![]() |
|
Plagegeister aller Art und deren Bekämpfung: Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... Hallo, Ich habe blöderweise auf einen in einer gefälschten DHL Mail enthaltenen Link geklickt, der mich auf eine fremde Website geleitet hat. Habe halt eine Sekunde nicht aufgepasst und schon war es passiert. Nun weiß ich nicht, ob ich was eingefangen habe, oder ob Firefox die Elemente auf der fremden Site geblockt hat. Ich habe den Computer bisher nicht neu gebootet. Betriebssystem Win 7 32 bit Vielen Dank für Eure Hilfe! Hier das File von Farbars Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2015 Ran by Marc (administrator) on C*** on 03-06-2015 21:03:58 Running from C:\Users\Marc\Desktop Loaded Profiles: Marc & UpdatusUser (Available Profiles: Caroline *** & Marc & UpdatusUser) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe () C:\Program Files\ShrewSoft\VPN Client\iked.exe () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe () C:\Windows\System32\Rezip.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Avira Operations GmbH & Co. KG) C:\Users\Marc\AppData\Local\Temp\cleaner\avwebloader.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Users\Marc\AppData\Local\Temp\cleaner\eucleaner\setup\cleaner.exe (Avira Operations GmbH & Co. KG) C:\Users\Marc\AppData\Local\Temp\cleaner\eucleaner\setup\avscan.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-15] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated) HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM\...\Run: [APLangApp] => C:\Program Files\AnyPC Client\APLangApp.exe [13312 2009-11-20] (DoctorSoft) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [] => [X] HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.) HKLM\...\Run: [NWEReboot] => [X] HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2004360 2015-04-23] (APN) HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.) HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.) HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.) HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2629632 2010-12-23] (Brother Industries, Ltd.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2339853823-2107313754-116825072-1006\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-2339853823-2107313754-116825072-1006\...\MountPoints2: {a253fd9b-317b-11df-a1e6-806e6f6e6963} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\menu.hta HKU\S-1-5-21-2339853823-2107313754-116825072-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2339853823-2107313754-116825072-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.) BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation) BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.) Toolbar: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.) Toolbar: HKU\S-1-5-21-2339853823-2107313754-116825072-1006 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-09] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{1C0B4772-79CB-4791-9072-D4AFCB7A665F}: [NameServer] 132.252.3.10,132.252.1.7 FireFox: ======== FF ProfilePath: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\e5dt77zp.default FF Homepage: hxxp://www.hr-online.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-16] () FF Plugin: @cambridgesoft.com/Chem3D,version=11.0 -> C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll [2007-06-22] (CambridgeSoft Corp.) FF Plugin: @cambridgesoft.com/ChemDraw,version=11.0 -> C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll [2007-06-22] (CambridgeSoft Corp.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\windows\system32\npdeployJava1.dll [2015-01-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-26] (Apple Inc.) FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\e5dt77zp.default\searchplugins\avira-safesearch.xml [2015-02-26] FF Extension: Avira Browser Safety - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\e5dt77zp.default\Extensions\abs@avira.com [2015-05-29] FF Extension: Avira SafeSearch - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\e5dt77zp.default\Extensions\safesearch@avira.com [2015-04-27] Chrome: ======= CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-04-28] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-07] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-23] (APN LLC.) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [49152 2009-11-15] () [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-06-27] (Macrovision Europe Ltd.) [File not signed] R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries) R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [716800 2009-11-15] () [File not signed] R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [536576 2009-11-15] () [File not signed] R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [107400 2015-05-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2015-05-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-07] (Avira Operations GmbH & Co. KG) R0 sfvfs02; C:\windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce)) R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-27] (Avira GmbH) R1 vflt; C:\windows\System32\DRIVERS\vfilter.sys [17408 2009-11-19] (Shrew Soft Inc) S3 vnet; C:\windows\System32\DRIVERS\virtualnet.sys [9728 2009-11-19] (Shrew Soft Inc) R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-03 21:02 - 2015-06-03 21:03 - 00038670 _____ C:\Users\Marc\Desktop\Addition.txt 2015-06-03 21:00 - 2015-06-03 21:04 - 00000000 ____D C:\FRST 2015-06-03 21:00 - 2015-06-03 21:03 - 00019608 _____ C:\Users\Marc\Desktop\FRST.txt 2015-06-03 20:59 - 2015-06-03 20:59 - 01147392 _____ (Farbar) C:\Users\Marc\Desktop\FRST.exe 2015-06-03 20:57 - 2015-06-03 20:58 - 00000470 _____ C:\Users\Marc\Desktop\defogger_disable.log 2015-06-03 20:57 - 2015-06-03 20:57 - 00000000 _____ C:\Users\Marc\defogger_reenable 2015-06-03 20:55 - 2015-06-03 20:56 - 00050477 _____ C:\Users\Marc\Desktop\Defogger.exe 2015-06-03 19:14 - 2015-06-03 19:14 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk 2015-06-02 20:02 - 2015-06-02 20:02 - 00000000 ____D C:\Users\Caroline ***\AppData\Local\GWX 2015-06-01 18:37 - 2015-06-01 18:37 - 00000000 ____D C:\Users\Marc\AppData\Local\GWX 2015-05-25 20:39 - 2015-05-25 20:39 - 59517393 _____ C:\Users\Marc\Desktop\befragung-einer-8-realschulklasse-und-einer8-hauptschulkla-b98fhavqvrqd.zip 