxeu 2013-05-22 19:52 - 2012-10-15 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-22 16:40 - 2011-09-25 11:23 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Thunderbird 2013-05-22 16:40 - 2011-09-25 11:21 - 00002099 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2013-05-22 16:40 - 2011-09-25 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-05-22 16:38 - 2013-05-22 16:37 - 19677152 ____A (Mozilla) C:\Users\Friedrich\Downloads\Thunderbird_Setup_17.0.6.exe 2013-05-19 18:22 - 2012-11-06 23:43 - 00000078 ____A C:\Users\Friedrich\AppData\Roaming\mbam.context.scan 2013-05-19 16:24 - 2013-05-19 16:24 - 00000000 ____D C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures 2013-05-18 22:07 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther 2013-05-18 21:58 - 2011-09-21 18:29 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-18 21:56 - 2011-03-28 20:10 - 00654594 ____A C:\Windows\System32\perfh007.dat 2013-05-18 21:56 - 2011-03-28 20:10 - 00130208 ____A C:\Windows\System32\perfc007.dat 2013-05-18 21:56 - 2009-07-14 07:13 - 01521310 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-18 21:53 - 2013-05-18 21:53 - 00000000 ____D C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures 2013-05-15 14:55 - 2012-05-08 10:08 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-15 14:55 - 2011-09-28 19:16 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-14 18:48 - 2013-05-14 18:48 - 00000000 ____D C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures 2013-05-14 14:07 - 2013-05-14 14:05 - 00000000 ____D C:\Users\Friedrich\CT 2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Qyynu 2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Mied 2013-05-10 19:14 - 2013-05-10 19:14 - 00000000 ____D C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures 2013-05-10 02:33 - 2011-09-25 16:00 - 00000000 ____D C:\Users\Friedrich\.gimp-2.6 2013-05-10 02:29 - 2012-06-18 22:32 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\gtk-2.0 2013-05-10 02:28 - 2013-05-10 02:28 - 00000037 ____A C:\Users\Friedrich\.gtk-bookmarks 2013-05-10 02:22 - 2011-09-25 14:54 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\PhotoScape 2013-05-07 16:09 - 2013-05-07 16:09 - 00000000 ____D C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures 2013-05-06 20:19 - 2013-05-06 20:19 - 00000000 ____D C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures 2013-05-06 02:12 - 2011-04-07 13:59 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2013-05-06 02:11 - 2011-10-12 18:52 - 00000000 ____D C:\Program Files\DIFX 2013-05-05 01:00 - 2013-05-05 01:00 - 00000000 ____A C:\Windows\setuperr.log 2013-05-05 00:42 - 2013-05-05 00:42 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2013-05-05 00:42 - 2013-05-05 00:42 - 00074752 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE 2013-05-05 00:41 - 2013-05-05 00:41 - 00000315 ____A C:\Windows\ST6UNST.000 2013-05-02 23:51 - 2011-10-03 12:08 - 00000000 ____D C:\Program Files\Google 2013-05-02 23:51 - 2011-09-25 14:54 - 00000000 ____D C:\Program Files (x86)\Google 2013-05-02 23:27 - 2011-09-27 15:12 - 00002318 ____A C:\Users\Friedrich\Desktop\Internet Explorer.lnk 2013-05-02 22:56 - 2013-05-02 22:56 - 00000000 ____D C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures 2013-05-02 22:55 - 2011-10-03 12:07 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Google 2013-05-02 22:47 - 2013-05-02 22:47 - 00000000 ____D C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures 2013-05-02 21:57 - 2013-05-01 23:31 - 00000583 ____A C:\Windows\System32\MyDefrag.debuglog 2013-05-02 21:49 - 2012-11-07 19:12 - 00000000 ____D C:\Users\Friedrich\Documents\avira_registry_70012cleaner_de 2013-05-02 21:49 - 2011-09-23 12:46 - 00000000 ____D C:\OfficeUpdate11 2013-05-02 21:49 - 2010-09-02 10:58 - 00000000 ___HD C:\OEM 2013-05-02 21:49 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default 2013-05-02 21:48 - 2013-03-20 15:29 - 00000000 ____D C:\MFT 186073 2013-05-02 21:48 - 2011-04-07 14:02 - 00000000 ____D C:\ProgramData\NVIDIA 2013-05-02 17:29 - 2012-04-23 14:21 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-05-02 16:09 - 2013-05-02 16:09 - 00000000 ___AD C:\Program Files (x86)\FromDocToPDF_65EI 2013-05-02 15:54 - 2013-05-02 15:53 - 00000000 ____D C:\ProgramData\BSD 2013-05-02 15:53 - 2013-05-02 15:53 - 00002145 ____A C:\Users\Public\Desktop\DRIVERfighter.lnk 2013-05-02 15:53 - 2012-11-03 12:50 - 00000000 ____D C:\Program Files (x86)\Fighters 2013-05-02 15:53 - 2011-11-10 00:53 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Fighters 2013-05-02 15:52 - 2011-11-10 00:51 - 00000000 ____D C:\ProgramData\Fighters 2013-05-01 23:30 - 2013-05-01 23:30 - 00002013 ____A C:\Users\Public\Desktop\FULL-DISKfighter.lnk 2013-05-01 23:30 - 2011-11-10 00:52 - 00000000 ____D C:\ProgramData\Common Toolkit Suite 2013-05-01 23:12 - 2013-05-01 23:12 - 00000206 ____A C:\Users\Friedrich\Documents\cc_20130501_231214.reg 2013-05-01 22:52 - 2013-05-01 22:52 - 00002057 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk 2013-05-01 22:51 - 2013-05-01 22:51 - 00000000 ____D C:\Program Files\Fighters 2013-05-01 20:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-05-01 14:18 - 2013-05-01 14:17 - 00000000 ____D C:\Windows\Temp55F0949B-8A90-1527-5654-B1366872E9CB-Signatures 2013-05-01 13:10 - 2013-05-01 13:10 - 00000000 ____D C:\Windows\TempFB35FD7F-1ED1-8A86-7D89-C36D3F2738BB-Signatures 2013-04-30 01:57 - 2013-04-30 01:57 - 00000000 ___HD C:\Windows\AxInstSV 2013-04-29 21:10 - 2013-04-27 14:19 - 00000000 ____D C:\Windows\Temp22A20089-2110-14E1-9571-C221261B9BC4-Signatures 2013-04-29 20:30 - 2013-04-28 23:43 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Emwied 2013-04-28 23:43 - 2013-04-28 23:43 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Awhan 2013-04-27 13:48 - 2013-04-27 13:47 - 00000000 ____D C:\Windows\Temp0B095ADC-70E4-20B4-1963-D2799FB171D2-Signatures ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-04-16 17:47 ==================== End Of Log ============================ |
|
27.05.2013, 19:18
| #4 |
| /// the machine /// TB-Ausbilder | Habe ich Viren oder Trojaner auf meinem PC? Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Run: [] [x]
HKCU\...\Run: [Rybearpye] C:\Users\Friedrich\AppData\Roaming\Qyynu\onis.exe [229888 2012-03-21] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources)
SearchScopes: HKCU - {DFE479D3-C985-4C4F-B631-AAC8F63DFD2B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=c07f8587-d6ca-47e1-9882-df6556140c4b&apn_sauid=35394BE4-D0DB-41CB-B55D-389AAA2E4BDB
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - No File
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
FF Extension: IMinent Toolbar - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF Extension: movie2kdownloader - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi
S2 HPSLPSVC; C:\Users\FRIEDR~1\AppData\Local\Temp\7zS2056\hpslpsvc64.dll [x]
2013-05-13 21:56 - 2013-05-22 23:34 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Azxeu
2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Qyynu
2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Mied
2013-04-29 20:30 - 2013-04-28 23:43 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Emwied
2013-04-28 23:43 - 2013-04-28 23:43 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Awhan
dann noch nen frischen Scan mit FRST bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.05.2013, 23:39
| #5 |
| | Habe ich Viren oder Trojaner auf meinem PC? Hallo Schrauber, ich hoffe, dass hier sind die richtigen Daten aus der Datei: HKCU\...\Run: [] [x] HKCU\...\Run: [Rybearpye] C:\Users\Friedrich\AppData\Roaming\Qyynu\onis.exe [229888 2012-03-21] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) SearchScopes: HKCU - {DFE479D3-C985-4C4F-B631-AAC8F63DFD2B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=c07f8587-d6ca-47e1-9882-df6556140c4b&apn_sauid=35394BE4-D0DB-41CB-B55D-389AAA2E4BDB Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - No File Handler: msdaipp - No CLSID Value - Handler-x32: msdaipp - No CLSID Value - FF Extension: IMinent Toolbar - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} FF Extension: movie2kdownloader - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi S2 HPSLPSVC; C:\Users\FRIEDR~1\AppData\Local\Temp\7zS2056\hpslpsvc64.dll [x] 2013-05-13 21:56 - 2013-05-22 23:34 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Azxeu 2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Qyynu 2013-05-13 21:56 - 2013-05-13 21:56 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Mied 2013-04-29 20:30 - 2013-04-28 23:43 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Emwied 2013-04-28 23:43 - 2013-04-28 23:43 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Awhan Danke und Gruß Bluebird |
|
28.05.2013, 08:05
| #6 |
| /// the machine /// TB-Ausbilder | Habe ich Viren oder Trojaner auf meinem PC? Das sieht nicht nach Fixlog aus. Schau bitte nochmal auf dem Desktop, wo auch FRST liegt. da müsste eine Fixlog.txt sein. Ebsnso bitte nochmal nen frischen Scan mit FRST machen.
