| |
| |||||||
Log-Analyse und Auswertung: Windows 7 - Home 64bit - Computer total verseuchtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.07.2014, 16:02
| #1 |
| |  Windows 7 - Home 64bit - Computer total verseucht Hallo, ein bekannter sagte das seine Grafikkarte kaputt sei und ob ich mir das mal angucken kann. Bei erster Durchsicht vielen mir ca. 20 Toolbars und undefinierbare Programme auf. vielleicht schaut ihr mal in die frst64.exe Auswertung. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 01
Ran by SYSTEM on MININT-076TOT2 on 23-07-2014 16:41:58
Running from J:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2010-10-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [NSLauncher] => C:\Program Files (x86)\Nokia\Nokia Software Launcher\NSLauncher.exe [3096576 2007-11-06] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Spyware Terminator <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Default\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Default\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\Default User\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\Reinhard\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2012-01-22] (TomTom)
HKU\Reinhard\...\Run: [PcSync] => C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe [1449984 2006-06-27] (Time Information Services Ltd.)
HKU\Reinhard\...\Run: [Beamrise] => C:\Users\Reinhard\AppData\Local\Beamrise\Application\beamrise.exe [1526080 2013-12-03] (The Beamrise Authors)
HKU\Reinhard\...\Run: [] => [X]
HKU\Reinhard\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\Reinhard\...\Run: [AbvaSquz] => regsvr32.exe "C:\ProgramData\AbvaSquz.dat"
HKU\Reinhard\...\Run: [UmahMiri] => regsvr32.exe "C:\ProgramData\UmahMiri.dat"
HKU\Reinhard\...\Run: [OrexFuyu] => regsvr32.exe "C:\ProgramData\OrexFuyu.dat"
HKU\Reinhard\...\Run: [AbziRequ] => regsvr32.exe "C:\ProgramData\AbziRequ\AbziRequ.dat"
HKU\Reinhard\...\Run: [OjimIxos] => regsvr32.exe "C:\ProgramData\OjimIxos\OjimIxos.dat"
HKU\Reinhard\...\Run: [UcipCojy] => regsvr32.exe "C:\ProgramData\UcipCojy\UcipCojy.dat"
HKU\Reinhard\...\Run: [EtfaqDexle] => regsvr32.exe "C:\ProgramData\EtfaqDexle\EtfaqDexle.dat"
HKU\Reinhard\...\Run: [UjzirAhobf] => regsvr32.exe "C:\ProgramData\UjzirAhobf\UjzirAhobf.dat"
HKU\Reinhard\...\Run: [AxugAyaff] => regsvr32.exe "C:\ProgramData\AxugAyaff\AxugAyaff.dat"
HKU\Reinhard\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\Reinhard\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aranna.exe ()
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aranna.exe ()
Startup: C:\Users\Reinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\08B831C8C5C95390B72EFDBE2D83C48A\9fl8eek.cpp ()
ShellIconOverlayIdentifiers-x32: EnhancedStorageShell -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => No File
ShellIconOverlayIdentifiers-x32: SharingPrivate -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => No File
==================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-02] (Crawler.com)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-19] (TuneUp Software)
S2 Winmgmt; C:\ProgramData\08B831C8C5C95390B72EFDBE2D83C48A\kee8lf9.dot [333556 2014-05-24] (Microsoft Corporation)
S2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-07-30] (Taiwan Shui Mu Chih Ching Technology Limited.)
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
==================== Drivers (Whitelisted) ====================
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-07-21] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [128728 2014-07-21] (Malwarebytes Corporation)
S2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-12-27] (Windows (R) Win 7 DDK provider)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
S3 iaStor; \SystemRoot\system32\DRIVERS\iaStor.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-23 16:40 - 2014-07-23 16:41 - 00000000 ____D () C:\FRST
2014-07-23 06:31 - 2014-07-23 06:32 - 00000822 _____ () C:\ProgramData\RUNDLL32.EXE-2768-F.txt
2014-07-23 06:31 - 2014-07-23 06:31 - 00000000 ____D () C:\Windows\LastGood
