|
Plagegeister aller Art und deren Bekämpfung: Keine Installationen und Updates mehr möglichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.09.2014, 10:14 | #1 |
| Keine Installationen und Updates mehr möglich Hallo Trojaner Board, ich hoffe euch geht es gut, wir haben uns ja nun eine ganze Weile nicht gesprochen Nun, die Überschrift meines Threats beschreibt das Problem in seiner Essenz. Weder Flash Player, Malwarebytes noch andere Programme lassen sich updaten. Zahlreiche Scans mit Spybot S&D und Avast lieferten kein Ergebnis - komischerweise funktioniert der System - Scan mit Malwarebytes allerdings auch nicht, das Programm wird mittendrin abgebrochen. |
11.09.2014, 10:22 | #2 |
/// TB-Ausbilder | Keine Installationen und Updates mehr möglich Hallo Katrin Reß
__________________Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg. Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen. Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
11.09.2014, 11:10 | #3 |
| Keine Installationen und Updates mehr möglich So, erstmal die FRST.txt:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014 Ran by Windows 7 (administrator) on WINDOWS7-PC on 11-09-2014 11:32:40 Running from D:\Draft Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Zhorn Software) C:\Program Files\Stickies\fff.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Farbar) D:\Draft\FRST(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-2494939295-118947492-3605075000-1001\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com) HKU\S-1-5-21-2494939295-118947492-3605075000-1001\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company) Startup: C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\fff.exe (Zhorn Software) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) BootExecute: autocheck autochk * RwcLkRen C:\Windows\system32\RwcLkCfgsdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD3742AD29B85CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265 SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - {F3D27D94-9B5A-464E-98D7-BF88A0D63F86} URL = hxxp://www.google.de/search?q={searchTerms} Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\ntdstz4m.default-1408919380087 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\discogs.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\soundcloud.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\urban-dictionary.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wikipedia-eng.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\youtube-videosuche.xml FF Extension: Classic Theme Restorer - C:\Users\Windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\ntdstz4m.default-1408919380087\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-08-25] FF Extension: QuickNote - C:\Users\Windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\ntdstz4m.default-1408919380087\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2014-08-25] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-26] FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-10-05] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR CustomProfile: C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (__MSG_appName__) - C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\beahobhgpojnjfdjglaehfhdanaioode [2014-03-22] CHR Extension: (YouTube) - C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-12] CHR Extension: (Google Search) - C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-12] CHR Extension: (SaveByclick) - C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkjmpobpbjjjfajbalampbnjmbnefki [2013-01-22] CHR Extension: (Gmail) - C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-12] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-18] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-18] (AVAST Software) R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2304912 2011-07-06] (WIBU-SYSTEMS AG) R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-18] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-18] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-18] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-18] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-18] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-18] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-18] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-18] () R3 FETND6V; C:\Windows\System32\DRIVERS\fetnd6v.sys [43520 2008-09-22] (VIA Technologies, Inc. ) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. ) S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [46680 2011-07-07] (Focusrite Audio Engineering Limited.) S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [93304 2011-06-28] (PACE Anti-Piracy, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\WINDOW~1\AppData\Local\Temp\catchme.sys [X] S3 cleanhlp; \??\C:\EEK\Run\cleanhlp32.sys [X] S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x86\Sandra.sys [X] S3 taphss; system32\DRIVERS\taphss.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-11 09:29 - 2014-09-11 09:29 - 318922021 _____ () C:\Windows\MEMORY.DMP 2014-09-11 09:29 - 2014-09-11 09:29 - 00153728 _____ () C:\Windows\Minidump\091114-40607-01.dmp 2014-09-11 09:09 - 2014-09-11 09:09 - 00000352 _____ () C:\Windows\PFRO.log 2014-09-11 00:47 - 2012-05-04 19:29 - 00772504 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2014-09-11 00:47 - 2012-05-04 19:29 - 00687504 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2014-09-11 00:35 - 2014-09-11 11:32 - 00000000 ____D () C:\FRST 2014-09-11 00:26 - 2014-09-11 00:26 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf 2014-09-11 00:26 - 2012-04-04 12:26 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia 2014-09-11 00:26 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-09-11 00:26 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-09-11 00:23 - 2013-02-28 13:19 - 20541216 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll 2014-09-11 00:23 - 2013-02-28 13:19 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-09-11 00:23 - 2013-02-28 13:19 - 08950048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-09-11 00:23 - 2013-02-28 13:19 - 07959000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-09-11 00:23 - 2013-02-28 13:19 - 06271872 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-09-11 00:23 - 2013-02-28 13:19 - 02730784 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-09-11 00:23 - 2013-02-28 13:19 - 01995552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-09-11 00:23 - 2013-02-28 13:19 - 01012512 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3231414.dll 2014-09-11 00:23 - 2013-02-28 13:19 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3231414.dll 2014-09-11 00:21 - 2014-09-11 11:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-11 00:21 - 2014-09-11 00:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-11 00:21 - 2014-09-11 00:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-11 00:16 - 2014-09-11 11:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-11 00:16 - 2014-09-11 00:16 - 00001031 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-11 00:16 - 2014-09-11 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-11 00:16 - 2014-09-11 00:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-11 00:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-11 00:16 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-11 00:16 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-10 23:54 - 2014-09-11 00:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-10 23:54 - 2014-09-11 00:00 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-09-10 23:54 - 2014-09-10 23:54 - 00002102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-09-10 23:54 - 2014-09-10 23:54 - 00002090 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-09-10 23:54 - 2014-09-10 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-09-10 23:54 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe 2014-09-10 14:40 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 14:40 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 14:40 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 14:40 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 14:40 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 14:40 