|
Plagegeister aller Art und deren Bekämpfung: Bundespolizei und seine folgen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.01.2014, 21:01 | #1 |
| Bundespolizei und seine folgen? Hi, ich "hatte" den BKA Virus und nichts ging mehr. habe den Rechner dann gefixt gebracht das er wieder wenigstens normal startet. dachte mir dann komm schei.. drauf hast nicht viel drauf formatierst um sicher zu gehen das nichts mehr da ist. habe dann "nur" versehen drüberinstaliert und nicht komplett formatiert wie ich jetzt erst bemerke. habe Windows.old komplett gelöscht per "unlocker" weil Windows mich nicht jeden Ordner löschen lassen wollte. Jetzt habe mich mir nochmal FRST geloadedt und geschaut ob ich noch was finde. ich finde nichts, aber bin auch nicht der überpro. Wäre nett wenn jemand nochmal drüber schauen könnte ob wirklich nichts mehr drauf ist. Merke eigentlich auch keine Probleme AUSSER das mein Rechner nach seinem Systemstart erst ma ne weile brauch bis er Einsatzfähig ist was aber mmn an Avast! liegt, weil sobald das An ist geht's der Rest ratzfatz vielen dank im voraus FRST Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014 Ran by Dennis at 2014-01-21 20:50:11 Running from C:\Users\Dennis\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated) Apple Application Support (x32 Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software) Bonjour (Version: 3.0.0.10 - Apple Inc.) CCleaner (Version: 4.09 - Piriform) CDBurnerXP (x32 Version: 4.5.2.4478 - CDBurnerXP) D-Link DWA-125 (x32 Version: - D-Link) ElsterFormular (x32 Version: 15.0.20140114 - Landesfinanzdirektion Thüringen) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden iTunes (Version: 11.1.3.8 - Apple Inc.) Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden Logitech Gaming Software 8.51 (Version: 8.51.5 - Logitech Inc.) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) NVIDIA 3D Vision Controller-Treiber 332.21 (Version: 332.21 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 332.21 (Version: 332.21 - NVIDIA Corporation) NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 332.21 (Version: 332.21 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation) OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation) Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group) SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.) SpywareBlaster 5.0 (x32 Version: 5.0.0 - BrightFort LLC) StarCraft II (x32 Version: - Blizzard Entertainment) Steam (x32 Version: - Valve Corporation) Unlocker 1.9.2 (Version: 1.9.2 - Cedrick Collomb) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) WinRAR 5.01 (64-Bit) (Version: 5.01.0 - win.rar GmbH) ==================== Restore Points ========================= 02-01-2014 20:32:56 Windows Update 02-01-2014 22:34:58 Windows Update 04-01-2014 22:47:36 WOT für Internet Explorer wird installiert 04-01-2014 22:51:52 WOT für Internet Explorer wird entfernt 07-01-2014 11:33:55 Windows Update 10-01-2014 14:43:44 Windows Update 14-01-2014 11:43:02 Windows Update 15-01-2014 11:55:50 Revo Uninstaller's restore point - ElsterFormular 15-01-2014 12:01:35 Windows Update 21-01-2014 19:17:54 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0ED9DF18-52B4-4EB0-89D3-30B2E555EAC6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7525EC69-779A-4FF8-A116-0FCAEF8C478E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {D653E5EA-F181-4C71-9B8D-F5DAB44C865A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-20] (AVAST Software) Task: {DBEE1A46-40F1-48DD-81B7-D7BFD4229F02} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-17] (Adobe Systems Incorporated) Task: {DC13D025-582F-4D22-AA2D-278FC611BB0D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2014-01-20 12:24 - 2014-01-20 09:05 - 02155520 _____ () C:\Program Files\AVAST Software\Avast\defs\14012000\algo.dll 2014-01-21 20:13 - 2014-01-21 10:27 - 02155520 _____ () C:\Program Files\AVAST Software\Avast\defs\14012100\algo.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-12-20 03:20 - 2013-12-20 03:20 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-12-20 03:28 - 2013-12-20 03:28 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll 2013-12-20 03:27 - 2010-05-13 10:58 - 00294912 _____ () C:\Program Files (x86)\D-Link\DWA-125 revA\WlanApp.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/21/2014 08:14:50 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/20/2014 05:07:04 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/20/2014 00:25:24 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/19/2014 07:34:54 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/19/2014 05:18:10 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/18/2014 08:07:32 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c Name des fehlerhaften Moduls: nvspcap.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52a67618 Ausnahmecode: 0xc0000005 Fehleroffset: 0x100077e2 ID des fehlerhaften Prozesses: 0x860 Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0 Pfad der fehlerhaften Anwendung: NvBackend.exe1 Pfad des fehlerhaften Moduls: NvBackend.exe2 Berichtskennung: NvBackend.exe3 Error: (01/18/2014 08:07:26 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c Name des fehlerhaften Moduls: nvspcap.