__________________ --> Habe ich Viren oder Trojaner auf meinem PC? |
|
28.05.2013, 13:28
| #7 |
| | Habe ich Viren oder Trojaner auf meinem PC? Hallo! Ist es diese: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-05-2013 Ran by Friedrich at 2013-05-28 14:19:08 Run:2 Running from C:\Users\Friedrich\Downloads Boot Mode: Normal ============================================== HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Rybearpye => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DFE479D3-C985-4C4F-B631-AAC8F63DFD2B} => Key not found. HKCR\CLSID\{DFE479D3-C985-4C4F-B631-AAC8F63DFD2B} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} => Value not found. HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} => Key not found. HKCR\PROTOCOLS\Handler\msdaipp => Key not found. HKCR\Wow6432Node\PROTOCOLS\Handler\msdaipp => Key not found. C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} not found. C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi not found. HPSLPSVC => Service not found. C:\Users\Friedrich\AppData\Roaming\Azxeu => Moved successfully. C:\Users\Friedrich\AppData\Roaming\Qyynu => File/Directory not found. C:\Users\Friedrich\AppData\Roaming\Mied => File/Directory not found. C:\Users\Friedrich\AppData\Roaming\Emwied => File/Directory not found. C:\Users\Friedrich\AppData\Roaming\Awhan => File/Directory not found. ==== End of Fixlog ==== Und dann noch einmal die neue FRST... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-05-2013 Ran by Friedrich (administrator) on 28-05-2013 14:24:59 Running from C:\Users\Friedrich\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Preventon Technologies Limited) C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Preventon Technologies Limited) C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE (Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\MSWorks.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation) HKCU\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1090040 2012-12-21] (Nokia) HKCU\...\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe [x] HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] () HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1480736 2013-03-29] (SPAMfighter ApS) HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] () HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] () IMEO: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\nokiasuite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" Startup: C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - xplugin - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - C:\Users\Friedrich\AppData\Roaming\xplugin\toolbar.dll () Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Flagfox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF Extension: ReminderFox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} FF Extension: text2voice - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\text2voice@vik.josh.xpi FF Extension: No Name - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Chrome: ======= ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG) S3 Common Toolkit 2; C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe [338432 2013-04-08] (SPAMfighter ApS) S4 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.) S4 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-07] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-07] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation) R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1281568 2013-03-18] (SPAMfighter ApS) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software) R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) R2 AV Engine Scanning Service; C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe [x] R2 AV Watch Service; C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe [x] ==================== Drivers (Whitelisted) ==================== R3 AVFSFilter; C:\Windows\System32\DRIVERS\avfsfilter.sys [13720 2012-09-17] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software) R2 avgntflt; system32\DRIVERS\avgntflt.sys [x] R1 avipbb; system32\DRIVERS\avipbb.sys [x] R1 avkmgr; system32\DRIVERS\avkmgr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-28 14:13 - 2013-05-28 14:13 - 00000356 ____A C:\Windows\PFRO.log 2013-05-28 14:08 - 2013-05-28 14:08 - 00001165 ____A C:\Users\Friedrich\Desktop\FRST64 - Verknüpfung.lnk 2013-05-28 13:48 - 2013-05-28 13:48 - 00039351 ____A C:\Users\Friedrich\Desktop\FRST.txt 2013-05-28 13:47 - 2013-05-28 14:10 - 00001617 ____A C:\Users\Friedrich\Desktop\Fixlist.txt 2013-05-27 20:06 - 2013-05-27 20:07 - 00019134 ____A C:\Users\Friedrich\Downloads\Addition.txt 2013-05-27 20:05 - 2013-05-28 14:12 - 00000000 ____D C:\FRST 2013-05-27 20:03 - 2013-05-27 20:03 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe 2013-05-27 17:51 - 2013-05-28 14:14 - 00000448 ____A C:\Windows\setupact.log 2013-05-27 17:50 - 2013-05-27 17:50 - 00410824 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-27 17:08 - 2013-05-27 17:08 - 00109120 ____A C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT 2013-05-27 17:07 - 2013-05-27 17:07 - 00000000 ____D C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures 2013-05-24 20:24 - 2013-05-27 16:04 - 00000000 ____D C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures 2013-05-24 19:55 - 2013-05-24 19:55 - 00000000 ____D C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures 2013-05-22 16:37 - 2013-05-22 16:38 - 19677152 ____A (Mozilla) C:\Users\Friedrich\Downloads\Thunderbird_Setup_17.0.6.exe 2013-05-19 16:24 - 2013-05-19 16:24 - 00000000 ____D C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures 2013-05-18 21:53 - 2013-05-18 21:53 - 00000000 ____D C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures 2013-05-18 21:51 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-18 21:51 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-18 21:51 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-18 21:51 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-18 21:51 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-18 21:51 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-18 21:51 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-18 21:51 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-18 21:51 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-18 21:51 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-18 21:50 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-18 21:50 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-18 21:50 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-18 21:50 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-18 21:50 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-18 21:50 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-18 21:50 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-18 21:50 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-18 21:50 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-18 21:50 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-18 21:50 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-18 21:50 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-18 21:50 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-18 21:50 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-14 18:48 - 2013-05-14 18:48 - 00000000 ____D C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures 2013-05-14 14:05 - 2013-05-14 14:07 - 00000000 ____D C:\Users\Friedrich\CT 2013-05-10 19:14 - 2013-05-10 19:14 - 00000000 ____D C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures 2013-05-10 02:28 - 2013-05-10 02:28 - 00000037 ____A C:\Users\Friedrich\.gtk-bookmarks 2013-05-07 16:09 - 2013-05-07 16:09 - 00000000 ____D C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures 2013-05-06 20:19 - 2013-05-06 20:19 - 00000000 ____D C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures 2013-05-06 