2015-05-20 20:44 - 2015-05-20 20:44 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Thunderbird 2015-05-20 20:44 - 2015-05-20 20:44 - 00000000 ____D C:\Users\Marc\AppData\Local\Thunderbird 2015-05-20 20:43 - 2015-05-20 20:43 - 00002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2015-05-20 20:43 - 2015-05-20 20:43 - 00002032 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2015-05-20 20:43 - 2015-05-20 20:43 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2015-05-20 20:39 - 2015-05-20 20:39 - 01196832 _____ C:\Users\Marc\Downloads\Thunderbird - CHIP-Installer.exe 2015-05-20 20:31 - 2015-05-20 20:32 - 28745048 _____ (Mozilla) C:\Users\Marc\Downloads\Thunderbird Setup 31.7.0.exe 2015-05-19 21:44 - 2015-05-19 21:44 - 00000000 ____D C:\windows\system32\IPM 2015-05-18 20:27 - 2015-06-03 18:39 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-05-16 15:10 - 2015-05-16 15:10 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Marc\Downloads\flashplayer17au_ha_install.exe 2015-05-15 23:21 - 2015-05-15 23:21 - 00001069 _____ C:\Users\Public\Desktop\MindManager Smart.lnk 2015-05-15 23:21 - 2015-05-15 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MindManager Smart 2015-05-15 23:06 - 2015-05-15 23:06 - 00000000 ____D C:\Program Files\Mindjet 2015-05-15 21:32 - 2015-05-15 21:32 - 04387772 _____ C:\Users\Marc\Downloads\mmsm21-g-3.exe 2015-05-15 21:29 - 2015-05-15 21:29 - 01967210 _____ C:\Users\Marc\Desktop\JIM.pptx 2015-05-12 23:25 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-12 21:47 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-05-12 21:47 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-05-12 21:47 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2015-05-12 21:47 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-05-12 21:47 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-05-12 21:47 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2015-05-12 21:47 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2015-05-12 21:47 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-05-12 21:47 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2015-05-12 21:47 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-05-12 21:47 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-05-12 21:47 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2015-05-12 21:47 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-05-12 21:47 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-05-12 21:47 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-05-12 21:47 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2015-05-12 21:47 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2015-05-12 21:47 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2015-05-12 21:47 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-05-12 21:47 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2015-05-12 21:47 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2015-05-12 21:47 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-05-12 21:47 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-05-12 21:47 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-05-12 21:47 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-05-12 21:47 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-05-12 21:47 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-05-12 21:47 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2015-05-12 21:47 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-05-12 21:47 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-05-12 21:47 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-05-12 21:47 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2015-05-12 21:46 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll 2015-05-12 21:45 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe 2015-05-12 21:45 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-05-12 21:45 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-05-12 21:45 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2015-05-12 21:45 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2015-05-12 21:45 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll 2015-05-12 21:45 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll 2015-05-12 21:45 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-05-12 21:45 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2015-05-12 21:45 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2015-05-12 21:45 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2015-05-12 21:45 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2015-05-12 21:45 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll 2015-05-12 21:45 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2015-05-12 21:45 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-05-12 21:45 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2015-05-12 21:45 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2015-05-12 21:45 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-05-12 21:45 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2015-05-12 21:45 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-05-12 21:45 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe 2015-05-12 21:45 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-05-12 21:45 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\logman.exe 2015-05-12 21:45 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2015-05-12 21:45 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe 2015-05-12 21:45 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2015-05-12 21:45 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\relog.exe 2015-05-12 21:45 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2015-05-12 21:45 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2015-05-12 21:45 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2015-05-12 21:45 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe 2015-05-12 21:45 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-05-12 21:45 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2015-05-12 21:45 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-05-12 21:45 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2015-05-12 21:45 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll 2015-05-12 