2014-07-23 06:17 - 2014-07-23 06:20 - 00001081 _____ () C:\ProgramData\RUNDLL32.EXE-2300-F.txt
2014-07-22 09:48 - 2014-07-22 10:03 - 00007167 _____ () C:\ProgramData\RUNDLL32.EXE-3008-F.txt
2014-07-22 08:08 - 2014-07-22 08:27 - 00009283 _____ () C:\ProgramData\RUNDLL32.EXE-2680-F.txt
2014-07-22 07:39 - 2014-07-22 07:40 - 00000829 _____ () C:\ProgramData\RUNDLL32.EXE-3044-F.txt
2014-07-22 07:30 - 2014-07-22 07:33 - 00001849 _____ () C:\ProgramData\RUNDLL32.EXE-2748-F.txt
2014-07-22 07:23 - 2010-08-29 22:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-22 07:22 - 2014-07-22 07:33 - 00000000 ____D () C:\AdwCleaner
2014-07-22 07:22 - 2014-07-22 07:22 - 01354223 _____ () C:\Users\Reinhard\Downloads\adwcleaner_3.216.exe
2014-07-22 07:22 - 2014-07-22 07:22 - 01354223 _____ () C:\Users\Reinhard\Downloads\adwcleaner_3.216 (1).exe
2014-07-22 07:19 - 2014-07-22 07:23 - 00001912 _____ () C:\ProgramData\RUNDLL32.EXE-212-F.txt
2014-07-22 06:09 - 2014-07-22 07:05 - 00027063 _____ () C:\ProgramData\RUNDLL32.EXE-3004-F.txt
2014-07-21 07:57 - 2014-07-21 07:57 - 02028976 _____ () C:\Users\Reinhard\Downloads\winrar-x64-510d.exe
2014-07-21 07:57 - 2014-07-21 07:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-21 07:52 - 2014-07-21 07:52 - 00000000 ____D () C:\ProgramData\PDF Architect
2014-07-21 07:32 - 2014-07-21 07:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-21 07:32 - 2014-07-21 07:32 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Reinhard\Downloads\mbar-1.07.0.1012.exe
2014-07-21 07:32 - 2014-07-21 07:32 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-07-21 07:32 - 2014-07-21 07:32 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-07-21 07:32 - 2014-07-21 07:32 - 00000000 ____D () C:\Users\Reinhard\Desktop\mbar
2014-07-21 07:28 - 2014-07-21 07:59 - 00015076 _____ () C:\ProgramData\RUNDLL32.EXE-3732-F.txt
2014-07-21 07:21 - 2014-07-21 07:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Reinhard\Downloads\HiJackThis204.exe
2014-07-21 07:17 - 2014-07-21 07:20 - 333878864 _____ (NVIDIA Corporation) C:\Users\Reinhard\Downloads\337.88-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-07-21 07:13 - 2014-07-21 08:05 - 00009735 _____ () C:\ProgramData\RUNDLL32.EXE-2744-F.txt
2014-07-21 06:27 - 2014-07-21 06:51 - 00011476 _____ () C:\ProgramData\RUNDLL32.EXE-1184-F.txt
2014-07-20 09:08 - 2014-07-20 10:12 - 00031122 _____ () C:\ProgramData\RUNDLL32.EXE-2720-F.txt
2014-07-20 08:20 - 2014-07-20 08:20 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Reinhard\Downloads\gggggggggggggggggggggggggggggggggggg.exe
2014-07-20 08:19 - 2014-07-20 08:19 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Reinhard\Downloads\setup.exe
2014-07-20 08:18 - 2014-07-20 08:22 - 00001007 _____ () C:\Users\Public\Desktop\DriverTuner.lnk
2014-07-20 08:18 - 2014-07-20 08:22 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-07-20 08:13 - 2014-07-20 08:23 - 00004942 _____ () C:\ProgramData\RUNDLL32.EXE-2228-F.txt
2014-07-20 07:09 - 2014-07-20 07:09 - 00502750 _____ () C:\Users\Reinhard\Downloads\eBay-Kaufabwicklung – Kauf abgeschlossen_dll.mht
2014-07-20 00:53 - 2014-07-20 00:58 - 00002693 _____ () C:\ProgramData\RUNDLL32.EXE-1056-F.txt
2014-07-19 12:53 - 2013-04-30 20:58 - 06491936 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2014-07-19 12:53 - 2013-04-30 20:58 - 03514656 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2014-07-19 12:53 - 2013-04-30 20:58 - 02555680 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2014-07-19 12:53 - 2013-04-30 20:58 - 00884512 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2014-07-19 12:53 - 2013-04-30 20:58 - 00237856 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2014-07-19 12:53 - 2013-04-30 20:58 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2014-07-19 12:53 - 2013-04-30 07:15 - 03165506 _____ () C:\Windows\System32\nvcoproc.bin
2014-07-19 12:52 - 2014-07-19 12:52 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-19 12:52 - 2014-07-19 12:52 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-19 12:52 - 2013-04-30 21:36 - 00061216 _____ (Khronos Group) C:\Windows\System32\OpenCL.dll