02:10 - 2012-06-19 16:54 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys 2013-05-06 02:10 - 2012-06-19 13:31 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT 2013-05-06 02:10 - 2012-06-14 13:43 - 05096448 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat 2013-05-06 02:10 - 2012-06-08 16:18 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll 2013-05-06 02:10 - 2012-06-06 10:44 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll 2013-05-06 02:10 - 2012-06-01 09:37 - 02674320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll 2013-05-06 02:10 - 2012-05-31 18:08 - 00105616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 00141152 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 00123744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 00074592 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll 2013-05-06 02:10 - 2012-05-10 15:22 - 01262696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll 2013-05-06 02:10 - 2012-04-10 14:40 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll 2013-05-06 02:10 - 2012-04-03 18:42 - 01345368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll 2013-05-06 02:10 - 2012-04-03 18:42 - 01015640 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll 2013-05-06 02:10 - 2012-02-21 19:45 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll 2013-05-06 02:10 - 2012-02-17 15:54 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll 2013-05-06 02:10 - 2012-02-14 00:05 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll 2013-05-06 02:10 - 2012-01-30 11:43 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll 2013-05-06 02:10 - 2012-01-23 22:30 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll 2013-05-06 02:10 - 2012-01-23 22:30 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll 2013-05-06 02:10 - 2012-01-23 22:30 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll 2013-05-06 02:10 - 2012-01-10 10:20 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll 2013-05-06 02:10 - 2011-12-20 15:32 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll 2013-05-06 02:10 - 2011-12-20 05:43 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll 2013-05-06 02:10 - 2011-12-18 17:58 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll 2013-05-06 02:10 - 2011-12-13 16:58 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl 2013-05-06 02:10 - 2011-11-22 16:28 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll 2013-05-06 02:10 - 2011-09-02 14:21 - 00221024 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll 2013-05-06 02:10 - 2011-09-02 14:21 - 00081248 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll 2013-05-06 02:10 - 2011-09-02 14:21 - 00078688 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll 2013-05-06 02:10 - 2011-08-23 17:00 - 00603984 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 01756264 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 01568360 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00712296 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00693352 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00491112 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00432744 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00241768 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll 2013-05-06 02:10 - 2011-03-17 12:17 - 01361336 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll 2013-05-06 02:10 - 2011-03-07 17:11 - 00148416 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll 2013-05-06 02:10 - 2010-11-03 18:30 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll 2013-05-06 02:10 - 2010-10-03 13:46 - 00341336 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll 2013-05-06 02:10 - 2010-09-27 09:34 - 00318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll 2013-05-06 02:10 - 2010-07-22 16:48 - 00074064 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll 2013-05-06 02:10 - 2009-11-24 09:55 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll 2013-05-06 02:10 - 2009-11-24 09:55 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll 2013-05-06 02:10 - 2009-11-24 09:55 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll 2013-05-06 02:10 - 2009-11-24 09:55 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll 2013-05-06 02:09 - 2012-03-08 11:47 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll 2013-05-06 02:09 - 2012-03-08 11:47 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll 2013-05-06 02:09 - 2011-05-31 09:42 - 01486952 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll 2013-05-06 02:09 - 2011-05-31 09:42 - 00728680 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll 2013-05-06 02:09 - 2011-05-31 09:42 - 00428648 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll 2013-05-06 02:09 - 2011-05-31 09:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll 2013-05-06 02:08 - 2012-12-26 18:26 - 00805088 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys 2013-05-06 02:08 - 2012-12-26 18:26 - 00074344 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll 2013-05-06 02:05 - 2013-01-29 05:35 - 00194488 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys 2013-05-06 02:05 - 2013-01-29 05:35 - 00031672 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll 2013-05-05 01:00 - 2013-05-05 01:00 - 00000000 ____A C:\Windows\setuperr.log 2013-05-05 00:42 - 2013-05-05 00:42 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2013-05-05 00:42 - 2013-05-05 00:42 - 00074752 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE 2013-05-05 00:41 - 2013-05-05 00:41 - 00000315 ____A C:\Windows\ST6UNST.000 2013-05-02 22:56 - 2013-05-02 22:56 - 00000000 ____D C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures 2013-05-02 22:47 - 2013-05-02 22:47 - 00000000 ____D C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures 2013-05-02 16:09 - 2013-05-02 16:09 - 00000000 ___AD C:\Program Files (x86)\FromDocToPDF_65EI 2013-05-02 15:53 - 2013-05-28 14:18 - 00000406 ____A C:\Windows\Tasks\DRIVERfighter Auto Start.job 2013-05-02 15:53 - 2013-05-02 15:54 - 00000000 ____D C:\ProgramData\BSD 2013-05-02 15:53 - 2013-05-02 15:53 - 00002145 ____A C:\Users\Public\Desktop\DRIVERfighter.lnk 2013-05-01 23:31 - 2013-05-02 21:57 - 00000583 ____A C:\Windows\System32\MyDefrag.debuglog 2013-05-01 23:30 - 2013-05-01 23:30 - 00002013 ____A C:\Users\Public\Desktop\FULL-DISKfighter.lnk 2013-05-01 23:12 - 2013-05-01 23:12 - 00000206 ____A C:\Users\Friedrich\Documents\cc_20130501_231214.reg 2013-05-01 22:52 - 2013-05-28 14:14 - 00000392 ____A C:\Windows\Tasks\SLOW-PCfighter64-Friedrich-Notification.job 2013-05-01 22:52 - 2013-05-01 22:52 - 00002057 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk 2013-05-01 22:51 - 2013-05-01 22:51 - 00000000 ____D C:\Program Files\Fighters 2013-05-01 14:17 - 2013-05-01 14:18 - 00000000 ____D C:\Windows\Temp55F0949B-8A90-1527-5654-B1366872E9CB-Signatures 2013-05-01 13:10 - 2013-05-01 13:10 - 00000000 ____D C:\Windows\TempFB35FD7F-1ED1-8A86-7D89-C36D3F2738BB-Signatures 2013-04-30 01:57 - 2013-04-30 01:57 - 00000000 ___HD C:\Windows\AxInstSV ==================== One Month Modified Files and Folders ======= 2013-05-28 14:24 - 2011-09-23 12:48 - 00000000 ___RD C:\Users\Friedrich\Eigene Texte 2013-05-28 14:22 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-28 14:22 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-28 14:18 - 2013-05-02 15:53 - 00000406 ____A C:\Windows\Tasks\DRIVERfighter Auto Start.job 2013-05-28 14:18 - 2012-09-08 01:35 - 01920263 ____A C:\Windows\WindowsUpdate.log 2013-05-28 14:16 - 2009-07-14 04:34 - 00000466 ____A C:\Windows\win.ini 2013-05-28 14:14 - 2013-05-27 17:51 - 00000448 ____A C:\Windows\setupact.log 2013-05-28 14:14 - 2013-05-01 22:52 - 00000392 ____A C:\Windows\Tasks\SLOW-PCfighter64-Friedrich-Notification.job 2013-05-28 14:14 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-28 14:13 - 2013-05-28 14:13 - 00000356 ____A C:\Windows\PFRO.log 2013-05-28 14:12 - 2013-05-27 20:05 - 00000000 ____D C:\FRST 2013-05-28 14:10 - 2013-05-28 13:47 - 00001617 ____A C:\Users\Friedrich\Desktop\Fixlist.txt 2013-05-28 14:08 - 2013-05-28 14:08 - 00001165 ____A C:\Users\Friedrich\Desktop\FRST64 - Verknüpfung.lnk 2013-05-28 13:55 - 2012-11-10 13:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-28 13:48 - 2013-05-28 13:48 - 00039351 ____A C:\Users\Friedrich\Desktop\FRST.txt 2013-05-27 20:07 - 2013-05-27 20:06 - 00019134 ____A C:\Users\Friedrich\Downloads\Addition.txt 2013-05-27 20:03 - 2013-05-27 20:03 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe 2013-05-27 17:50 - 2013-05-27 17:50 - 00410824 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-27 17:08 - 2013-05-27 17:08 - 00109120 ____A C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT 2013-05-27 17:08 - 2012-11-07 19:26 - 00002113 ____A C:\Windows\epplauncher.mif 2013-05-27 17:07 - 2013-05-27 17:07 - 00000000 ____D C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures 2013-05-27 16:06 - 2011-10-21 14:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-27 16:06 - 2011-09-21 17:16 - 00000000 ____D C:\users\Friedrich 2013-05-27 16:04 - 2013-05-24 20:24 - 00000000 ____D C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures 2013-05-27 16:04 - 2012-11-19 19:44 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Mozilla 2013-05-27 16:04 - 2011-11-10 00:53 - 00000000 ____D C:\ProgramData\clp 2013-05-27 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-05-25 02:33 - 2011-10-12 19:27 - 00000000 ____D C:\Users\Friedrich\AppData\Local\CrashDumps 2013-05-24 19:55 - 2013-05-24 19:55 - 00000000 ____D C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures 2013-05-22 19:52 - 2012-10-15 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-22 16:40 - 2011-09-25 11:23 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Thunderbird 2013-05-22 16:40 - 2011-09-25 11:21 - 00002099 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2013-05-22 16:40 - 2011-09-25 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-05-22 16:38 - 2013-05-22 16:37 - 19677152 ____A (Mozilla) C:\Users\Friedrich\Downloads\Thunderbird_Setup_17.0.6.exe 2013-05-19 18:22 - 2012-11-06 23:43 - 00000078 ____A C:\Users\Friedrich\AppData\Roaming\mbam.context.scan 2013-05-19 16:24 - 2013-05-19 16:24 - 00000000 ____D C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures 2013-05-18 22:07 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther 2013-05-18 21:58 - 2011-09-21 18:29 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-18 21:56 - 2011-03-28 20:10 - 00654594 ____A C:\Windows\System32\perfh007.dat 2013-05-18 21:56 - 2011-03-28 20:10 - 00130208 ____A C:\Windows\System32\perfc007.dat 2013-05-18 21:56 - 2009-07-14 07:13 - 01521310 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-18 21:53 - 2013-05-18 21:53 - 00000000 ____D C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures 2013-05-15 14:55 - 2012-05-08 10:08 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-15 14:55 - 2011-09-28 19:16 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-14 18:48 - 2013-05-14 18:48 - 00000000 ____D C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures 2013-05-14 14:07 - 2013-05-14 14:05 - 00000000 ____D C:\Users\Friedrich\CT 2013-05-10 19:14 - 2013-05-10 19:14 - 00000000 ____D C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures 2013-05-10 02:33 - 2011-09-25 16:00 - 00000000 ____D C:\Users\Friedrich\.gimp-2.6 2013-05-10 02:29 - 2012-06-18 22:32 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\gtk-2.0 2013-05-10 02:28 - 2013-05-10 02:28 - 00000037 ____A C:\Users\Friedrich\.gtk-bookmarks 2013-05-10 02:22 - 2011-09-25 14:54 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\PhotoScape 2013-05-07 16:09 - 2013-05-07 16:09 - 00000000 ____D C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures 2013-05-06 20:19 - 2013-05-06 20:19 - 00000000 ____D C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures 2013-05-06 02:12 - 2011-04-07 13:59 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2013-05-06 02:11 - 2011-10-12 18:52 - 00000000 ____D C:\Program Files\DIFX 2013-05-05 01:00 - 2013-05-05 01:00 - 00000000 ____A C:\Windows\setuperr.log 2013-05-05 00:42 - 2013-05-05 00:42 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2013-05-05 00:42 - 2013-05-05 00:42 - 00074752 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE 2013-05-05 00:41 - 2013-05-05 00:41 - 00000315 ____A C:\Windows\ST6UNST.000 2013-05-02 23:51 - 2011-10-03 12:08 - 00000000 ____D C:\Program Files\Google 2013-05-02 23:51 - 2011-09-25 14:54 - 00000000 ____D C:\Program Files (x86)\Google 2013-05-02 23:27 - 2011-09-27 15:12 - 00002318 ____A C:\Users\Friedrich\Desktop\Internet Explorer.lnk 2013-05-02 22:56 - 2013-05-02 22:56 - 00000000 ____D C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures 2013-05-02 22:55 - 2011-10-03 12:07 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Google 2013-05-02 22:47 - 2013-05-02 22:47 - 00000000 ____D C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures 2013-05-02 21:57 - 2013-05-01 23:31 - 00000583 ____A C:\Windows\System32\MyDefrag.debuglog 2013-05-02 21:49 - 2012-11-07 19:12 - 00000000 ____D C:\Users\Friedrich\Documents\avira_registry_70012cleaner_de 2013-05-02 21:49 - 2011-09-23 12:46 - 00000000 ____D C:\OfficeUpdate11 2013-05-02 21:49 - 2010-09-02 10:58 - 00000000 ___HD C:\OEM 2013-05-02 21:49 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default 2013-05-02 21:48 - 2013-03-20 15:29 - 00000000 ____D C:\MFT 186073 2013-05-02 21:48 - 2011-04-07 14:02 - 00000000 ____D C:\ProgramData\NVIDIA 2013-05-02 17:29 - 2012-04-23 14:21 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-05-02 16:09 - 2013-05-02 16:09 - 00000000 ___AD C:\Program Files (x86)\FromDocToPDF_65EI 2013-05-02 15:54 - 2013-05-02 15:53 - 00000000 ____D C:\ProgramData\BSD 2013-05-02 15:53 - 2013-05-02 15:53 - 00002145 ____A C:\Users\Public\Desktop\DRIVERfighter.lnk 2013-05-02 15:53 - 2012-11-03 12:50 - 00000000 ____D C:\Program Files (x86)\Fighters 2013-05-02 15:53 - 2011-11-10 00:53 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\Fighters 2013-05-02 15:52 - 2011-11-10 00:51 - 00000000 ____D C:\ProgramData\Fighters 2013-05-01 23:30 - 2013-05-01 23:30 - 00002013 ____A C:\Users\Public\Desktop\FULL-DISKfighter.lnk 2013-05-01 23:30 - 2011-11-10 00:52 - 00000000 ____D C:\ProgramData\Common Toolkit Suite 2013-05-01 23:12 - 2013-05-01 23:12 - 00000206 ____A C:\Users\Friedrich\Documents\cc_20130501_231214.reg 2013-05-01 22:52 - 2013-05-01 22:52 - 00002057 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk 2013-05-01 22:51 - 2013-05-01 22:51 - 00000000 ____D C:\Program Files\Fighters 2013-05-01 20:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-05-01 14:18 - 2013-05-01 14:17 - 00000000 ____D C:\Windows\Temp55F0949B-8A90-1527-5654-B1366872E9CB-Signatures 2013-05-01 13:10 - 2013-05-01 13:10 - 00000000 ____D C:\Windows\TempFB35FD7F-1ED1-8A86-7D89-C36D3F2738BB-Signatures 2013-04-30 01:57 - 2013-04-30 01:57 - 00000000 ___HD C:\Windows\AxInstSV 2013-04-29 21:10 - 2013-04-27 14:19 - 00000000 ____D C:\Windows\Temp22A20089-2110-14E1-9571-C221261B9BC4-Signatures ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-04-16 17:47 ==================== End Of Log ============================ Hoffe, du kommst jetzt weiter! Danke! Gruß Bluebird |
|
28.05.2013, 15:10
| #8 |
| /// the machine /// TB-Ausbilder | Habe ich Viren oder Trojaner auf meinem PC? Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Und ein frisches FRST Scanlog. Wie läuft der Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.05.2013, 18:37
| #9 |
| | Habe ich Viren oder Trojaner auf meinem PC? Hallo Schrauber, hier das Ergebnis von adwcleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 28/05/2013 um 19:25:43 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Friedrich - MACK327