21:44 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-05-12 21:44 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2015-05-12 21:44 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll 2015-05-12 21:44 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-05-12 21:44 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2015-05-12 21:43 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe 2015-05-12 21:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll 2015-05-12 21:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll 2015-05-12 21:43 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll 2015-05-12 21:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe 2015-05-12 21:42 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll 2015-05-12 21:42 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll 2015-05-12 21:38 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-03 21:03 - 2009-07-14 06:34 - 00023328 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-03 21:03 - 2009-07-14 06:34 - 00023328 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-03 20:57 - 2013-10-26 12:49 - 00000000 ____D C:\Users\Marc 2015-06-03 20:57 - 2013-07-27 21:54 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2015-06-03 20:25 - 2014-01-03 18:15 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-03 20:12 - 2014-01-03 18:15 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-03 19:14 - 2010-03-05 06:56 - 00000000 ____D C:\Program Files\Google 2015-06-03 18:39 - 2013-03-12 20:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-06-03 18:36 - 2013-10-26 12:49 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2015-06-03 18:33 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-06-03 18:33 - 2009-07-14 06:39 - 00187073 _____ C:\windows\setupact.log 2015-06-02 22:11 - 2010-03-05 06:29 - 02081827 _____ C:\windows\WindowsUpdate.log 2015-06-02 20:03 - 2010-06-27 13:18 - 00000000 ____D C:\Users\Caroline ***\AppData\Roaming\EndNote 2015-06-02 20:01 - 2010-06-25 20:31 - 00000000 ____D C:\Users\Caroline ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2015-05-31 19:08 - 2009-07-14 06:53 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT 2015-05-31 11:51 - 2009-07-26 22:06 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI 2015-05-20 21:15 - 2015-04-04 23:03 - 00000000 ___SD C:\windows\system32\GWX 2015-05-20 19:53 - 2010-03-05 07:55 - 00982948 _____ C:\windows\PFRO.log 2015-05-16 15:11 - 2014-08-19 22:10 - 00000000 ____D C:\Users\Marc\AppData\Local\Adobe 2015-05-16 15:11 - 2013-07-27 21:54 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2015-05-16 15:11 - 2013-07-27 21:54 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2015-05-15 10:18 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache 2015-05-13 23:10 - 2010-03-06 00:03 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-13 22:40 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET 2015-05-13 19:59 - 2009-07-14 06:33 - 00425312 _____ C:\windows\system32\FNTCACHE.DAT 2015-05-13 19:57 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE 2015-05-13 19:57 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\AdvancedInstallers 2015-05-12 23:25 - 2010-06-25 20:38 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-05-12 23:22 - 2013-10-25 00:47 - 00000000 ____D C:\windows\system32\MRT 2015-05-12 23:15 - 2010-06-28 23:21 - 137310008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-05-12 23:11 - 2013-07-27 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-12 23:11 - 2010-06-25 20:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-07 19:29 - 2013-07-27 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-07 19:27 - 2013-07-27 21:39 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2015-05-07 19:27 - 2013-07-27 21:39 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2015-05-07 19:27 - 2013-07-27 21:39 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys ==================== Files in the root of some directories ======= 2013-10-30 20:00 - 2014-06-29 10:02 - 0000155 _____ () C:\Users\Marc\AppData\Roaming\default.rss 2010-06-25 20:32 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2010-03-05 06:36 - 2010-03-05 06:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-03-05 06:35 - 2010-03-05 06:35 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log 2010-03-05 06:32 - 2010-03-05 06:33 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-03-05 06:36 - 2010-03-05 06:36 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2010-03-05 06:31 - 2010-03-05 06:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-03-05 06:33 - 2010-03-05 06:35 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Some files in TEMP: ==================== C:\Users\Caroline\AppData\Local\Temp\AskSLib.dll C:\Users\Caroline\AppData\Local\Temp\avgnt.exe C:\Users\Caroline\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe C:\Users\Caroline\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\Caroline\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Caroline\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Caroline\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Caroline\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\Caroline\AppData\Local\Temp\tmp2184.exe C:\Users\Caroline\AppData\Local\Temp\tmp421E.exe C:\Users\Caroline\AppData\Local\Temp\tmp4568.exe C:\Users\Caroline\AppData\Local\Temp\_is241.exe C:\Users\Marc\AppData\Local\Temp\avgnt.exe C:\Users\Marc\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Marc\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Marc\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Marc\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Marc\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Marc\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Marc\AppData\Local\Temp\_is476B.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-03 19:14 ==================== End of log ============================ Geändert von Marc.223 (03.06.2015 um 21:01 Uhr) |
Themen zu Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden... |
.dll, administrator, adobe, antivir, avira, browser, computer, defender, explorer, firefox, flash player, google, home, homepage, mozilla, realtek, registry, rundll, scan, secur, software, svchost.exe, temp, windows, winlogon.exe |