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 14:40 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 14:40 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-09-10 14:40 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 14:40 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 14:40 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-09-10 14:40 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-09-10 14:39 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 13:33 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 13:33 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 13:33 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 13:33 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 12:45 - 2014-09-10 12:45 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\Cycling '74 2014-09-10 12:32 - 2014-09-10 12:35 - 00000000 ____D () C:\Users\TEMP 2014-09-10 12:21 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 12:08 - 2014-09-10 12:08 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-09-09 19:56 - 2014-09-09 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-09-09 15:57 - 2014-09-10 12:06 - 00000000 ____D () C:\NVIDIA 2014-09-09 15:27 - 2014-09-09 15:27 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\EasySettingBox 2014-09-09 15:26 - 2014-09-09 19:56 - 00000000 ____D () C:\Program Files\Samsung 2014-09-09 15:24 - 2014-09-10 13:22 - 00000000 ____D () C:\Program Files\MonitorDriver 2014-09-09 15:24 - 2014-09-09 15:24 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\InstallShield 2014-09-03 10:32 - 2014-09-11 09:29 - 00000840 _____ () C:\Windows\setupact.log 2014-09-03 10:32 - 2014-09-03 10:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-02 13:10 - 2014-09-02 13:10 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\OpenOffice 2014-09-02 13:09 - 2014-09-02 13:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2014-09-02 13:09 - 2014-09-02 13:09 - 00000000 ____D () C:\Program Files\OpenOffice 4 2014-08-30 21:20 - 2014-08-30 21:20 - 00000000 ____D () C:\Users\Public\Foxit Software 2014-08-30 21:20 - 2014-08-30 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2014-08-28 10:49 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 10:49 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-18 02:34 - 2014-08-18 02:34 - 00000000 ____D () C:\Users\Windows 7\Documents\OFX Presets 2014-08-13 19:06 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-13 19:06 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-13 19:06 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-13 19:06 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-13 12:38 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon(100).dll 2014-08-13 12:38 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet(102).dll 2014-08-13 12:38 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil(91).dll 2014-08-13 12:38 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled(96).dll 2014-08-13 12:38 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-13 12:38 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-13 12:38 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-13 12:38 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-13 12:38 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-13 12:38 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-13 12:38 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-13 12:38 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale(93).nls 2014-08-13 12:38 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-13 12:38 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-13 12:38 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-08-13 12:38 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-13 12:38 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-13 12:38 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-13 12:38 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-13 12:38 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-11 11:32 - 2014-09-11 00:35 - 00000000 ____D () C:\FRST 2014-09-11 11:11 - 2014-09-11 00:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-11 11:03 - 2014-09-11 00:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-11 09:37 - 2009-07-14 06:34 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-11 09:37 - 2009-07-14 06:34 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-11 09:29 - 2014-09-11 09:29 - 318922021 _____ () C:\Windows\MEMORY.DMP 2014-09-11 09:29 - 2014-09-11 09:29 - 00153728 _____ () C:\Windows\Minidump\091114-40607-01.dmp 2014-09-11 09:29 - 2014-09-03 10:32 - 00000840 _____ () C:\Windows\setupact.log 2014-09-11 09:29 - 2011-12-02 00:15 - 00000000 ____D () C:\Windows\Minidump 2014-09-11 09:29 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-11 09:14 - 2014-07-06 10:33 - 01799850 _____ () C:\Windows\WindowsUpdate.log 2014-09-11 09:11 - 2011-11-29 22:50 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\stickies 2014-09-11 09:09 - 2014-09-11 09:09 - 00000352 _____ () C:\Windows\PFRO.log 2014-09-11 00:45 - 2014-02-05 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-11 00:26 - 2014-09-11 00:26 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf 2014-09-11 00:26 - 2011-10-07 18:10 - 00000000 ____D () C:\Temp 2014-09-11 00:25 - 2011-10-07 16:07 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-11 00:21 - 2014-09-11 00:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-11 00:21 - 2014-09-11 00:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-11 00:21 - 2011-10-10 11:19 - 00000000 ____D () C:\Users\Windows 7\AppData\Local\Adobe 2014-09-11 00:16 - 2014-09-11 00:16 - 00001031 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-11 00:16 - 2014-09-11 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-11 00:16 - 2014-09-11 00:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-11 00:13 - 2011-12-18 13:52 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\Malwarebytes 2014-09-11 00:13 - 2011-12-18 13:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-11 00:04 - 2014-09-10 23:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-11 00:00 - 2014-09-10 23:54 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-09-10 23:57 - 2012-01-30 14:05 - 00000000 ____D () C:\Users\Windows 2014-09-10 23:54 - 2014-09-10 23:54 - 00002102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-09-10 23:54 - 2014-09-10 23:54 - 00002090 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-09-10 23:54 - 2014-09-10 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-09-10 16:58 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-10 15:17 - 2013-11-27 13:27 - 02392648 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-10 15:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-10 14:39 - 2013-08-14 19:53 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 14:36 - 2011-10-07 16:23 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 14:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-09-10 13:30 - 2011-10-07 15:33 - 01594028 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-10 13:23 - 2011-10-07 15:31 - 00000000 ____D () C:\Users\Windows 7 2014-09-10 13:22 - 2014-09-09 15:24 - 00000000 ____D () C:\Program Files\MonitorDriver 2014-09-10 13:22 - 2013-11-14 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-09-10 13:22 - 2012-11-17 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-09-10 13:22 - 2012-02-16 12:36 - 00000000 ____D () C:\Users\Windows\AppData\Roaming\Winamp 2014-09-10 13:22 - 2012-01-30 14:07 - 00000000 ____D () C:\Users\Windows\AppData\Roaming\Mozilla 2014-09-10 13:22 - 2012-01-30 14:05 - 00000000 ___RD () C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-09-10 13:22 - 2012-01-30 14:05 - 00000000 ___RD () C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-09-10 13:22 - 2011-11-30 19:19 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\vlc 2014-09-10 13:22 - 2011-10-07 16:07 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-09-10 13:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-09-10 13:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas 2014-09-10 13:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2014-09-10 13:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-09-10 13:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help 2014-09-10 12:45 - 2014-09-10 12:45 