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Friedrich\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : IBUpdaterService
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\StartWeb.xml
Datei Gelöscht : C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\searchplugins\SweetIM Search.xml
Datei Gelöscht : C:\Users\Friedrich\Desktop\Check for Updates.lnk
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella
Ordner Gelöscht : C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\IMinent toolbar
Ordner Gelöscht : C:\Program Files (x86)\Movie2KDownloader.com
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Friedrich\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Friedrich\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Friedrich\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Friedrich\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Friedrich\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\HELPER
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\xplugin
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SweetIM Bundle by SweetPacks
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?ptr=100&crg=3.1010000.10039&barid={60F2140C-C7BA-11E2-AFF7-1078D2CC536B} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?ptr=100&crg=3.1010000.10039&barid={60F2140C-C7BA-11E2-AFF7-1078D2CC536B} --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\prefs.js
C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.15.1748.0
Datei : C:\Users\Friedrich\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [12540 octets] - [28/05/2013 19:25:43]
########## EOF - C:\AdwCleaner[S1].txt - [12601 octets] ##########
Ich muss jetzt doch sicherheitshalber lieber nochmal fragen: Welche Schutzsoftware sollte ich denn ausschalten? - Windows Firewall? - Microsoft Security Essentials? Und evtl. auch noch andere Tools von TuneUp Utilities und Spywarefighter? Möchte nichts falsch machen! Danke! LG Bluebird |
|
28.05.2013, 21:02
| #10 |
| /// the machine /// TB-Ausbilder | Habe ich Viren oder Trojaner auf meinem PC? Spywarefighter und MSE reicht 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.05.2013, 01:22
| #11 |
| | Habe ich Viren oder Trojaner auf meinem PC? Hallo Schrauber, hier die JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Friedrich on 28.05.2013 at 22:25:11,02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [Service] suite service Successfully deleted: [Service] suite service ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\commontoolkittray ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim ~~~ Files Successfully deleted: [File] "C:\Windows\tasks\driverfighter auto start.job" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\fighters" Successfully deleted: [Folder] "C:\Users\Friedrich\AppData\Roaming\fighters" Successfully deleted: [Folder] "C:\Program Files (x86)\fighters" Successfully deleted: [Folder] "C:\Program Files (x86)\wiseconvert" Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{072307CD-2EBD-404C-9E69-799C1572A4CA} Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{20DFC76E-9229-4E70-BC32-D1D1E25E0721} Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{3D45D6F4-1190-496D-915E-BA69295C80C2} Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{4E5403ED-07E1-4C99-AF24-99AB32B135A3} Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{A5CE8088-BF03-429C-B966-0213FA62BABB} Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{A6401F25-AA0A-4207-BB71-5286306DCFC5} Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{BB5CC51A-2B41-4691-9D49-6D054E7483D6} Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{C5D851C1-D6B0-4860-A347-7842CB61D220} Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{E7B4DCD3-E109-4811-AF1A-9733341A13C9} Successfully deleted: [Empty Folder] C:\Users\Friedrich\appdata\local\{EDAE00AC-1E56-4ED9-A44F-C39B7FBBB4F7} ~~~ FireFox Emptied folder: C:\Users\Friedrich\AppData\Roaming\mozilla\firefox\profiles\h89tyrh8.default\minidumps [4 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 28.05.2013 at 22:28:51,32 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ESET Online Scann log.txt: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=e339cae2d40c194886232465e98ee673 # engine=13941 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-28 11:52:58 # local_time=2013-05-29 01:52:58 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 33205959 121415028 0 0 # scanned=231745 # found=1 # cleaned=0 # scan_time=11796 sh=28716BB63D3BDE348C6DAD2AA408F98DDFFFB094 ft=1 fh=7ecac49c5bc1bafb vn="Win32/Spy.Zbot.AAO trojan" ac=I fn="C:\FRST\Quarantine\Qyynu\onis.exe" Und die erneut durchgeführte FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-05-2013 Ran by Friedrich (administrator) on 29-05-2013 02:17:48 Running from C:\Users\Friedrich\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Preventon Technologies Limited) C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe (Preventon Technologies Limited) C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Farbar) C:\Users\Friedrich\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation) HKCU\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1090040 2012-12-21] (Nokia) HKCU\...\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe [x] HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] () HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG) HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] () IMEO: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" IMEO\nokiasuite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" Startup: C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://emachines.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Flagfox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF Extension: ReminderFox - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} FF Extension: text2voice - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\text2voice@vik.josh.xpi FF Extension: No Name - C:\Users\Friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\h89tyrh8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Chrome: ======= ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG) S3 Common Toolkit 2; C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe [338432 2013-04-08] (SPAMfighter ApS) S4 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.) S4 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-07] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-07] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software) S2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) R2 AV Engine Scanning Service; C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe [x] R2 AV Watch Service; C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe [x] ==================== Drivers (Whitelisted) ==================== R3 AVFSFilter; C:\Windows\System32\DRIVERS\avfsfilter.sys [13720 2012-09-17] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software) R2 avgntflt; system32\DRIVERS\avgntflt.sys [x] R1 avipbb; system32\DRIVERS\avipbb.sys [x] R1 avkmgr; system32\DRIVERS\avkmgr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-29 02:17 - 2013-05-29 02:17 - 01915774 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64 (1).exe 2013-05-28 22:33 - 2013-05-28 22:33 - 02347384 ____A (ESET) C:\Users\Friedrich\Downloads\esetsmartinstaller_enu.exe 2013-05-28 22:28 - 2013-05-28 22:28 - 00002590 ____A C:\Users\Friedrich\Desktop\JRT.txt 2013-05-28 22:25 - 2013-05-28 22:25 - 00000000 ____D C:\Windows\ERUNT 2013-05-28 22:22 - 2013-05-28 22:22 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Friedrich\Downloads\JRT.exe 2013-05-28 22:22 - 2013-05-28 22:22 - 00000000 ____D C:\JRT 2013-05-28 19:28 - 2013-05-28 19:28 - 00000000 ____D C:\ProgramData\Preventon 2013-05-28 19:25 - 2013-05-28 19:27 - 00012637 ____A C:\AdwCleaner[S1].txt 2013-05-28 19:21 - 2013-05-28 19:22 - 