2014-07-19 12:52 - 2013-04-30 21:36 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 21093664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 13394392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 02942240 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 00443168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 00421152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 00370976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 00218592 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2014-07-19 12:51 - 2013-04-30 21:36 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-07-19 12:50 - 2014-07-21 07:27 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-19 12:50 - 2013-04-30 21:36 - 27772192 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 25256224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 15900912 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 15140808 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 12423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 11211552 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2014-07-19 12:50 - 2013-04-30 21:36 - 09348000 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 07797808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 07641832 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 02934672 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 02754336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 02596832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 02363680 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 01832224 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6432011.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432011.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 01059560 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 00550176 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 00518944 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 00431904 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 00266960 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-07-19 12:50 - 2013-04-30 21:36 - 00020536 _____ () C:\Windows\System32\nvinfo.pb
2014-07-19 12:38 - 2014-07-19 13:00 - 00010942 _____ () C:\ProgramData\RUNDLL32.EXE-2660-F.txt
2014-07-19 12:23 - 2014-07-19 12:37 - 00007076 _____ () C:\ProgramData\RUNDLL32.EXE-2616-F.txt
2014-07-19 12:17 - 2014-07-19 12:21 - 00001839 _____ () C:\ProgramData\RUNDLL32.EXE-2612-F.txt
2014-07-19 11:01 - 2014-07-19 11:01 - 00000000 ____D () C:\ProgramData\UjzirAhobf
2014-07-19 11:01 - 2014-07-19 11:01 - 00000000 ____D () C:\ProgramData\EtfaqDexle
2014-07-19 11:01 - 2014-07-19 11:01 - 00000000 ____D () C:\ProgramData\AxugAyaff
2014-07-19 10:21 - 2014-07-19 10:24 - 00000778 _____ () C:\ProgramData\RUNDLL32.EXE-2784-F.txt
2014-07-19 09:54 - 2014-07-19 09:54 - 00000000 ____D () C:\NVIDIA
2014-07-19 09:36 - 2014-07-19 09:36 - 00000000 ____D () C:\ProgramData\UcipCojy
2014-07-19 09:36 - 2014-07-19 09:36 - 00000000 ____D () C:\ProgramData\OjimIxos
2014-07-19 09:36 - 2014-07-19 09:36 - 00000000 ____D () C:\ProgramData\AbziRequ
2014-07-19 09:35 - 2014-07-19 10:05 - 00015164 _____ () C:\ProgramData\RUNDLL32.EXE-2716-F.txt
2014-07-16 08:52 - 2014-07-16 08:52 - 00555672 _____ () C:\Windows\Minidump\071614-29577-01.dmp
2014-07-16 08:51 - 2014-07-16 08:51 - 00555672 _____ () C:\Windows\Minidump\071614-29593-01.dmp
2014-07-16 08:50 - 2014-07-16 08:50 - 00555672 _____ () C:\Windows\Minidump\071614-29094-01.dmp
2014-07-15 06:23 - 2014-07-15 06:33 - 00004971 _____ () C:\ProgramData\RUNDLL32.EXE-816-F.txt
2014-07-14 09:29 - 2014-07-14 09:49 - 00009753 _____ () C:\ProgramData\RUNDLL32.EXE-2824-F.txt
2014-07-14 08:24 - 2014-07-14 08:24 - 00555672 _____ () C:\Windows\Minidump\071414-92945-01.dmp
2014-07-14 08:22 - 2014-07-14 08:22 - 00262144 ____N () C:\Windows\Minidump\071414-28501-01.dmp
2014-07-14 06:41 - 2014-07-14 06:42 - 00555672 _____ () C:\Windows\Minidump\071414-102601-01.dmp
2014-07-13 10:06 - 2014-07-13 10:06 - 00262144 ____H () C:\Windows\DUMPa1a5.DMP