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\Cycling '74 2014-09-10 12:35 - 2014-09-10 12:32 - 00000000 ____D () C:\Users\TEMP 2014-09-10 12:08 - 2014-09-10 12:08 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-09-10 12:06 - 2014-09-09 15:57 - 00000000 ____D () C:\NVIDIA 2014-09-09 19:56 - 2014-09-09 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-09-09 19:56 - 2014-09-09 15:26 - 00000000 ____D () C:\Program Files\Samsung 2014-09-09 15:27 - 2014-09-09 15:27 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\EasySettingBox 2014-09-09 15:24 - 2014-09-09 15:24 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\InstallShield 2014-09-06 01:14 - 2012-11-04 15:35 - 00001456 _____ () C:\Users\Windows 7\AppData\Local\Adobe Save for Web 12.0 Prefs 2014-09-06 00:50 - 2013-11-28 00:27 - 00134280 _____ () C:\Users\Windows 7\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-03 10:32 - 2014-09-03 10:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-02 13:10 - 2014-09-02 13:10 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\OpenOffice 2014-09-02 13:09 - 2014-09-02 13:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2014-09-02 13:09 - 2014-09-02 13:09 - 00000000 ____D () C:\Program Files\OpenOffice 4 2014-08-31 10:33 - 2013-03-24 19:49 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\Media Player Classic 2014-08-30 21:20 - 2014-08-30 21:20 - 00000000 ____D () C:\Users\Public\Foxit Software 2014-08-30 21:20 - 2014-08-30 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2014-08-30 21:20 - 2011-12-01 02:28 - 00000936 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-08-30 21:20 - 2011-12-01 02:28 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-30 21:20 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-08-30 21:13 - 2012-02-21 11:15 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-08-23 03:46 - 2014-08-28 10:49 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-28 10:49 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-18 20:52 - 2014-05-31 13:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-18 14:21 - 2011-11-22 23:16 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-08-18 02:34 - 2014-08-18 02:34 - 00000000 ____D () C:\Users\Windows 7\Documents\OFX Presets 2014-08-15 16:51 - 2014-09-10 14:40 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-15 16:42 - 2014-09-10 14:40 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-15 16:42 - 2014-09-10 14:40 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-15 16:37 - 2014-09-10 14:40 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-15 16:37 - 2014-09-10 14:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-15 16:36 - 2014-09-10 14:40 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-15 16:35 - 2014-09-10 14:40 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-15 16:35 - 2014-09-10 14:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-15 16:34 - 2014-09-10 14:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-15 16:34 - 2014-09-10 14:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-15 16:34 - 2014-09-10 14:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-15 16:34 - 2014-09-10 14:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-15 16:34 - 2014-09-10 12:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll Some content of TEMP: ==================== C:\Users\Windows 7\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\Windows 7\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Windows 7\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Windows 7\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-06 22:35 ==================== End Of Log ============================ Die Addition.TXT:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-09-2014 Ran by Windows 7 at 2014-09-11 00:36:32 Running from D:\Draft Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated) Adobe AIR (Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland) Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG) avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - ) Focusrite USB 2.0 Audio Driver 2.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.1 - Focusrite Audio Engineering Limited.) Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.3.815 - Foxit Corporation) Google Update Helper (Version: 1.3.21.111 - Google Inc.) Hidden iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.) Java 8 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation) Java Auto Updater (Version: 2.8.05.13 - Oracle, Inc.) Hidden JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) K-Lite Codec Pack 9.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.8.0 - ) LightScribe System Software (HKLM\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe) LightScribe Template Labeler (HKLM\...\{8A03241E-7A3C-401D-B0CE-B3096F50AE6F}) (Version: 1.18.27.10 - LightScribe) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 32.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 32.0 (x86 en-US)) (Version: 32.0 - Mozilla) Mp3tag v2.58 (HKLM\...\Mp3tag) (Version: v2.58 - Florian Heidenreich) MPK mini Editor (HKLM\...\MPKminiEditor) (Version: - ) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA 3D Vision Controller-Treiber 314.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.14 - NVIDIA Corporation) NVIDIA Grafiktreiber 314.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.14 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) NVIDIA Systemsteuerung 314.14 (Version: 314.14 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - ) OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Stickies 7.1b (HKLM\...\ZhornStickies) (Version: - Zhorn Software) VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VIA Rhine Family Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version: - ) Visual C++ Redistributables (Version: 1.1.0.0929 - PACE Anti-Piracy, Inc.) Hidden VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (07/07/2011 15.32.4.883) (HKLM\...\F4B837225347AABC4F4DB6067C4D5642AF04B34C) (Version: 07/07/2011 15.32.4.883 - Focusrite) WinRAR 5.10 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2494939295-118947492-3605075000-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Windows 7\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-2494939295-118947492-3605075000-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Windows 7\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) ==================== Restore Points ========================= 10-09-2014 10:08:15 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte 10-09-2014 10:13:57 Windows Update 10-09-2014 10:59:06 Windows Modules Installer 10-09-2014 11:07:28 Wiederherstellungsvorgang 10-09-2014 11:14:37 avast! antivirus system restore point 10-09-2014 11:17:20 Wiederherstellungsvorgang 10-09-2014 11:24:02 avast! antivirus system restore point 10-09-2014 11:27:29 Windows Update 10-09-2014 12:34:07 Windows Update 10-09-2014 22:24:06 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte 10-09-2014 22:26:12 Gerätetreiber-Paketinstallation: NVIDIA USB-Controller ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2012-12-26 15:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {060BD9B5-EDB4-49E1-A189-A5DF677CDE7E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {19E79338-F4AD-41C2-8CD0-EDB80231CBB1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-18] (AVAST Software) Task: {2340D933-5E19-45C4-BA4F-6ED38831B4DF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: {3D11A371-64FC-4B4B-B0C4-CAA326C2641B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {47BC44E3-4D76-4CE7-8939-E3CA4175353A} - \BackgroundContainer Startup Task No Task File <==== ATTENTION Task: {49861C4B-CF9C-4DF3-833A-F96FB68FDD23} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {5F76BEDF-1CAF-4BE8-B091-2C2CC0985D97} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {699A0C1D-087C-4900-A16E-5F699EA14348} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: {727348A4-7DAD-4F61-8E3C-ED89812A31C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd) Task: {82FCD426-64C0-464A-85BE-2C3F75A9D7E7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {B50B2103-21DA-4D3B-9FFC-F9C16E366E62} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {D7703829-829A-49F9-9C74-FC1A8E9C2E0F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated) Task: {DBEF833E-BB5A-4309-9292-A5D90B242DBF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: {E621AB1C-37FE-481B-AD7F-5C629EAFBC8B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-18 12:07 - 2014-07-18 12:07 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-09-10 13:25 - 2014-09-10 13:25 - 02847744 _____ () C:\Program Files\AVAST Software\Avast\defs\14091000\algo.