00632031 ____A C:\Users\Friedrich\Downloads\adwcleaner.exe 2013-05-28 19:17 - 2013-05-28 19:17 - 00000000 ____D C:\Windows\SysWOW64\jmdp 2013-05-28 19:17 - 2013-05-28 19:17 - 00000000 ____D C:\Windows\SysWOW64\ARFC 2013-05-28 19:17 - 2013-05-16 14:32 - 01277744 ____A C:\Windows\System32\dmwu.exe 2013-05-28 19:17 - 2013-05-16 14:31 - 00035328 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll 2013-05-28 14:52 - 2013-05-28 22:30 - 00000000 ____D C:\Users\Friedrich\Downloads\Trojaner Board 2013-05-28 14:13 - 2013-05-28 14:13 - 00000356 ____A C:\Windows\PFRO.log 2013-05-27 20:06 - 2013-05-27 20:07 - 00019134 ____A C:\Users\Friedrich\Documents\Addition.txt 2013-05-27 20:05 - 2013-05-28 14:12 - 00000000 ____D C:\FRST 2013-05-27 20:03 - 2013-05-27 20:03 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe 2013-05-27 17:51 - 2013-05-28 19:29 - 00000616 ____A C:\Windows\setupact.log 2013-05-27 17:50 - 2013-05-27 17:50 - 00410824 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-27 17:08 - 2013-05-27 17:08 - 00109120 ____A C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT 2013-05-27 17:07 - 2013-05-27 17:07 - 00000000 ____D C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures 2013-05-24 20:24 - 2013-05-27 16:04 - 00000000 ____D C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures 2013-05-24 19:55 - 2013-05-24 19:55 - 00000000 ____D C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures 2013-05-22 16:37 - 2013-05-22 16:38 - 19677152 ____A (Mozilla) C:\Users\Friedrich\Downloads\Thunderbird_Setup_17.0.6.exe 2013-05-19 16:24 - 2013-05-19 16:24 - 00000000 ____D C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures 2013-05-18 21:53 - 2013-05-18 21:53 - 00000000 ____D C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures 2013-05-18 21:51 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-18 21:51 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-18 21:51 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-18 21:51 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-18 21:51 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-18 21:51 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-18 21:51 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-18 21:51 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-18 21:51 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-18 21:51 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-18 21:51 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-18 21:51 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-18 21:50 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-18 21:50 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-18 21:50 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-18 21:50 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-18 21:50 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-18 21:50 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-18 21:50 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-18 21:50 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-18 21:50 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-18 21:50 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-18 21:50 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-18 21:50 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-18 21:50 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-18 21:50 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-14 18:48 - 2013-05-14 18:48 - 00000000 ____D C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures 2013-05-14 14:05 - 2013-05-14 14:07 - 00000000 ____D C:\Users\Friedrich\CT 2013-05-10 19:14 - 2013-05-10 19:14 - 00000000 ____D C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures 2013-05-10 02:28 - 2013-05-10 02:28 - 00000037 ____A C:\Users\Friedrich\.gtk-bookmarks 2013-05-07 16:09 - 2013-05-07 16:09 - 00000000 ____D C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures 2013-05-06 20:19 - 2013-05-06 20:19 - 00000000 ____D C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures 2013-05-06 02:10 - 2012-06-19 16:54 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys 2013-05-06 02:10 - 2012-06-19 13:31 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT 2013-05-06 02:10 - 2012-06-14 13:43 - 05096448 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat 2013-05-06 02:10 - 2012-06-08 16:18 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll 2013-05-06 02:10 - 2012-06-06 10:44 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll 2013-05-06 02:10 - 2012-06-01 09:37 - 02674320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll 2013-05-06 02:10 - 2012-05-31 18:08 - 00105616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 00141152 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 00123744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll 2013-05-06 02:10 - 2012-05-17 11:29 - 00074592 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll 2013-05-06 02:10 - 2012-05-10 15:22 - 01262696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll 2013-05-06 02:10 - 2012-04-10 14:40 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll 2013-05-06 02:10 - 2012-04-03 18:42 - 01345368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll 2013-05-06 02:10 - 2012-04-03 18:42 - 01015640 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll 2013-05-06 02:10 - 2012-02-21 19:45 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll 2013-05-06 02:10 - 2012-02-17 15:54 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll 2013-05-06 02:10 - 2012-02-14 00:05 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll 2013-05-06 02:10 - 2012-01-30 11:43 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll 2013-05-06 02:10 - 2012-01-23 22:30 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll 2013-05-06 02:10 - 2012-01-23 22:30 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll 2013-05-06 02:10 - 2012-01-23 22:30 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll 2013-05-06 02:10 - 2012-01-10 10:20 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll 2013-05-06 02:10 - 2011-12-20 15:32 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll 2013-05-06 02:10 - 2011-12-20 05:43 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll 2013-05-06 02:10 - 2011-12-18 17:58 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll 2013-05-06 02:10 - 2011-12-13 16:58 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl 2013-05-06 02:10 - 2011-11-22 16:28 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll 2013-05-06 02:10 - 2011-09-02 14:21 - 00221024 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll 2013-05-06 02:10 - 2011-09-02 14:21 - 00081248 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll 2013-05-06 02:10 - 2011-09-02 14:21 - 00078688 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll 2013-05-06 02:10 - 2011-08-23 17:00 - 00603984 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 01756264 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 01568360 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00712296 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00693352 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00491112 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00432744 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll 2013-05-06 02:10 - 2011-05-31 09:42 - 00241768 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll 2013-05-06 02:10 - 2011-03-17 12:17 - 01361336 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll 2013-05-06 02:10 - 2011-03-07 17:11 - 00148416 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll 2013-05-06 02:10 - 2010-11-08 07:31 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll 2013-05-06 02:10 - 2010-11-03 18:30 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll 2013-05-06 02:10 - 2010-10-03 13:46 - 00341336 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll 2013-05-06 