2014-07-13 10:00 - 2014-07-13 10:00 - 00262144 ____H () C:\Windows\DUMPcb0f.DMP
2014-07-13 07:43 - 2014-07-21 07:54 - 00000000 ____D () C:\Users\Reinhard\AppData\Roaming\Nico Mak Computing
2014-07-13 06:14 - 2014-07-13 06:41 - 00013810 _____ () C:\ProgramData\RUNDLL32.EXE-2232-F.txt
2014-07-12 23:27 - 2014-07-12 23:50 - 00012242 _____ () C:\ProgramData\RUNDLL32.EXE-2800-F.txt
2014-07-12 22:33 - 2014-07-12 22:41 - 00004435 _____ () C:\ProgramData\RUNDLL32.EXE-2372-F.txt
2014-07-12 06:39 - 2014-07-12 06:39 - 03678208 _____ () C:\Users\Reinhard\Downloads\Heidi (M).pps
2014-07-12 06:07 - 2014-07-12 12:12 - 00184467 _____ () C:\ProgramData\RUNDLL32.EXE-2188-F.txt
2014-07-11 21:19 - 2014-07-12 02:49 - 00168362 _____ () C:\ProgramData\RUNDLL32.EXE-2656-F.txt
2014-07-11 12:00 - 2014-07-11 12:06 - 00003563 _____ () C:\ProgramData\RUNDLL32.EXE-2996-F.txt
2014-07-11 09:13 - 2014-07-19 11:44 - 00035843 _____ () C:\ProgramData\RUNDLL32.EXE-2532-F.txt
2014-07-11 06:20 - 2014-07-11 06:31 - 00005220 _____ () C:\ProgramData\RUNDLL32.EXE-1536-F.txt
2014-07-10 09:14 - 2014-07-10 09:44 - 00011232 _____ () C:\ProgramData\RUNDLL32.EXE-1040-F.txt
2014-07-10 06:41 - 2014-07-10 06:53 - 00006294 _____ () C:\ProgramData\RUNDLL32.EXE-164-F.txt
2014-07-09 06:26 - 2014-07-09 06:33 - 00003239 _____ () C:\ProgramData\RUNDLL32.EXE-2060-F.txt
2014-07-08 09:21 - 2014-07-08 09:44 - 00010995 _____ () C:\ProgramData\RUNDLL32.EXE-364-F.txt
2014-07-08 06:27 - 2014-07-08 06:48 - 00010425 _____ () C:\ProgramData\RUNDLL32.EXE-2980-F.txt
2014-07-07 09:40 - 2014-07-07 09:44 - 00001981 _____ () C:\ProgramData\RUNDLL32.EXE-1208-F.txt
2014-07-07 06:34 - 2014-07-07 06:49 - 00007532 _____ () C:\ProgramData\RUNDLL32.EXE-956-F.txt
2014-07-06 05:53 - 2014-07-06 08:08 - 00066839 _____ () C:\ProgramData\RUNDLL32.EXE-2032-F.txt
2014-07-06 00:04 - 2014-07-06 02:57 - 00087506 _____ () C:\ProgramData\RUNDLL32.EXE-2340-F.txt
2014-07-05 12:48 - 2014-07-05 12:55 - 00004044 _____ () C:\ProgramData\RUNDLL32.EXE-3012-F.txt
2014-07-05 09:41 - 2014-07-05 10:05 - 00011956 _____ () C:\ProgramData\RUNDLL32.EXE-2120-F.txt
2014-07-04 06:25 - 2014-07-04 06:36 - 00005916 _____ () C:\ProgramData\RUNDLL32.EXE-2220-F.txt
2014-07-03 08:59 - 2014-07-03 09:35 - 00017715 _____ () C:\ProgramData\RUNDLL32.EXE-2452-F.txt
2014-07-03 06:48 - 2014-07-03 07:02 - 00006860 _____ () C:\ProgramData\RUNDLL32.EXE-2180-F.txt
2014-07-02 09:19 - 2014-07-02 12:31 - 00017073 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-07-02 06:23 - 2014-07-13 09:59 - 00010262 _____ () C:\ProgramData\RUNDLL32.EXE-2836-F.txt
2014-07-01 12:19 - 2014-07-01 12:31 - 00006617 _____ () C:\ProgramData\RUNDLL32.EXE-2944-F.txt
2014-06-30 12:51 - 2014-06-30 12:57 - 00003121 _____ () C:\ProgramData\RUNDLL32.EXE-1180-F.txt
2014-06-30 08:44 - 2014-06-30 09:36 - 00026163 _____ () C:\ProgramData\RUNDLL32.EXE-2956-F.txt
2014-06-29 10:11 - 2014-06-29 10:20 - 00004977 _____ () C:\ProgramData\RUNDLL32.EXE-2600-F.txt
2014-06-29 02:06 - 2014-06-29 02:16 - 00004942 _____ () C:\ProgramData\RUNDLL32.EXE-2244-F.txt
2014-06-28 23:10 - 2014-06-28 23:59 - 00024980 _____ () C:\ProgramData\RUNDLL32.EXE-1352-F.txt
2014-06-28 06:16 - 2014-06-28 08:03 - 00054263 _____ () C:\ProgramData\RUNDLL32.EXE-2904-F.txt
2014-06-27 23:45 - 2014-06-27 23:45 - 00000000 ____D () C:\ProgramData\69C67EF23B9CD73186992916CB237AD7
2014-06-27 23:26 - 2014-07-15 09:35 - 00153001 _____ () C:\ProgramData\RUNDLL32.EXE-3048-F.txt
2014-06-27 21:01 - 2014-06-27 21:04 - 00001395 _____ () C:\ProgramData\RUNDLL32.EXE-1200-F.txt
2014-06-27 09:36 - 2014-06-27 10:04 - 00014038 _____ () C:\ProgramData\RUNDLL32.EXE-3060-F.txt
2014-06-26 10:22 - 2014-06-26 11:25 - 00032176 _____ () C:\ProgramData\RUNDLL32.EXE-2560-F.txt
2014-06-26 06:24 - 2014-06-26 06:36 - 00006492 _____ () C:\ProgramData\RUNDLL32.EXE-2500-F.txt
2014-06-25 09:54 - 2014-06-25 11:11 - 00038357 _____ () C:\ProgramData\RUNDLL32.EXE-1276-F.txt
2014-06-25 06:25 - 2014-06-25 06:36 - 00005634 _____ () C:\ProgramData\RUNDLL32.EXE-1524-F.txt
2014-06-24 08:51 - 2014-07-20 00:38 - 00008125 _____ () C:\ProgramData\RUNDLL32.EXE-1368-F.txt