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52a67618 Ausnahmecode: 0xc0000005 Fehleroffset: 0x100be510 ID des fehlerhaften Prozesses: 0x860 Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0 Pfad der fehlerhaften Anwendung: NvBackend.exe1 Pfad des fehlerhaften Moduls: NvBackend.exe2 Berichtskennung: NvBackend.exe3 Error: (01/18/2014 08:06:18 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/18/2014 05:59:33 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/18/2014 00:42:20 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (01/18/2014 02:49:09 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/18/2014 02:47:45 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/18/2014 02:47:45 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/18/2014 02:42:28 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/18/2014 02:42:02 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/18/2014 02:37:36 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/18/2014 02:37:36 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/18/2014 02:36:03 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/18/2014 02:36:03 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Error: (01/18/2014 00:51:20 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252. Microsoft Office Sessions: ========================= Error: (01/21/2014 08:14:50 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/20/2014 05:07:04 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/20/2014 00:25:24 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/19/2014 07:34:54 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/19/2014 05:18:10 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/18/2014 08:07:32 PM) (Source: Application Error)(User: ) Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005100077e286001cf14802c32e732C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dllc7b68f24-8073-11e3-ab6a-002354bbd23b Error: (01/18/2014 08:07:26 PM) (Source: Application Error)(User: ) Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005100be51086001cf14802c32e732C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dllc41d2e46-8073-11e3-ab6a-002354bbd23b Error: (01/18/2014 08:06:18 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/18/2014 05:59:33 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/18/2014 00:42:20 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 49% Total physical RAM: 4095.12 MB Available physical RAM: 2088.45 MB Total Pagefile: 8188.41 MB Available Pagefile: 5750.95 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:399.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 677819A3) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.21.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Dennis :: DENNIS-PC [Administrator] Schutz: Aktiviert 21.01.2014 20:57:37 mbam-log-2014-01-21 (20-57-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 200988 Laufzeit: 2 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
21.01.2014, 22:57 | #2 |
/// the machine /// TB-Ausbilder | Bundespolizei und seine folgen? Hi,
__________________FRST.txt fehlt noch
__________________ |
21.01.2014, 23:16 | #3 |
| Bundespolizei und seine folgen? ups
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014 Ran by Dennis (administrator) on DENNIS-PC on 21-01-2014 23:17:06 Running from C:\Users\Dennis\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-20] (AVAST Software) HKLM-x32\...\Run: [D-Link D-Link DWA-125] - C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1078592 2011-09-08] (D-Link Corp.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE465BF6F2CFDCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-20] (AVAST Software) R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-20] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-20] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-20] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-20] () R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) S3 athr; system32\DRIVERS\athrx.sys [x] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-21 23:14 - 2014-01-21 23:17 - 00007602 _____ C:\Users\Dennis\Desktop\FRST.txt 2014-01-21 23:14 - 2014-01-21 23:14 - 02077184 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe 2014-01-21 20:49 - 2014-01-21 20:49 - 00000000 ____D C:\FRST 2014-01-17 14:21 - 2014-01-20 14:38 - 00020327 _____ C:\Users\Dennis\Desktop\ESt2013_Armbruster_Dennis_und_Armbruster_geb.Beck_Yvonne.elfo 2014-01-17 12:41 - 2014-01-17 12:41 - 00001233 _____ C:\Users\Public\Desktop\ElsterFormular.lnk 2014-01-17 12:41 - 2014-01-17 12:41 - 00000000 ____D C:\Program Files (x86)\ElsterFormular 2014-01-15 13:05 - 2012-08-23 15:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys 2014-01-15 13:05 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-01-15 13:05 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys 2014-01-15 13:05 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-01-15 13:05 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-01-15 13:05 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-01-15 13:05 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-01-15 13:04 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-01-15 13:04 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-01-15 13:04 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-01-15 13:04 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-01-15 