02:10 - 2010-09-27 09:34 - 00318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll 2013-05-06 02:10 - 2010-07-22 16:48 - 00074064 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll 2013-05-06 02:10 - 2009-11-24 09:55 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll 2013-05-06 02:10 - 2009-11-24 09:55 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll 2013-05-06 02:10 - 2009-11-24 09:55 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll 2013-05-06 02:10 - 2009-11-24 09:55 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll 2013-05-06 02:09 - 2012-03-08 11:47 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll 2013-05-06 02:09 - 2012-03-08 11:47 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll 2013-05-06 02:09 - 2011-05-31 09:42 - 01486952 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll 2013-05-06 02:09 - 2011-05-31 09:42 - 00728680 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll 2013-05-06 02:09 - 2011-05-31 09:42 - 00428648 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll 2013-05-06 02:09 - 2011-05-31 09:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll 2013-05-06 02:08 - 2012-12-26 18:26 - 00805088 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys 2013-05-06 02:08 - 2012-12-26 18:26 - 00074344 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll 2013-05-06 02:05 - 2013-01-29 05:35 - 00194488 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys 2013-05-06 02:05 - 2013-01-29 05:35 - 00031672 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll 2013-05-05 01:00 - 2013-05-05 01:00 - 00000000 ____A C:\Windows\setuperr.log 2013-05-05 00:42 - 2013-05-05 00:42 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2013-05-05 00:42 - 2013-05-05 00:42 - 00074752 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE 2013-05-05 00:41 - 2013-05-05 00:41 - 00000315 ____A C:\Windows\ST6UNST.000 2013-05-02 22:56 - 2013-05-02 22:56 - 00000000 ____D C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures 2013-05-02 22:47 - 2013-05-02 22:47 - 00000000 ____D C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures 2013-05-02 16:09 - 2013-05-02 16:09 - 00000000 ___AD C:\Program Files (x86)\FromDocToPDF_65EI 2013-05-02 15:53 - 2013-05-02 15:54 - 00000000 ____D C:\ProgramData\BSD 2013-05-02 15:53 - 2013-05-02 15:53 - 00002145 ____A C:\Users\Public\Desktop\DRIVERfighter.lnk 2013-05-01 23:31 - 2013-05-02 21:57 - 00000583 ____A C:\Windows\System32\MyDefrag.debuglog 2013-05-01 23:30 - 2013-05-01 23:30 - 00002013 ____A C:\Users\Public\Desktop\FULL-DISKfighter.lnk 2013-05-01 23:12 - 2013-05-01 23:12 - 00000206 ____A C:\Users\Friedrich\Documents\cc_20130501_231214.reg 2013-05-01 22:52 - 2013-05-28 22:52 - 00000392 ____A C:\Windows\Tasks\SLOW-PCfighter64-Friedrich-Notification.job 2013-05-01 22:52 - 2013-05-01 22:52 - 00002057 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk 2013-05-01 22:51 - 2013-05-01 22:51 - 00000000 ____D C:\Program Files\Fighters 2013-05-01 14:17 - 2013-05-01 14:18 - 00000000 ____D C:\Windows\Temp55F0949B-8A90-1527-5654-B1366872E9CB-Signatures 2013-05-01 13:10 - 2013-05-01 13:10 - 00000000 ____D C:\Windows\TempFB35FD7F-1ED1-8A86-7D89-C36D3F2738BB-Signatures 2013-04-30 01:57 - 2013-04-30 01:57 - 00000000 ___HD C:\Windows\AxInstSV ==================== One Month Modified Files and Folders ======= 2013-05-29 02:17 - 2013-05-29 02:17 - 01915774 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64 (1).exe 2013-05-29 01:55 - 2012-11-10 13:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-28 22:52 - 2013-05-01 22:52 - 00000392 ____A C:\Windows\Tasks\SLOW-PCfighter64-Friedrich-Notification.job 2013-05-28 22:33 - 2013-05-28 22:33 - 02347384 ____A (ESET) C:\Users\Friedrich\Downloads\esetsmartinstaller_enu.exe 2013-05-28 22:30 - 2013-05-28 14:52 - 00000000 ____D C:\Users\Friedrich\Downloads\Trojaner Board 2013-05-28 22:28 - 2013-05-28 22:28 - 00002590 ____A C:\Users\Friedrich\Desktop\JRT.txt 2013-05-28 22:25 - 2013-05-28 22:25 - 00000000 ____D C:\Windows\ERUNT 2013-05-28 22:22 - 2013-05-28 22:22 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Friedrich\Downloads\JRT.exe 2013-05-28 22:22 - 2013-05-28 22:22 - 00000000 ____D C:\JRT 2013-05-28 22:13 - 2012-09-08 01:35 - 01961848 ____A C:\Windows\WindowsUpdate.log 2013-05-28 19:37 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-28 19:37 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-28 19:32 - 2009-07-14 04:34 - 00000466 ____A C:\Windows\win.ini 2013-05-28 19:29 - 2013-05-27 17:51 - 00000616 ____A C:\Windows\setupact.log 2013-05-28 19:29 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-28 19:28 - 2013-05-28 19:28 - 00000000 ____D C:\ProgramData\Preventon 2013-05-28 19:27 - 2013-05-28 19:25 - 00012637 ____A C:\AdwCleaner[S1].txt 2013-05-28 19:22 - 2013-05-28 19:21 - 00632031 ____A C:\Users\Friedrich\Downloads\adwcleaner.exe 2013-05-28 19:21 - 2011-03-28 20:10 - 00654594 ____A C:\Windows\System32\perfh007.dat 2013-05-28 19:21 - 2011-03-28 20:10 - 00130208 ____A C:\Windows\System32\perfc007.dat 2013-05-28 19:21 - 2009-07-14 07:13 - 01500254 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-28 19:18 - 2011-09-21 17:16 - 00000000 ____D C:\users\Friedrich 2013-05-28 19:17 - 2013-05-28 19:17 - 00000000 ____D C:\Windows\SysWOW64\jmdp 2013-05-28 19:17 - 2013-05-28 19:17 - 00000000 ____D C:\Windows\SysWOW64\ARFC 2013-05-28 19:17 - 2012-11-19 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-28 14:29 - 2011-09-23 12:48 - 00000000 ___RD C:\Users\Friedrich\Eigene Texte 2013-05-28 14:13 - 2013-05-28 14:13 - 00000356 ____A C:\Windows\PFRO.log 2013-05-28 14:12 - 2013-05-27 20:05 - 00000000 ____D C:\FRST 2013-05-27 20:07 - 2013-05-27 20:06 - 00019134 ____A C:\Users\Friedrich\Documents\Addition.txt 2013-05-27 20:03 - 2013-05-27 20:03 - 01915616 ____A (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe 2013-05-27 17:50 - 2013-05-27 17:50 - 00410824 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-27 17:08 - 2013-05-27 17:08 - 00109120 ____A C:\Users\Friedrich\AppData\Local\GDIPFONTCACHEV1.DAT 2013-05-27 17:08 - 2012-11-07 19:26 - 00002113 ____A C:\Windows\epplauncher.mif 2013-05-27 17:07 - 2013-05-27 17:07 - 00000000 ____D C:\Windows\Temp249118D2-EA98-01BC-5DED-54F8AAE73DCF-Signatures 2013-05-27 16:06 - 2011-10-21 14:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-27 16:04 - 2013-05-24 20:24 - 00000000 ____D C:\Windows\TempDA294B54-90F4-DBDA-E468-6B138DD8D7A6-Signatures 2013-05-27 16:04 - 2012-11-19 19:44 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Mozilla 2013-05-27 16:04 - 2011-11-10 00:53 - 00000000 ____D C:\ProgramData\clp 2013-05-27 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-05-25 02:33 - 2011-10-12 19:27 - 00000000 ____D C:\Users\Friedrich\AppData\Local\CrashDumps 2013-05-24 19:55 - 2013-05-24 19:55 - 00000000 ____D C:\Windows\Temp7EBDBC94-E9AC-C197-19D9-C5F4D2574315-Signatures 2013-05-22 19:52 - 2012-10-15 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-22 16:40 - 2011-09-25 11:23 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Thunderbird 2013-05-22 16:40 - 2011-09-25 11:21 - 00002099 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2013-05-22 16:40 - 2011-09-25 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-05-22 16:38 - 2013-05-22 16:37 - 19677152 ____A (Mozilla) C:\Users\Friedrich\Downloads\Thunderbird_Setup_17.0.6.exe 2013-05-19 18:22 - 2012-11-06 23:43 - 00000078 ____A C:\Users\Friedrich\AppData\Roaming\mbam.context.scan 2013-05-19 16:24 - 2013-05-19 16:24 - 00000000 ____D C:\Windows\TempF45BB662-C4CC-0626-1144-8A26E2AB3719-Signatures 2013-05-18 22:07 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther 2013-05-18 21:58 - 2011-09-21 18:29 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-18 21:53 - 2013-05-18 21:53 - 00000000 ____D C:\Windows\Temp154576B1-829B-4C02-75E9-E473E7645806-Signatures 2013-05-16 14:32 - 2013-05-28 19:17 - 01277744 ____A