2014-06-24 05:23 - 2014-06-24 05:44 - 00010651 _____ () C:\ProgramData\RUNDLL32.EXE-688-F.txt
2014-06-23 09:43 - 2014-06-23 10:09 - 00013212 _____ () C:\ProgramData\RUNDLL32.EXE-1308-F.txt
2014-06-23 06:57 - 2014-06-23 07:06 - 00004150 _____ () C:\ProgramData\RUNDLL32.EXE-2868-F.txt
==================== One Month Modified Files and Folders =======
2014-07-23 16:41 - 2014-07-23 16:40 - 00000000 ____D () C:\FRST
2014-07-23 06:32 - 2014-07-23 06:31 - 00000822 _____ () C:\ProgramData\RUNDLL32.EXE-2768-F.txt
2014-07-23 06:32 - 2013-12-17 07:34 - 00043198 _____ () C:\Windows\setupact.log
2014-07-23 06:31 - 2014-07-23 06:31 - 00000000 ____D () C:\Windows\LastGood
2014-07-23 06:30 - 2013-07-30 23:37 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2014-07-23 06:20 - 2014-07-23 06:17 - 00001081 _____ () C:\ProgramData\RUNDLL32.EXE-2300-F.txt
2014-07-22 10:03 - 2014-07-22 09:48 - 00007167 _____ () C:\ProgramData\RUNDLL32.EXE-3008-F.txt
2014-07-22 09:54 - 2009-07-13 20:45 - 00010096 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 09:54 - 2009-07-13 20:45 - 00010096 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 08:27 - 2014-07-22 08:08 - 00009283 _____ () C:\ProgramData\RUNDLL32.EXE-2680-F.txt
2014-07-22 07:40 - 2014-07-22 07:39 - 00000829 _____ () C:\ProgramData\RUNDLL32.EXE-3044-F.txt
2014-07-22 07:33 - 2014-07-22 07:30 - 00001849 _____ () C:\ProgramData\RUNDLL32.EXE-2748-F.txt
2014-07-22 07:33 - 2014-07-22 07:22 - 00000000 ____D () C:\AdwCleaner
2014-07-22 07:30 - 2014-06-02 08:33 - 00000000 ____D () C:\Users\Reinhard\AppData\Local\CrashDumps
2014-07-22 07:23 - 2014-07-22 07:19 - 00001912 _____ () C:\ProgramData\RUNDLL32.EXE-212-F.txt
2014-07-22 07:22 - 2014-07-22 07:22 - 01354223 _____ () C:\Users\Reinhard\Downloads\adwcleaner_3.216.exe
2014-07-22 07:22 - 2014-07-22 07:22 - 01354223 _____ () C:\Users\Reinhard\Downloads\adwcleaner_3.216 (1).exe
2014-07-22 07:05 - 2014-07-22 06:09 - 00027063 _____ () C:\ProgramData\RUNDLL32.EXE-3004-F.txt
2014-07-21 10:44 - 2014-06-14 06:43 - 00114586 _____ () C:\ProgramData\RUNDLL32.EXE-2828-F.txt
2014-07-21 09:59 - 2014-06-01 01:59 - 00071259 _____ () C:\ProgramData\RUNDLL32.EXE-2792-F.txt
2014-07-21 08:05 - 2014-07-21 07:13 - 00009735 _____ () C:\ProgramData\RUNDLL32.EXE-2744-F.txt
2014-07-21 08:00 - 2013-12-18 10:22 - 01537946 _____ () C:\Windows\PFRO.log
2014-07-21 07:59 - 2014-07-21 07:28 - 00015076 _____ () C:\ProgramData\RUNDLL32.EXE-3732-F.txt
2014-07-21 07:57 - 2014-07-21 07:57 - 02028976 _____ () C:\Users\Reinhard\Downloads\winrar-x64-510d.exe
2014-07-21 07:57 - 2014-07-21 07:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-21 07:54 - 2014-07-13 07:43 - 00000000 ____D () C:\Users\Reinhard\AppData\Roaming\Nico Mak Computing
2014-07-21 07:52 - 2014-07-21 07:52 - 00000000 ____D () C:\ProgramData\PDF Architect
2014-07-21 07:33 - 2014-07-21 07:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-21 07:32 - 2014-07-21 07:32 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Reinhard\Downloads\mbar-1.07.0.1012.exe
2014-07-21 07:32 - 2014-07-21 07:32 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-07-21 07:32 - 2014-07-21 07:32 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-07-21 07:32 - 2014-07-21 07:32 - 00000000 ____D () C:\Users\Reinhard\Desktop\mbar
2014-07-21 07:27 - 2014-07-19 12:50 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-21 07:24 - 2013-12-18 10:26 - 00191039 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 07:21 - 2014-07-21 07:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\Reinhard\Downloads\HiJackThis204.exe
2014-07-21 07:20 - 2014-07-21 07:17 - 333878864 _____ (NVIDIA Corporation) C:\Users\Reinhard\Downloads\337.88-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-07-21 06:51 - 2014-07-21 06:27 - 00011476 _____ () C:\ProgramData\RUNDLL32.EXE-1184-F.txt
2014-07-20 10:12 - 2014-07-20 09:08 - 00031122 _____ () C:\ProgramData\RUNDLL32.EXE-2720-F.txt
2014-07-20 08:23 - 2014-07-20 08:13 - 00004942 _____ () C:\ProgramData\RUNDLL32.EXE-2228-F.txt
2014-07-20 08:22 - 2014-07-20 08:18 - 00001007 _____ () C:\Users\Public\Desktop\DriverTuner.lnk