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-09-10 23:54 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-09-10 23:54 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2014-07-18 12:07 - 2014-07-18 12:07 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-01-16 12:58 - 2013-01-16 12:58 - 02408448 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll 2013-01-16 12:58 - 2013-01-16 12:58 - 08626176 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll 2013-01-16 12:58 - 2013-01-16 12:58 - 00212992 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2014-05-31 13:36 - 2014-07-30 12:50 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2012-02-01 05:48 - 2012-02-01 05:48 - 00049064 _____ () C:\Program Files\Common Files\DFX\Dlls\dfxShared32.dll 2011-11-22 23:16 - 2014-08-18 14:20 - 03236464 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll 2011-11-22 23:16 - 2014-08-18 14:20 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll 2011-11-22 23:16 - 2014-08-18 14:20 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll 2012-11-21 12:42 - 2012-11-21 07:26 - 00008704 _____ () C:\Users\Windows 7\AppData\Roaming\Thunderbird\Profiles\mvtlvz3d.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll 2014-09-10 23:54 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-09-10 23:54 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2014-09-10 23:54 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-08-21 19:49 - 2014-08-21 19:49 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2011-10-30 15:27 - 2013-02-28 10:36 - 00078624 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Microsoft:FDUDNXZGOnVo2KkJszdkQL ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Digital Still Camera Description: Digital Still Camera Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: (Standardmäßige MTP-unterstützte Geräte) Service: WUDFRd Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (09/11/2014 00:26:55 AM) (Source: MsiInstaller) (EventID: 10011) (User: Windows7-PC) Description: Produkt: NVIDIA PhysX -- Schlüssel ist im angegebenen Status nicht gültig. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/11/2014 00:24:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0x13b0 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Error: (09/11/2014 00:23:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0x4b0 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Error: (09/11/2014 00:23:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0x1304 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Error: (09/11/2014 00:22:20 AM) (Source: MsiInstaller) (EventID: 10011) (User: Windows7-PC) Description: Produkt: Java 8 Update 20 -- Schlüssel ist im angegebenen Status nicht gültig. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/11/2014 00:20:19 AM) (Source: MsiInstaller) (EventID: 10011) (User: Windows7-PC) Description: Product: Adobe AIR -- Schlüssel ist im angegebenen Status nicht gültig. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/11/2014 00:20:06 AM) (Source: MsiInstaller) (EventID: 10011) (User: Windows7-PC) Description: Product: Adobe AIR -- Schlüssel ist im angegebenen Status nicht gültig. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/11/2014 00:16:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0x17dc Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Error: (09/11/2014 00:16:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0x1578 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Error: (09/11/2014 00:15:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xf44 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 System errors: ============= Error: (09/10/2014 11:55:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/10/2014 11:55:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (09/10/2014 03:19:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (09/10/2014 03:19:06 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (09/10/2014 01:26:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (09/10/2014 01:26:00 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (09/10/2014 01:16:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (09/10/2014 01:16:37 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (09/10/2014 11:24:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (09/10/2014 11:24:26 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Microsoft Office Sessions: ========================= Error: (09/11/2014 00:26:55 AM) (Source: MsiInstaller) (EventID: 10011) (User: Windows7-PC) Description: Produkt: NVIDIA PhysX -- Schlüssel ist im angegebenen Status nicht gültig. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/11/2014 00:24:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd13b001cfcd45e57ca3cfC:\Program Files\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files\ Malwarebytes Anti-Malware \MSVCR100.dll2e3aacdf-3939-11e4-b7e7-001e90b7e486 Error: (09/11/2014 00:23:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd4b001cfcd45d94ea16fC:\Program Files\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files\ Malwarebytes Anti-Malware \MSVCR100.dll1cb46691-3939-11e4-b7e7-001e90b7e486 Error: (09/11/2014 00:23:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd130401cfcd45c232c87fC:\Program Files\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files\ Malwarebytes Anti-Malware \MSVCR100.dll05c3cdee-3939-11e4-b7e7-001e90b7e486 Error: (09/11/2014 00:22:20 AM) (Source: MsiInstaller) (EventID: 10011) (User: Windows7-PC) Description: Produkt: Java 8 Update 20 -- Schlüssel ist im angegebenen Status nicht gültig. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/11/2014 00:20:19 AM) (Source: MsiInstaller) (EventID: 10011) (User: Windows7-PC) Description: Product: Adobe AIR -- Schlüssel ist im angegebenen Status nicht gültig. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/11/2014 00:20:06 AM) (Source: MsiInstaller) (EventID: 10011) (User: Windows7-PC) Description: Product: Adobe AIR -- Schlüssel ist im angegebenen Status nicht gültig. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/11/2014 00:16:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd17dc01cfcd44e9b778f2C:\Program Files\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files\ Malwarebytes Anti-Malware \MSVCR100.dll2be0c4cf-3938-11e4-b7e7-001e90b7e486 Error: (09/11/2014 00:16:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd157801cfcd44dd83319aC:\Program Files\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files\ Malwarebytes Anti-Malware \MSVCR100.dll1f6c93b5-3938-11e4-b7e7-001e90b7e486 Error: (09/11/2014 00:15:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdf4401cfcd44ae905498C:\Program Files\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files\ Malwarebytes Anti-Malware \MSVCR100.dllf0a5ca8b-3937-11e4-b7e7-001e90b7e486 CodeIntegrity Errors: =================================== Date: 2012-12-14 00:13:54.314 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-12-14 00:13:25.051 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-12-05 22:54:03.345 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-12-05 22:54:01.820 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-11-06 12:32:46.504 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-11-06 12:28:53.775 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-11-04 12:48:20.727 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-11-03 23:04:12.661 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-11-03 23:02:45.862 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-10-20 21:25:13.728 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz Percentage of memory in use: 57% Total physical RAM: 3326.24 MB Available physical RAM: 1408.22 MB Total Pagefile: 9974.96 MB Available Pagefile: 7684.52 MB Total Virtual: 2047.88 MB Available Virtual: 1902.56 MB ==================== Drives ================================ Drive c: (FestplatteC) (Fixed) (Total:232.79 GB) (Free:48.88 GB) NTFS Drive d: (GRUFT) (Fixed) (Total:149.05 GB) (Free:45.23 GB) NTFS Drive f: (User Manual) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 149.1 GB) (Disk ID: 000982CB) Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F44BF44B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