C:\Windows\System32\dmwu.exe 2013-05-16 14:31 - 2013-05-28 19:17 - 00035328 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll 2013-05-16 14:02 - 2011-02-19 23:51 - 00608080 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll 2013-05-16 14:02 - 2011-02-19 01:52 - 00829264 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll 2013-05-15 14:55 - 2012-05-08 10:08 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-15 14:55 - 2011-09-28 19:16 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-14 18:48 - 2013-05-14 18:48 - 00000000 ____D C:\Windows\TempD4431C01-97E5-0993-763E-64CBE77FC181-Signatures 2013-05-14 14:07 - 2013-05-14 14:05 - 00000000 ____D C:\Users\Friedrich\CT 2013-05-10 19:14 - 2013-05-10 19:14 - 00000000 ____D C:\Windows\Temp74E1B6FB-072C-7531-0CD9-27780464EBF6-Signatures 2013-05-10 02:33 - 2011-09-25 16:00 - 00000000 ____D C:\Users\Friedrich\.gimp-2.6 2013-05-10 02:29 - 2012-06-18 22:32 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\gtk-2.0 2013-05-10 02:28 - 2013-05-10 02:28 - 00000037 ____A C:\Users\Friedrich\.gtk-bookmarks 2013-05-10 02:22 - 2011-09-25 14:54 - 00000000 ____D C:\Users\Friedrich\AppData\Roaming\PhotoScape 2013-05-07 16:09 - 2013-05-07 16:09 - 00000000 ____D C:\Windows\TempD36FD95A-20F7-DF91-C8D0-7E14904625F4-Signatures 2013-05-06 20:19 - 2013-05-06 20:19 - 00000000 ____D C:\Windows\TempBCC69D3A-2B4D-AA15-DE67-23731A485793-Signatures 2013-05-06 02:12 - 2011-04-07 13:59 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2013-05-06 02:11 - 2011-10-12 18:52 - 00000000 ____D C:\Program Files\DIFX 2013-05-05 01:00 - 2013-05-05 01:00 - 00000000 ____A C:\Windows\setuperr.log 2013-05-05 00:42 - 2013-05-05 00:42 - 00290816 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2013-05-05 00:42 - 2013-05-05 00:42 - 00074752 ____A (Microsoft Corporation) C:\Windows\ST6UNST.EXE 2013-05-05 00:41 - 2013-05-05 00:41 - 00000315 ____A C:\Windows\ST6UNST.000 2013-05-02 23:51 - 2011-10-03 12:08 - 00000000 ____D C:\Program Files\Google 2013-05-02 23:51 - 2011-09-25 14:54 - 00000000 ____D C:\Program Files (x86)\Google 2013-05-02 23:27 - 2011-09-27 15:12 - 00002318 ____A C:\Users\Friedrich\Desktop\Internet Explorer.lnk 2013-05-02 22:56 - 2013-05-02 22:56 - 00000000 ____D C:\Windows\Temp834438DD-DD8A-86AE-A13B-18F47FD436F8-Signatures 2013-05-02 22:55 - 2011-10-03 12:07 - 00000000 ____D C:\Users\Friedrich\AppData\Local\Google 2013-05-02 22:47 - 2013-05-02 22:47 - 00000000 ____D C:\Windows\Temp84C3D619-0598-7764-FD96-DFC565DC8FD6-Signatures 2013-05-02 21:57 - 2013-05-01 23:31 - 00000583 ____A C:\Windows\System32\MyDefrag.debuglog 2013-05-02 21:49 - 2012-11-07 19:12 - 00000000 ____D C:\Users\Friedrich\Documents\avira_registry_70012cleaner_de 2013-05-02 21:49 - 2011-09-23 12:46 - 00000000 ____D C:\OfficeUpdate11 2013-05-02 21:49 - 2010-09-02 10:58 - 00000000 ___HD C:\OEM 2013-05-02 21:49 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default 2013-05-02 21:48 - 2013-03-20 15:29 - 00000000 ____D C:\MFT 186073 2013-05-02 21:48 - 2011-04-07 14:02 - 00000000 ____D C:\ProgramData\NVIDIA 2013-05-02 17:29 - 2012-04-23 14:21 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-05-02 16:09 - 2013-05-02 16:09 - 00000000 ___AD C:\Program Files (x86)\FromDocToPDF_65EI 2013-05-02 15:54 - 2013-05-02 15:53 - 00000000 ____D C:\ProgramData\BSD 2013-05-02 15:53 - 2013-05-02 15:53 - 00002145 ____A C:\Users\Public\Desktop\DRIVERfighter.lnk 2013-05-01 23:30 - 2013-05-01 23:30 - 00002013 ____A C:\Users\Public\Desktop\FULL-DISKfighter.lnk 2013-05-01 23:30 - 2011-11-10 00:52 - 00000000 ____D C:\ProgramData\Common Toolkit Suite 2013-05-01 23:12 - 2013-05-01 23:12 - 00000206 ____A C:\Users\Friedrich\Documents\cc_20130501_231214.reg 2013-05-01 22:52 - 2013-05-01 22:52 - 00002057 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk 2013-05-01 22:51 - 2013-05-01 22:51 - 00000000 ____D C:\Program Files\Fighters 2013-05-01 20:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-05-01 14:18 - 2013-05-01 14:17 - 00000000 ____D C:\Windows\Temp55F0949B-8A90-1527-5654-B1366872E9CB-Signatures 2013-05-01 13:10 - 2013-05-01 13:10 - 00000000 ____D C:\Windows\TempFB35FD7F-1ED1-8A86-7D89-C36D3F2738BB-Signatures 2013-04-30 01:57 - 2013-04-30 01:57 - 00000000 ___HD C:\Windows\AxInstSV 2013-04-29 21:10 - 2013-04-27 14:19 - 00000000 ____D C:\Windows\Temp22A20089-2110-14E1-9571-C221261B9BC4-Signatures ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-04-16 17:47 ==================== End Of Log ============================ Ich sage erstmal Danke! Und versuche mal, ob jetzt 'alles' wieder normal läuft! Vielen, vielen Dank! Ansonsten melde ich mich noch mal! Herzliche Grüße Bluebird |
|
29.05.2013, 04:28
| #12 |
| /// the machine /// TB-Ausbilder | Habe ich Viren oder Trojaner auf meinem PC? Sieht gut aus, teste das System mal Downloade Dir bitte  SecurityCheck und:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.05.2013, 14:45
| #13 |
| | Habe ich Viren oder Trojaner auf meinem PC? Hallo! Ergebnis: Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 TuneUp Utilities 2012 TuneUp Utilities Language Pack (de-DE) Java(TM) 6 Update 29 Java(TM) 6 Update 31 Java version out of Date! Adobe Flash Player 11.7.700.202 Adobe Reader XI Mozilla Firefox (20.0.1) Mozilla Thunderbird (17.0.6) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Ich hab da doch noch eine Frage: Wie kann es sein, dass der Computer es nicht zulässt, dass ich Avira Antivir update, denn jedes Mal sagt er mir, dass der Zugriff wegen einer 'Gruppenrichtlinie' nicht erlaubt ist und mir die notwendigen Administratorrechte fehlen! Das selbe bei Malware bytes Antimalwar! Ich habe von beiden Programmen kein Symbol mehr auf dem Desktop und in der Softwareliste der gespeicherten Programme auf dem Computer stehen die beiden auch nicht, so dass ich sie dort löschen könnte...?! Manuell lässt der Computer auch kein Löschen der gefundenen Avira-Dateien zu! Danke und Grüße Bluebird |
|
29.05.2013, 14:48
| #14 |
| /// the machine /// TB-Ausbilder | Habe ich Viren oder Trojaner auf meinem PC? Deinstallier mal bitte alles von Java und installier die aktuelle Version. Downloade dir bitte Farbar's Service Scanner
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.05.2013, 15:15
| #15 |
| | Habe ich Viren oder Trojaner auf meinem PC? Es erscheint folgende Meldung, beim Versuch eine Deinstallation vorzunehmen: "Die Funktion, die Sie verwenden möchten, befindet sich auf einer Netzressource, die nicht zur Verfügung steht." Klicken Sie auf "OK", um den Vorgang zu wiederholen. Oder geben Sie in das untenstehende Feld den Pfad zu einem anderen Ordner ein, der das Installationspaket "jre 1.6.0_31-c-l.msi" enthält. Bei erneutem OK ernscheint: Der Pfad "C.\Users\Friedrich\AppData\LocalLow\Sun\Java\jre 1.6.0_31\jre1.6.0_31-c-l.msi" wurde nicht gefunden. Stellen Sie sicher, dass Sie Zugriff auf diesen Ordner haben und wiederholen Sie den Vorgang. Oder suchen Sie das Installationpaket "jre1.6.0_31-c-l-.msi" in einem Ordner, von dem aus Sie das Produkt "Java(TM) 6 Update 31" installieren können. Abschließend erscheint dann noch ein kleines Fenster: "Die Installationsquelle für dieses Produkt steht nicht zur Verfügung. Stellen Sie sicher, dass die Quelle existiert und dass Sie darauf zugriefen können." Microsoft Security Essentials meldet zwischenzeitlich mehrfach: "Erkannte Bedrohungen werden bereinigt, keine Aktionen erforderlich." Was ist da los bzw. was muss oder kann ich jetzt machen? Danke! Grüße Bluebird |
|
| Themen zu Habe ich Viren oder Trojaner auf meinem PC? |
| antivir, aufrufen, ausführung, avira, diverse, doppel, download, einfachklick, fenster, frage, gruppe, gruppenrichtlinie, kleine, kleines, liste, malwarebytes antimalware, maus, mausklick, meldung, nicht mehr, nicht möglich, probleme, programme, rechner, richtlinie, stelle, trojaner, unterschiedlich, verschiedene, viren, windows-update, übrig, zusammen |
Linear-Darstellung