2014-07-20 08:22 - 2014-07-20 08:18 - 00000000 ____D () C:\Program Files (x86)\DriverTuner
2014-07-20 08:20 - 2014-07-20 08:20 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Reinhard\Downloads\gggggggggggggggggggggggggggggggggggg.exe
2014-07-20 08:19 - 2014-07-20 08:19 - 02938144 _____ (LionSea Software co., ltd ) C:\Users\Reinhard\Downloads\setup.exe
2014-07-20 07:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-07-20 07:09 - 2014-07-20 07:09 - 00502750 _____ () C:\Users\Reinhard\Downloads\eBay-Kaufabwicklung – Kauf abgeschlossen_dll.mht
2014-07-20 03:08 - 2014-06-17 06:33 - 00070233 _____ () C:\ProgramData\RUNDLL32.EXE-2756-F.txt
2014-07-20 00:58 - 2014-07-20 00:53 - 00002693 _____ () C:\ProgramData\RUNDLL32.EXE-1056-F.txt
2014-07-20 00:38 - 2014-06-24 08:51 - 00008125 _____ () C:\ProgramData\RUNDLL32.EXE-1368-F.txt
2014-07-19 13:00 - 2014-07-19 12:38 - 00010942 _____ () C:\ProgramData\RUNDLL32.EXE-2660-F.txt
2014-07-19 12:53 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Help
2014-07-19 12:52 - 2014-07-19 12:52 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-19 12:52 - 2014-07-19 12:52 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-19 12:37 - 2014-07-19 12:23 - 00007076 _____ () C:\ProgramData\RUNDLL32.EXE-2616-F.txt
2014-07-19 12:33 - 2010-12-03 10:14 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-07-19 12:21 - 2014-07-19 12:17 - 00001839 _____ () C:\ProgramData\RUNDLL32.EXE-2612-F.txt
2014-07-19 12:15 - 2014-06-16 09:39 - 00034806 _____ () C:\ProgramData\RUNDLL32.EXE-2812-F.txt
2014-07-19 11:44 - 2014-07-11 09:13 - 00035843 _____ () C:\ProgramData\RUNDLL32.EXE-2532-F.txt
2014-07-19 11:01 - 2014-07-19 11:01 - 00000000 ____D () C:\ProgramData\UjzirAhobf
2014-07-19 11:01 - 2014-07-19 11:01 - 00000000 ____D () C:\ProgramData\EtfaqDexle
2014-07-19 11:01 - 2014-07-19 11:01 - 00000000 ____D () C:\ProgramData\AxugAyaff
2014-07-19 10:24 - 2014-07-19 10:21 - 00000778 _____ () C:\ProgramData\RUNDLL32.EXE-2784-F.txt
2014-07-19 10:05 - 2014-07-19 09:35 - 00015164 _____ () C:\ProgramData\RUNDLL32.EXE-2716-F.txt
2014-07-19 09:54 - 2014-07-19 09:54 - 00000000 ____D () C:\NVIDIA
2014-07-19 09:36 - 2014-07-19 09:36 - 00000000 ____D () C:\ProgramData\UcipCojy
2014-07-19 09:36 - 2014-07-19 09:36 - 00000000 ____D () C:\ProgramData\OjimIxos
2014-07-19 09:36 - 2014-07-19 09:36 - 00000000 ____D () C:\ProgramData\AbziRequ
2014-07-19 09:34 - 2011-07-20 23:01 - 00000000 ____D () C:\Windows\Minidump
2014-07-19 06:58 - 2014-01-02 05:44 - 00262144 ____N () C:\Windows\Minidump\071914-41340-01.dmp
2014-07-19 06:57 - 2014-01-02 05:44 - 00262144 ____N () C:\Windows\Minidump\071914-41511-01.dmp
2014-07-16 08:52 - 2014-07-16 08:52 - 00555672 _____ () C:\Windows\Minidump\071614-29577-01.dmp
2014-07-16 08:51 - 2014-07-16 08:51 - 00555672 _____ () C:\Windows\Minidump\071614-29593-01.dmp
2014-07-16 08:50 - 2014-07-16 08:50 - 00555672 _____ () C:\Windows\Minidump\071614-29094-01.dmp
2014-07-15 12:05 - 2014-05-31 22:25 - 00034660 _____ () C:\ProgramData\RUNDLL32.EXE-2856-F.txt
2014-07-15 09:35 - 2014-06-27 23:26 - 00153001 _____ () C:\ProgramData\RUNDLL32.EXE-3048-F.txt
2014-07-15 06:33 - 2014-07-15 06:23 - 00004971 _____ () C:\ProgramData\RUNDLL32.EXE-816-F.txt
2014-07-14 09:49 - 2014-07-14 09:29 - 00009753 _____ () C:\ProgramData\RUNDLL32.EXE-2824-F.txt
2014-07-14 08:24 - 2014-07-14 08:24 - 00555672 _____ () C:\Windows\Minidump\071414-92945-01.dmp
2014-07-14 08:22 - 2014-07-14 08:22 - 00262144 ____N () C:\Windows\Minidump\071414-28501-01.dmp
2014-07-14 06:47 - 2014-05-30 06:12 - 00055431 _____ () C:\ProgramData\RUNDLL32.EXE-2636-F.txt
2014-07-14 06:42 - 2014-07-14 06:41 - 00555672 _____ () C:\Windows\Minidump\071414-102601-01.dmp
2014-07-13 10:06 - 2014-07-13 10:06 - 00262144 ____H () C:\Windows\DUMPa1a5.DMP
2014-07-13 10:00 - 2014-07-13 10:00 - 00262144 ____H () C:\Windows\DUMPcb0f.DMP
2014-07-13 09:59 - 2014-07-02 06:23 - 00010262 _____ () C:\ProgramData\RUNDLL32.EXE-2836-F.txt
2014-07-13 07:58 - 2014-06-07 21:18 - 00026225 _____ () C:\ProgramData\RUNDLL32.EXE-2924-F.txt