11.09.2014, 11:26 | #4 |
/// TB-Ausbilder | Keine Installationen und Updates mehr möglich Hattest du mal R-Wipe&Clean auf dem Rechner installiert ? Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade Dir bitte Malwarebytes Anti-Malware
Starte noch einmal FRST.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
11.09.2014, 12:17 | #5 |
| Keine Installationen und Updates mehr möglich Ja, Wipe & Clean war mal drauf. Der Bericht von Adw Cleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 11/09/2014 um 12:44:43 # Aktualisiert 02/09/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzername : Windows 7 - WINDOWS7-PC # Gestartet von : D:\Draft\adwcleaner_3.309.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** [/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien Ordner Gelöscht : C:\Windows\system32\hotspot shield ***** [ Tasks ] ***** Task Gelöscht : BackgroundContainer Startup Task ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SaveByClick_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SaveByClick_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39CB2DBD-DC22-4EB8-89D0-3F24EB24E632} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D72D8FEF-5BFB-4AA5-8A23-6EF69AE565AA} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}] Schlüssel Gelöscht : HKCU\Software\anchorfree Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\ParetoLogic Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BackgroundContainer Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Hotspot_Shield Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKLM\SOFTWARE\Hotspot_Shield Schlüssel Gelöscht : HKLM\SOFTWARE\PIP Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494 ***** [ Browser ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Mozilla Firefox v31.0 (x86 de) [ Datei : C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\81zbvwgh.default\prefs.js ] [ Datei : C:\Users\Windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\ntdstz4m.default-1408919380087\prefs.js ] -\\ Google Chrome v [ Datei : C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4109 octets] - [11/09/2014 12:36:55] AdwCleaner[R1].txt - [4169 octets] - [11/09/2014 12:42:57] AdwCleaner[S0].txt - [3932 octets] - [11/09/2014 12:44:43] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3992 octets] ########## Das Junkware Removal Tool: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows 7 Home Premium x86 Ran by Windows 7 on 11.09.2014 at 12:53:00,67 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\ntdstz4m.default-1408919380087\minidumps [13 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.09.2014 at 12:57:45,67 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes lässt sich leider wie zuvor nicht starten. Wenn ich auf den Suchlauf gehe, bricht das Programm mittendrin ab. Die FRST. txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-09-2014 Ran by Windows 7 (administrator) on WINDOWS7-PC on 11-09-2014 13:02:45 Running from D:\Draft Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (PACE Anti-Piracy, Inc.) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe (pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Zhorn Software) C:\Program Files\Stickies\fff.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-2494939295-118947492-3605075000-1001\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com) HKU\S-1-5-21-2494939295-118947492-3605075000-1001\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company) Startup: C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\fff.exe (Zhorn Software) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) BootExecute: autocheck autochk * RwcLkRen C:\Windows\system32\RwcLkCfgsdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD3742AD29B85CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265 SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - {F3D27D94-9B5A-464E-98D7-BF88A0D63F86} URL = hxxp://www.google.de/search?q={searchTerms} Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\ntdstz4m.default-1408919380087 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\discogs.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\soundcloud.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\urban-dictionary.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wikipedia-eng.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\youtube-videosuche.xml FF Extension: Classic Theme Restorer - C:\Users\Windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\ntdstz4m.default-1408919380087\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-08-25] FF Extension: QuickNote - C:\Users\Windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\ntdstz4m.default-1408919380087\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2014-08-25] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-26] FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-10-05] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR CustomProfile: C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Kaboom) - C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\beahobhgpojnjfdjglaehfhdanaioode [2014-03-22] CHR Extension: (YouTube) - C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-12] CHR Extension: (Google Search) - C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-12] CHR Extension: (No Name) - C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkjmpobpbjjjfajbalampbnjmbnefki [2013-01-22] CHR Extension: (Gmail) - C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-12] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-18] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-18] (AVAST Software) R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2304912 2011-07-06] (WIBU-SYSTEMS AG) R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-18] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-18] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-18] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-18] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-18] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-18] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-18] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-18] () R3 FETND6V; C:\Windows\System32\DRIVERS\fetnd6v.sys [43520 2008-09-22] (VIA Technologies, Inc. ) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. ) S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [46680 2011-07-07] (Focusrite Audio Engineering Limited.) S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\WINDOW~1\AppData\Local\Temp\catchme.sys [X] S3 cleanhlp; \??\C:\EEK\Run\cleanhlp32.sys [X] S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x86\Sandra.sys [X] S3 taphss; system32\DRIVERS\taphss.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-11 12:57 - 2014-09-11 12:57 - 00000802 _____ () C:\Users\Windows 7\Desktop\JRT.txt 2014-09-11 12:50 - 2014-09-11 12:50 - 00000000 ____D () C:\Windows\ERUNT 2014-09-11 12:36 - 2014-09-11 12:44 - 00000000 ____D () C:\AdwCleaner 2014-09-11 09:29 - 2014-09-11 09:29 - 318922021 _____ () C:\Windows\MEMORY.DMP 2014-09-11 09:29 - 2014-09-11 09:29 - 00153728 _____ () C:\Windows\Minidump\091114-40607-01.dmp 2014-09-11 09:09 - 2014-09-11 12:45 - 00000666 _____ () C:\Windows\PFRO.log 2014-09-11 00:47 - 2012-05-04 19:29 - 00772504 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2014-09-11 00:47 - 2012-05-04 19:29 - 00687504 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2014-09-11 00:35 - 2014-09-11 13:02 - 00000000 ____D () C:\FRST 2014-09-11 00:26 - 2014-09-11 00:26 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf 2014-09-11 00:26 - 2012-04-04 12:26 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia 2014-09-11 00:26 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-09-11 00:26 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-09-11 00:23 - 2013-02-28 13:19 - 20541216 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll 2014-09-11 00:23 - 2013-02-28 13:19 