13:04 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-01-15 13:04 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-01-15 13:04 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-01-15 13:04 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-01-15 13:04 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-01-15 13:04 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-01-15 13:04 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-01-15 13:04 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2014-01-15 13:04 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-01-15 13:04 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2014-01-15 13:04 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-01-15 13:04 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-01-15 13:04 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-01-15 13:04 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-01-15 13:04 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-01-15 12:42 - 2014-01-15 12:42 - 00000000 ____D C:\Users\Dennis\Steuer 2014-01-15 12:00 - 2014-01-17 12:42 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\elsterformular 2014-01-15 11:52 - 2014-01-17 12:42 - 00000000 ____D C:\ProgramData\elsterformular 2014-01-15 10:53 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 10:53 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 10:53 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 10:53 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 10:53 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 10:53 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 10:53 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 10:53 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 10:53 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-14 12:35 - 2014-01-14 12:35 - 00007608 _____ C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg 2014-01-13 11:22 - 2014-01-21 23:07 - 00004536 _____ C:\Windows\setupact.log 2014-01-13 11:22 - 2014-01-13 11:22 - 00000000 _____ C:\Windows\setuperr.log 2014-01-09 12:58 - 2014-01-09 12:58 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\WinRAR 2014-01-08 14:15 - 2014-01-08 15:59 - 00000000 ____D C:\ProgramData\Adobe 2014-01-08 14:15 - 2014-01-08 14:15 - 00000000 ____D C:\Program Files (x86)\Adobe 2014-01-08 12:47 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-01-08 12:47 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-01-08 12:47 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-01-04 23:57 - 2014-01-04 23:57 - 00000000 ____D C:\Windows\system32\appmgmt 2014-01-04 23:54 - 2014-01-04 23:54 - 00000000 ____D C:\ProgramData\Licenses 2014-01-04 23:53 - 2014-01-20 17:18 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster 2014-01-04 23:53 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX 2014-01-04 23:53 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL 2014-01-02 23:35 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-01-02 23:35 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-01-02 23:35 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-01-02 23:35 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-01-02 23:35 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-02 23:35 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-01-02 23:35 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-01-02 23:35 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-01-02 23:35 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-02 23:35 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-01-02 23:35 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-01-02 23:35 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-01-02 23:35 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-01-02 23:35 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-01-02 23:35 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-02 23:35 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-01-02 23:35 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-01-02 23:35 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-01-02 23:35 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-01-02 23:35 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-01-02 23:35 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-01-02 23:35 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-01-02 23:35 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-01-02 23:35 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-01-02 23:35 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-01-02 23:35 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-01-02 23:35 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-01-02 23:35 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-01-02 23:35 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-02 23:35 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-01-02 23:35 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-01-02 22:04 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-01-02 22:04 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-01-02 22:03 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-01-02 22:03 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-01-02 21:28 - 2014-01-02 21:28 - 00000000 ___HD C:\ProgramData\CanonBJ 2014-01-02 21:27 - 2006-09-12 20:00 - 00234496 _____ (CANON INC.) C:\Windows\system32\CNMLM86.DLL 2014-01-02 21:21 - 2014-01-02 21:21 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\OpenOffice ==================== One Month Modified Files and Folders ======= 2014-01-21 23:17 - 2014-01-21 23:14 - 00007602 _____ C:\Users\Dennis\Desktop\FRST.txt 2014-01-21 23:15 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-21 23:15 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-21 23:14 - 2014-01-21 23:14 - 02077184 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe 2014-01-21 23:11 - 2013-12-20 03:02 - 02023149 _____ C:\Windows\WindowsUpdate.log 2014-01-21 23:07 - 2014-01-13 11:22 - 00004536 _____ C:\Windows\setupact.log 2014-01-21 23:07 - 2013-12-20 05:02 - 00000000 ____D C:\ProgramData\NVIDIA 2014-01-21 23:07 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-21 21:40 - 2013-12-20 04:07 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Skype 2014-01-21 21:29 - 2013-12-20 03:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-21 20:49 - 2014-01-21 20:49 - 00000000 ____D C:\FRST 2014-01-21 20:13 - 2013-12-20 03:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2014-01-20 17:18 - 2014-01-04 23:53 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster 2014-01-20 14:38 - 2014-01-17 14:21 - 00020327 _____ C:\Users\Dennis\Desktop\ESt2013_Armbruster_Dennis_und_Armbruster_geb.Beck_Yvonne.elfo 2014-01-17 18:52 - 2013-12-20 03:15 - 00000000 ____D C:\Users\Dennis 2014-01-17 18:38 - 2013-12-20 03:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-17 18:38 - 2013-12-20 03:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-01-17 18:38 - 2013-12-20 03:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-01-17 18:37 - 2013-12-20 03:48 - 00000000 ____D C:\Users\Dennis\AppData\Local\Adobe 2014-01-17 12:42 - 2014-01-15 12:00 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\elsterformular 2014-01-17 12:42 - 2014-01-15 11:52 - 00000000 ____D C:\ProgramData\elsterformular 2014-01-17 12:41 - 2014-01-17 12:41 - 00001233 _____ C:\Users\Public\Desktop\ElsterFormular.lnk 2014-01-17 12:41 - 2014-01-17 12:41 - 00000000 ____D C:\Program Files (x86)\ElsterFormular 2014-01-15 13:41 - 2009-07-14 05:45 - 00294752 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-15 13:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2014-01-15 13:04 - 2013-12-20 04:36 - 00000000 ____D C:\Windows\system32\MRT 2014-01-15 13:02 - 2012-10-11 00:16 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-15 12:42 - 2014-01-15 12:42 - 00000000 ____D C:\Users\Dennis\Steuer 2014-01-15 10:54 - 2013-12-20 04:26 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Apple Computer 2014-01-14 12:35 - 2014-01-14 12:35 - 00007608 _____ C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg 2014-01-13 11:22 - 2014-01-13 11:22 - 00000000 _____ C:\Windows\setuperr.log 2014-01-12 22:42 - 2013-12-20 11:30 - 00000000 ____D C:\Program Files (x86)\Steam 2014-01-12 22:38 - 2012-10-10 23:51 - 00000000 ____D C:\Windows\Panther 2014-01-12 19:05 - 2013-12-20 04:27 - 00000000 ____D C:\Program Files\CCleaner 2014-01-12 19:05 - 2013-12-20 03:23 - 00000000 ___RD C:\Users\Dennis\Desktop\System 2014-01-10 18:24 - 2013-12-20 03:27 - 00000000 ___RD C:\Users\Dennis\Desktop\neX 2014-01-09 12:58 - 2014-01-09 12:58 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\WinRAR 2014-01-08 15:59 - 2014-01-08 14:15 - 00000000 ____D C:\ProgramData\Adobe 2014-01-08 14:24 - 2011-04-12 08:43 - 00696620 _____ C:\Windows\system32\perfh007.dat 2014-01-08 14:24 - 2011-04-12 08:43 - 00147916 _____ C:\Windows\system32\perfc007.dat 2014-01-08 14:24 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-08 14:17 - 2013-12-20 03:50 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Adobe 2014-01-08 14:15 - 2014-01-08 14:15 - 00000000 ____D C:\Program Files (x86)\Adobe 2014-01-08 12:50 - 2013-12-20 05:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2014-01-04 23:57 - 2014-01-04 23:57 - 00000000 ____D C:\Windows\system32\appmgmt 2014-01-04 23:54 - 2014-01-04 23:54 - 00000000 ____D C:\ProgramData\Licenses 2014-01-03 12:49 - 2013-12-20 13:05 - 00000000 ____D C:\Users\Dennis\Documents\StarCraft II 2014-01-02 22:10 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2014-01-02 21:28 - 2014-01-02 21:28 - 00000000 ___HD C:\ProgramData\CanonBJ 2014-01-02 21:21 - 2014-01-02 21:21 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\OpenOffice Some content of TEMP: ==================== C:\Users\Dennis\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-20 13:30 ==================== End Of Log ============================ --- --- --- |
22.01.2014, 15:32 | #4 |
/// the machine /// TB-Ausbilder | Bundespolizei und seine folgen? sieht gut aus
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.01.2014, 16:34 | #5 |
| Bundespolizei und seine folgen? ok, dank dir |
23.01.2014, 10:43 | #6 |
/// the machine /// TB-Ausbilder | Bundespolizei und seine folgen? Gern Geschehen
__________________ --> Bundespolizei und seine folgen? |
Themen zu Bundespolizei und seine folgen? |
.dll, administrator, antivirus, autostart, avast, dateien, defender, dll, explorer, flash player, gelöscht, internet, internet explorer, löschen, nvidia, ordner, rundll, scan, security, software, system32, temp, update, virus, warnung, windows.old |