2014-07-13 07:43 - 2014-06-15 09:30 - 00091740 _____ () C:\ProgramData\RUNDLL32.EXE-2884-F.txt
2014-07-13 06:41 - 2014-07-13 06:14 - 00013810 _____ () C:\ProgramData\RUNDLL32.EXE-2232-F.txt
2014-07-13 02:27 - 2014-06-09 06:04 - 00157523 _____ () C:\ProgramData\RUNDLL32.EXE-2876-F.txt
2014-07-12 23:50 - 2014-07-12 23:27 - 00012242 _____ () C:\ProgramData\RUNDLL32.EXE-2800-F.txt
2014-07-12 23:48 - 2011-02-06 02:27 - 00000000 ____D () C:\Users\Reinhard\Döling KG
2014-07-12 22:41 - 2014-07-12 22:33 - 00004435 _____ () C:\ProgramData\RUNDLL32.EXE-2372-F.txt
2014-07-12 12:12 - 2014-07-12 06:07 - 00184467 _____ () C:\ProgramData\RUNDLL32.EXE-2188-F.txt
2014-07-12 06:39 - 2014-07-12 06:39 - 03678208 _____ () C:\Users\Reinhard\Downloads\Heidi (M).pps
2014-07-12 02:49 - 2014-07-11 21:19 - 00168362 _____ () C:\ProgramData\RUNDLL32.EXE-2656-F.txt
2014-07-11 12:06 - 2014-07-11 12:00 - 00003563 _____ () C:\ProgramData\RUNDLL32.EXE-2996-F.txt
2014-07-11 06:31 - 2014-07-11 06:20 - 00005220 _____ () C:\ProgramData\RUNDLL32.EXE-1536-F.txt
2014-07-10 09:44 - 2014-07-10 09:14 - 00011232 _____ () C:\ProgramData\RUNDLL32.EXE-1040-F.txt
2014-07-10 06:53 - 2014-07-10 06:41 - 00006294 _____ () C:\ProgramData\RUNDLL32.EXE-164-F.txt
2014-07-09 09:40 - 2014-06-09 09:39 - 00018854 _____ () C:\ProgramData\RUNDLL32.EXE-2852-F.txt
2014-07-09 06:33 - 2014-07-09 06:26 - 00003239 _____ () C:\ProgramData\RUNDLL32.EXE-2060-F.txt
2014-07-08 09:44 - 2014-07-08 09:21 - 00010995 _____ () C:\ProgramData\RUNDLL32.EXE-364-F.txt
2014-07-08 06:48 - 2014-07-08 06:27 - 00010425 _____ () C:\ProgramData\RUNDLL32.EXE-2980-F.txt
2014-07-07 09:44 - 2014-07-07 09:40 - 00001981 _____ () C:\ProgramData\RUNDLL32.EXE-1208-F.txt
2014-07-07 06:49 - 2014-07-07 06:34 - 00007532 _____ () C:\ProgramData\RUNDLL32.EXE-956-F.txt
2014-07-06 11:38 - 2014-06-11 08:35 - 00019891 _____ () C:\ProgramData\RUNDLL32.EXE-2948-F.txt
2014-07-06 08:08 - 2014-07-06 05:53 - 00066839 _____ () C:\ProgramData\RUNDLL32.EXE-2032-F.txt
2014-07-06 06:12 - 2011-02-06 02:56 - 00000000 ____D () C:\Users\Reinhard\Versicherungen
2014-07-06 02:57 - 2014-07-06 00:04 - 00087506 _____ () C:\ProgramData\RUNDLL32.EXE-2340-F.txt
2014-07-05 12:55 - 2014-07-05 12:48 - 00004044 _____ () C:\ProgramData\RUNDLL32.EXE-3012-F.txt
2014-07-05 10:05 - 2014-07-05 09:41 - 00011956 _____ () C:\ProgramData\RUNDLL32.EXE-2120-F.txt
2014-07-05 03:06 - 2014-06-08 12:00 - 00160347 _____ () C:\ProgramData\RUNDLL32.EXE-2144-F.txt
2014-07-04 14:31 - 2014-06-01 10:28 - 00038050 _____ () C:\ProgramData\RUNDLL32.EXE-2912-F.txt
2014-07-04 06:36 - 2014-07-04 06:25 - 00005916 _____ () C:\ProgramData\RUNDLL32.EXE-2220-F.txt
2014-07-03 12:08 - 2014-05-27 08:54 - 00086258 _____ () C:\ProgramData\RUNDLL32.EXE-2908-F.txt
2014-07-03 09:35 - 2014-07-03 08:59 - 00017715 _____ () C:\ProgramData\RUNDLL32.EXE-2452-F.txt
2014-07-03 09:28 - 2011-11-06 01:59 - 00022016 _____ () C:\Users\Reinhard\Kinderzahlungen.xls
2014-07-03 09:28 - 2011-02-04 07:14 - 00000000 ____D () C:\users\Reinhard
2014-07-03 07:02 - 2014-07-03 06:48 - 00006860 _____ () C:\ProgramData\RUNDLL32.EXE-2180-F.txt
2014-07-02 12:31 - 2014-07-02 09:19 - 00017073 _____ () C:\ProgramData\RUNDLL32.EXE-2932-F.txt
2014-07-01 12:31 - 2014-07-01 12:19 - 00006617 _____ () C:\ProgramData\RUNDLL32.EXE-2944-F.txt
2014-07-01 06:36 - 2014-06-03 06:44 - 00027718 _____ () C:\ProgramData\RUNDLL32.EXE-1268-F.txt
2014-06-30 12:57 - 2014-06-30 12:51 - 00003121 _____ () C:\ProgramData\RUNDLL32.EXE-1180-F.txt
2014-06-30 09:36 - 2014-06-30 08:44 - 00026163 _____ () C:\ProgramData\RUNDLL32.EXE-2956-F.txt
2014-06-30 08:17 - 2014-06-07 00:45 - 00291898 _____ () C:\ProgramData\RUNDLL32.EXE-2872-F.txt
2014-06-29 10:20 - 2014-06-29 10:11 - 00004977 _____ () C:\ProgramData\RUNDLL32.EXE-2600-F.txt
2014-06-29 08:40 - 2014-05-25 05:55 - 00198853 _____ () C:\ProgramData\RUNDLL32.EXE-2972-F.txt
2014-06-29 04:59 - 2014-06-02 11:54 - 00076249 _____ () C:\ProgramData\RUNDLL32.EXE-2952-F.txt
2014-06-29 02:16 - 2014-06-29 02:06 - 00004942 _____ () C:\ProgramData\RUNDLL32.EXE-2244-F.txt