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-09-11 00:23 - 2013-02-28 13:19 - 08950048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-09-11 00:23 - 2013-02-28 13:19 - 07959000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-09-11 00:23 - 2013-02-28 13:19 - 06271872 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-09-11 00:23 - 2013-02-28 13:19 - 02730784 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-09-11 00:23 - 2013-02-28 13:19 - 01995552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-09-11 00:23 - 2013-02-28 13:19 - 01012512 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3231414.dll 2014-09-11 00:23 - 2013-02-28 13:19 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3231414.dll 2014-09-11 00:21 - 2014-09-11 12:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-11 00:21 - 2014-09-11 00:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-11 00:21 - 2014-09-11 00:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-11 00:16 - 2014-09-11 13:02 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-11 00:16 - 2014-09-11 00:16 - 00001031 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-11 00:16 - 2014-09-11 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-11 00:16 - 2014-09-11 00:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-11 00:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-11 00:16 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-11 00:16 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-10 23:54 - 2014-09-11 00:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-10 23:54 - 2014-09-11 00:00 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-09-10 23:54 - 2014-09-10 23:54 - 00002102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-09-10 23:54 - 2014-09-10 23:54 - 00002090 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-09-10 23:54 - 2014-09-10 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-09-10 23:54 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe 2014-09-10 14:40 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 14:40 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 14:40 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 14:40 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 14:40 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 14:40 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 14:40 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 14:40 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 14:40 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-09-10 14:40 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 14:40 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 14:40 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-09-10 14:40 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-09-10 14:39 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 13:33 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 13:33 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 13:33 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 13:33 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 12:45 - 2014-09-10 12:45 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\Cycling '74 2014-09-10 12:32 - 2014-09-10 12:35 - 00000000 ____D () C:\Users\TEMP 2014-09-10 12:21 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 12:08 - 2014-09-10 12:08 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-09-09 19:56 - 2014-09-09 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-09-09 15:57 - 2014-09-10 12:06 - 00000000 ____D () C:\NVIDIA 2014-09-09 15:27 - 2014-09-09 15:27 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\EasySettingBox 2014-09-09 15:26 - 2014-09-09 19:56 - 00000000 ____D () C:\Program Files\Samsung 2014-09-09 15:24 - 2014-09-10 13:22 - 00000000 ____D () C:\Program Files\MonitorDriver 2014-09-09 15:24 - 2014-09-09 15:24 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\InstallShield 2014-09-03 10:32 - 2014-09-11 12:52 - 00000952 _____ () C:\Windows\setupact.log 2014-09-03 10:32 - 2014-09-03 10:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-02 13:10 - 2014-09-02 13:10 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\OpenOffice 2014-09-02 13:09 - 2014-09-02 13:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2014-09-02 13:09 - 2014-09-02 13:09 - 00000000 ____D () C:\Program Files\OpenOffice 4 2014-08-30 21:20 - 2014-08-30 21:20 - 00000000 ____D () C:\Users\Public\Foxit Software 2014-08-30 21:20 - 2014-08-30 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2014-08-28 10:49 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 10:49 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-18 02:34 - 2014-08-18 02:34 - 00000000 ____D () C:\Users\Windows 7\Documents\OFX Presets 2014-08-13 19:06 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-13 19:06 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-13 19:06 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-13 19:06 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-13 12:38 - 2014-07-24 19:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon(100).dll 2014-08-13 12:38 - 2014-07-24 19:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet(102).dll 2014-08-13 12:38 - 2014-07-24 19:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil(91).dll 2014-08-13 12:38 - 2014-07-24 19:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled(96).dll 2014-08-13 12:38 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-13 12:38 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-13 12:38 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-13 12:38 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-13 12:38 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-13 12:38 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-13 12:38 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-13 12:38 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale(93).nls 2014-08-13 12:38 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-13 12:38 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-13 12:38 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-08-13 12:38 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-13 12:38 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-13 12:38 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-13 12:38 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-13 12:38 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-11 13:02 - 2014-09-11 00:35 - 00000000 ____D () C:\FRST 2014-09-11 13:02 - 2014-09-11 00:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-11 12:59 - 2009-07-14 06:34 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-11 12:59 - 2009-07-14 06:34 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-11 12:57 - 2014-09-11 12:57 - 00000802 _____ () C:\Users\Windows 7\Desktop\JRT.txt 2014-09-11 12:52 - 2014-09-03 10:32 - 00000952 _____ () C:\Windows\setupact.log 2014-09-11 12:52 - 2011-11-29 22:50 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\stickies 2014-09-11 12:52 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-11 12:51 - 2014-07-06 10:33 - 01811520 _____ () C:\Windows\WindowsUpdate.log 2014-09-11 12:50 - 2014-09-11 12:50 - 00000000 ____D () C:\Windows\ERUNT 2014-09-11 12:45 - 2014-09-11 09:09 - 00000666 _____ () C:\Windows\PFRO.log 2014-09-11 12:44 - 2014-09-11 12:36 - 00000000 ____D () C:\AdwCleaner 2014-09-11 12:11 - 2014-09-11 00:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-11 09:29 - 2014-09-11 09:29 - 318922021 _____ () C:\Windows\MEMORY.DMP 2014-09-11 09:29 - 2014-09-11 09:29 - 00153728 _____ () C:\Windows\Minidump\091114-40607-01.dmp 2014-09-11 09:29 - 2011-12-02 00:15 - 00000000 ____D () C:\Windows\Minidump 2014-09-11 00:45 - 2014-02-05 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-11 00:26 - 2014-09-11 00:26 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-09-11 00:26 - 2014-09-11 00:26 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf 2014-09-11 00:26 - 2011-10-07 18:10 - 00000000 ____D () C:\Temp 2014-09-11 00:25 - 2011-10-07 16:07 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-11 00:21 - 2014-09-11 00:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-11 00:21 - 2014-09-11 00:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-11 00:21 - 2011-10-10 11:19 - 00000000 ____D () C:\Users\Windows 7\AppData\Local\Adobe 2014-09-11 00:16 - 2014-09-11 00:16 - 00001031 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-11 00:16 - 2014-09-11 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-11 00:16 - 2014-09-11 00:16 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-11 00:13 - 2011-12-18 13:52 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\Malwarebytes 2014-09-11 00:13 - 2011-12-18 13:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-11 00:04 - 2014-09-10 23:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-11 00:00 - 2014-09-10 23:54 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-09-10 23:57 - 2012-01-30 14:05 - 00000000 ____D () C:\Users\Windows 2014-09-10 23:54 - 2014-09-10 23:54 - 00002102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-09-10 23:54 - 2014-09-10 23:54 - 00002090 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-09-10 23:54 - 2014-09-10 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-09-10 21:17 - 2014-09-10 21:17 - 00019642 _____ () C:\Users\Windows 7\Desktop\Hotline Bewerbung.odt 2014-09-10 16:58 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-10 15:17 - 2013-11-27 13:27 - 02392648 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-10 15:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-10 14:39 - 2013-08-14 19:53 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 14:36 - 2011-10-07 16:23 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 14:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-09-10 13:30 - 2011-10-07 15:33 - 01594028 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-10 13:23 - 2011-10-07 15:31 - 00000000 ____D () C:\Users\Windows 7 2014-09-10 13:22 - 2014-09-09 15:24 - 00000000 ____D () C:\Program Files\MonitorDriver 2014-09-10 13:22 - 2013-11-14 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-09-10 13:22 - 2012-11-17 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-09-10 13:22 - 2012-02-16 12:36 - 00000000 ____D () C:\Users\Windows\AppData\Roaming\Winamp 2014-09-10 13:22 - 2012-01-30 14:07 - 00000000 ____D () C:\Users\Windows\AppData\Roaming\Mozilla 2014-09-10 13:22 - 2012-01-30 14:05 - 00000000 ___RD () C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-09-10 13:22 - 2012-01-30 14:05 - 00000000 ___RD () C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-09-10 13:22 - 2011-11-30 19:19 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\vlc 2014-09-10 13:22 - 2011-10-07 16:07 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-09-10 13:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-09-10 13:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas 2014-09-10 13:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2014-09-10 13:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-09-10 13:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help 2014-09-10 12:45 - 2014-09-10 12:45 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\Cycling '74 2014-09-10 12:35 - 2014-09-10 12:32 - 00000000 ____D () C:\Users\TEMP 2014-09-10 12:08 - 2014-09-10 12:08 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-09-10 12:06 - 2014-09-09 15:57 - 00000000 ____D () C:\NVIDIA 2014-09-09 19:56 - 2014-09-09 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-09-09 19:56 - 2014-09-09 15:26 - 00000000 ____D () C:\Program Files\Samsung 2014-09-09 15:27 - 2014-09-09 15:27 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\EasySettingBox 2014-09-09 15:24 - 2014-09-09 15:24 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\InstallShield 2014-09-06 01:14 - 2012-11-04 15:35 - 00001456 _____ () C:\Users\Windows 7\AppData\Local\Adobe Save for Web 12.0 Prefs 2014-09-06 00:50 - 2013-11-28 00:27 - 00134280 _____ () C:\Users\Windows 7\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-03 10:32 - 2014-09-03 10:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-02 13:10 - 2014-09-02 13:10 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\OpenOffice 2014-09-02 13:09 - 2014-09-02 13:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2014-09-02 13:09 - 2014-09-02 13:09 - 00000000 ____D () C:\Program Files\OpenOffice 4 2014-08-31 10:33 - 2013-03-24 19:49 - 00000000 ____D () C:\Users\Windows 7\AppData\Roaming\Media Player Classic 2014-08-30 21:20 - 2014-08-30 21:20 - 00000000 ____D () C:\Users\Public\Foxit Software 2014-08-30 21:20 - 2014-08-30 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2014-08-30 21:20 - 2011-12-01 02:28 - 00000936 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-08-30 21:20 - 2011-12-01 02:28 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-30 21:20 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-08-30 21:13 - 2012-02-21 11:15 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-08-23 03:46 - 2014-08-28 10:49 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 02:42 - 2014-08-28 10:49 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-18 20:52 - 2014-05-31 13:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-18 14:21 - 2011-11-22 23:16 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-08-18 02:34 - 2014-08-18 02:34 - 00000000 ____D () C:\Users\Windows 7\Documents\OFX Presets 2014-08-15 16:51 - 2014-09-10 14:40 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-15 16:42 - 2014-09-10 14:40 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-15 16:42 - 2014-09-10 14:40 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-15 16:37 - 2014-09-10 14:40 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-15 16:37 - 2014-09-10 14:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-15 16:36 - 2014-09-10 14:40 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-15 16:35 - 2014-09-10 14:40 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-15 16:35 - 2014-09-10 14:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-15 16:35 - 2014-09-10 14:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-15 16:34 - 2014-09-10 14:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-15 16:34 - 2014-09-10 14:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-15 16:34 - 2014-09-10 14:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-15 16:34 - 2014-09-10 14:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-15 16:34 - 2014-09-10 12:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll Some content of TEMP: ==================== C:\Users\Windows 7\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\Windows 7\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Windows 7\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Windows 7\AppData\Local\Temp\nvStInst.exe C:\Users\Windows 7\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-06 22:35 ==================== End Of Log ============================ --- --- --- |
11.09.2014, 12:57 | #6 |
/// TB-Ausbilder | Keine Installationen und Updates mehr möglich Schritt 1: Deinstallation von Programmen:
Erst nach Neustart: Lade dir MBAM Clean herunter und führ es aus. Falls eine Meldung mit "SHGetValue failed with error code 0" kommt, weitermachen. Das Programm fordert einen Neustart an, bitte durchführen. Und danach: Downloade Dir bitte Malwarebytes Anti-Malware
__________________ --> Keine Installationen und Updates mehr möglich |
11.09.2014, 13:22 | #7 |
| Keine Installationen und Updates mehr möglich Leider ist alles beim Alten geblieben. Ich kann das Programm installieren, aber sobald ich es aufrufe und es versucht ein Update zu starten, stürzt es ab. |
11.09.2014, 14:39 | #8 |
/// TB-Ausbilder | Keine Installationen und Updates mehr möglich
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
11.09.2014, 14:56 | #9 |
| Keine Installationen und Updates mehr möglich |
11.09.2014, 15:50 | #10 |
/// TB-Ausbilder | Keine Installationen und Updates mehr möglich Dann schauen wir kurz mit GMER: Bitte lade dir GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
11.09.2014, 16:14 | #11 |