2014-06-28 23:59 - 2014-06-28 23:10 - 00024980 _____ () C:\ProgramData\RUNDLL32.EXE-1352-F.txt
2014-06-28 13:19 - 2014-06-10 08:30 - 00036970 _____ () C:\ProgramData\RUNDLL32.EXE-2860-F.txt
2014-06-28 09:48 - 2014-05-30 12:10 - 00019452 _____ () C:\ProgramData\RUNDLL32.EXE-2864-F.txt
2014-06-28 08:03 - 2014-06-28 06:16 - 00054263 _____ () C:\ProgramData\RUNDLL32.EXE-2904-F.txt
2014-06-27 23:45 - 2014-06-27 23:45 - 00000000 ____D () C:\ProgramData\69C67EF23B9CD73186992916CB237AD7
2014-06-27 21:04 - 2014-06-27 21:01 - 00001395 _____ () C:\ProgramData\RUNDLL32.EXE-1200-F.txt
2014-06-27 10:04 - 2014-06-27 09:36 - 00014038 _____ () C:\ProgramData\RUNDLL32.EXE-3060-F.txt
2014-06-26 11:25 - 2014-06-26 10:22 - 00032176 _____ () C:\ProgramData\RUNDLL32.EXE-2560-F.txt
2014-06-26 06:36 - 2014-06-26 06:24 - 00006492 _____ () C:\ProgramData\RUNDLL32.EXE-2500-F.txt
2014-06-25 11:11 - 2014-06-25 09:54 - 00038357 _____ () C:\ProgramData\RUNDLL32.EXE-1276-F.txt
2014-06-25 10:35 - 2011-12-29 10:28 - 00041984 _____ () C:\Users\Reinhard\Documents\Besondere Ereignisse.xls
2014-06-25 06:36 - 2014-06-25 06:25 - 00005634 _____ () C:\ProgramData\RUNDLL32.EXE-1524-F.txt
2014-06-24 05:44 - 2014-06-24 05:23 - 00010651 _____ () C:\ProgramData\RUNDLL32.EXE-688-F.txt
2014-06-23 10:09 - 2014-06-23 09:43 - 00013212 _____ () C:\ProgramData\RUNDLL32.EXE-1308-F.txt
2014-06-23 07:06 - 2014-06-23 06:57 - 00004150 _____ () C:\ProgramData\RUNDLL32.EXE-2868-F.txt
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
Files to move or delete:
====================
C:\ProgramData\AbvaSquz.dat
C:\ProgramData\OrexFuyu.dat
C:\ProgramData\ozouei.dat
C:\ProgramData\UmahMiri.dat
C:\ProgramData\vjrbeqv.dat
C:\ProgramData\vqnwam.dat
C:\Users\Reinhard\avg_avct_stb_all_2012_1796_cm10.exe
C:\Users\Reinhard\InstallMyTomTomSA.exe
C:\Users\Reinhard\Office2003SP3-KB923618-FullFile-DEU.exe
Some content of TEMP:
====================
C:\Users\Reinhard\AppData\Local\Temp\dRbT.dll
C:\Users\Reinhard\AppData\Local\Temp\iSXk.dll
C:\Users\Reinhard\AppData\Local\Temp\kktxil.exe
C:\Users\Reinhard\AppData\Local\Temp\NEventMessages.dll
C:\Users\Reinhard\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Reinhard\AppData\Local\Temp\P5U0.dll
C:\Users\Reinhard\AppData\Local\Temp\Quarantine.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
==================== Restore Points =========================
Restore point made on: 2014-04-15 08:32:17
Restore point made on: 2014-04-18 08:06:51
Restore point made on: 2014-05-01 01:39:55
Restore point made on: 2014-05-11 00:08:40
Restore point made on: 2014-05-31 06:45:58
Restore point made on: 2014-05-31 06:47:43
Restore point made on: 2014-06-28 02:32:19
Restore point made on: 2014-07-13 07:52:57
Restore point made on: 2014-07-13 07:55:28
Restore point made on: 2014-07-19 12:51:59
Restore point made on: 2014-07-20 00:38:24
Restore point made on: 2014-07-21 07:52:03
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 4095.29 MB
Available physical RAM: 3427.05 MB
Total Pagefile: 4093.44 MB
Available Pagefile: 3414.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:1366.17 GB) (Free:1203.76 GB) NTFS
Drive e: (Recover) (Fixed) (Total:30 GB) (Free:10.4 GB) NTFS
Drive j: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.7 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1397 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-732114714624) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 4 (Size: 4 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
LastRegBack: 2013-10-12 06:03
==================== End Of Log ============================
Nachtrag: mir ist bewusst das mehrere anti-maleware Tools installiert sind aber ich komm über die deinstallation nicht weiter. auch der abgesicherte Modus ist nicht ausführbar. Sprich der Rechner fährt direkt wieder runter. mfg |
| Themen zu Windows 7 - Home 64bit - Computer total verseucht |
| adobe, antivir, askbar, avg, avira, computer, desktop, google, hijack, hijackthis, home, kaputt, realtek, registry, rundll, scan, security, services.exe, software, spyware, svchost.exe, symantec, system, temp, usb, windows |
Baum-Darstellung