| Keine Installationen und Updates mehr möglich Da ist der Log: GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-09-11 17:11:27 Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-0 SAMSUNG_HD252HJ rev.1AC01113 232,89GB Running: ktcx3byi.exe; Driver: C:\Users\WINDOW~1\AppData\Local\Temp\fwtyikow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8C337BA6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8C338684] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8C3446F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8C344744] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8C3448DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8C344666] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8BF3ADF0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8C3446AE] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8BF3B080] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8BF3B16A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8C344898] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8C339472] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8C337C0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8C33CC68] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8C3377F8] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8BF3AED0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8C337C72] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8C33D05E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8C339F5A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8C344722] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8C344766] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8C344902] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8C34468C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8C33C560] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8C344816] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8C3446D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8C33C94C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8C3448BC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8BF3AC6E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8C339DCE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8C339ADC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8C337CD8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8C337D3E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8BF3AFCC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8C337892] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8C337A64] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8C3379F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8C33963C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8C33979E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8C337AEC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8BF3AD3C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8C3392CC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8C337DA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8BF3ABA0] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1409 8208A9A5 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 820AA512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 1393 820B1988 4 Bytes [A6, 7B, 33, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 141B 820B1A10 4 Bytes [84, 86, 33, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 146F 820B1A64 8 Bytes [F8, 46, 34, 8C, 44, 47, 34, ...] {CLC ; INC ESI; XOR AL, 0x8c; INC ESP; INC EDI; XOR AL, 0x8c} .text ntoskrnl.exe!KeRemoveQueueEx + 147B 820B1A70 4 Bytes [DE, 48, 34, 8C] .text ntoskrnl.exe!KeRemoveQueueEx + 1497 820B1A8C 4 Bytes [66, 46, 34, 8C] {INC SI; XOR AL, 0x8c} .text ... PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 822651C1 4 Bytes CALL 8C33A641 \SystemRoot\system32\drivers\aswSnx.sys PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 822A1EFD 4 Bytes CALL 8C33A657 \SystemRoot\system32\drivers\aswSnx.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[412] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text C:\Windows\system32\wininit.exe[476] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text C:\Windows\system32\csrss.exe[488] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text C:\Windows\system32\services.exe[528] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text C:\Windows\system32\lsass.exe[548] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1412] kernel32.dll!SetUnhandledExceptionFilter 76B6F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1412] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1572] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text C:\Windows\system32\svchost.exe[1600] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1688] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text D:\Draft\ktcx3byi.exe[1716] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\avastui.exe[3372] kernel32.dll!SetUnhandledExceptionFilter 76B6F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\avastui.exe[3372] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[3488] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3560] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[3720] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[4092] kernel32.dll!GetBinaryTypeW + 70 76B86AAC 1 Byte [62] .text ... ---- EOF - GMER 2.1 ---- |
11.09.2014, 18:31 | #12 |
/// TB-Ausbilder | Keine Installationen und Updates mehr möglich Hmm nix ungewöhnliches. Mach mal einen ESET Scan, der dauert lang. ESET Online Scanner
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
11.09.2014, 22:08 | #13 |
| Keine Installationen und Updates mehr möglich Voila: ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internet# version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7587 # api_version=3.0.2 # EOSSerial=83298a7f1666444aba2c950008038a8b # engine=18498 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-05-31 01:45:24 # local_time=2014-05-31 03:45:24 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 100 97 106427 165964414 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 0 153175115 0 0 # scanned=144870 # found=8 # cleaned=8 # scan_time=6384 sh=E1A8185A5C1B7BDA0DD3DA7E580C2C1DFCFED60A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Windows 7\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\62e327ca-1a8e5b40" sh=E1A8185A5C1B7BDA0DD3DA7E580C2C1DFCFED60A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Windows 7\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\62e327ca-69769d80" sh=18BFC6F1B1991C360CDFFD213D404079546B4D6C ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Windows 7\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4926c31b-7c0b7d9f" sh=C8CBA85BBAB2DB85E803CDCBDD7BB81223F62BDC ft=1 fh=ef5c9b08e8a9305e vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Windows 7\AppData\Roaming\Mozilla\Firefox\Profiles\uwyw5m4j.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\Plugins\npConduitFirefoxPlugin.dll" sh=11FDCAD1A22AB86523C5BFB35B9BE851FDFE7C50 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WINDOWS7-PC\Backup Set 2014-05-11 203327\Backup Files 2014-05-11 203327\Backup files 5.zip" sh=F67FA4589E7AC06E54F8E4CC00F48FE7E0854D6B ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WINDOWS7-PC\Backup Set 2014-05-11 203327\Backup Files 2014-05-11 203327\Backup files 7.zip" sh=18C4F1F539F89454BF33E8BA87071D5F65061E70 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WINDOWS7-PC\Backup Set 2014-05-25 200700\Backup Files 2014-05-25 200700\Backup files 5.zip" sh=C6632368477C11FC83174987184EDD38C43F6E97 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\WINDOWS7-PC\Backup Set 2014-05-25 200700\Backup Files 2014-05-25 200700\Backup files 7.zip" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=83298a7f1666444aba2c950008038a8b # engine=20112 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-09-11 09:02:29 # local_time=2014-09-11 11:02:29 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 100 97 121043 174889839 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 31707 162100540 0 0 # scanned=232048 # found=0 # cleaned=0 # scan_time=8616 |
12.09.2014, 09:18 | #14 |
/// TB-Ausbilder | Keine Installationen und Updates mehr möglich Hm ok, in der Anleitung stand zwar, das der ESET keine Funde löschen soll, aber ok. Wie schaut es momentan aus mit Updates ? Funktioniert es inzwischen ? Wie verhält es sich mit surfen usw. gibt es dort auch Störungen ?
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
Themen zu Keine Installationen und Updates mehr möglich |
abgebrochen, andere, avast, board, ergebnis, flash, flash player, funktionier, funktioniert, hoffe, installationen, keine installationen, malwarebytes, player, problem, programme, scans, spybot, system, threats, troja, trojaner, trojaner board, update, updates |