|
Log-Analyse und Auswertung: CPU-Auslastung sehr hochWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.06.2013, 20:54 | #1 |
| CPU-Auslastung sehr hoch Guten Abend, mein Laptop läuft seit zwei oder drei Tagen nur sehr langsam. Ich habe festgestellt, dass meine CPU-Auslastung sehr hoch ist, vorallem wenn ich im Internet bin, dann beläuft sie sich zwischen 80 - 100%. Wenn ich auf Youtube bin ist sie zwischen 90 und 100% Ich nutze Firefox als Browser, habe aber auch den Internet Explorer und Chrome ausprobiert, da herrscht das selbe Problem. Wenn ich den Browser schließe ist sie meiner Meinung nach immer noch hoch. So ist sie bei der Nutzung des Windows Media Players zwischen 20 und 70%. Ich habe leider nicht viel Ahnung von Computern, deshalb kann ich das schlecht einschätzen. Bei Avast habe ich gestern eine vollständige Prüfung laufen lassen, aber er hat nichts gefunden und mir auch sonst keine Meldungen gegeben. Das gehäuse meines Laptops habe ich letzte Woche gereinigt, falls das ein Grund sein könnte. Ich hatte letztes Jahr den GEMA-Trojaner auf dem Laptop, habe ihn danach aber Formatieren lassen (ich hoffe das heißt so. Vista wurde auf jeden Fall neu draufgespielt.) Ansonsten hatte ich Anfang des Jahres auch einen Virus, ich weiß aber nicht welchen, den Avast erkannt und (hoffentlich) beseitigt hat. Zumindest hatte ich danach keine Probleme. Er zeigt mir manchmal an, dass es einen Fehler mit der Grafikkarte geben würde (oder so ähnlich), aber ich denke das liegt daran, dass ich einen Wackelkontakt im Bildschirm habe. Als ich die Logs erstellt habe, gab es ein Problem mit dem Gmer. Ich bekam die Meldung: "Gmer funktioniert nicht mehr. Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und sie werden benarichtigt, wenn eine Lösung verfügbar ist." Ich habe es dann noch einmal probiert und dann ging es. Wie gesagt ich habe nicht viel Ahnung von Computern und verstehe auch die Sprache manchmal nicht. Ich bedanke mich schonmal für die Hilfe. Viele Grüße Achso die Gmer-Datei kann ich nicht hochladen, er sagt mir, dass sie zu groß ist. Wie soll ich da jetzt verfahren? |
28.06.2013, 04:19 | #2 |
/// the machine /// TB-Ausbilder | CPU-Auslastung sehr hoch Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
28.06.2013, 06:39 | #3 |
| CPU-Auslastung sehr hoch Hallo,
__________________Danke für die schnelle Hilfe. Hier die beiden Dateien. FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-06-2013 Ran by NadineS (administrator) on 28-06-2013 07:28:57 Running from C:\Users\NadineS\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Agere Systems) C:\Windows\system32\agrsmsvc.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Acer\Mobility Center\MobilityService.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () C:\Program Files\Cyberlink\Shared files\RichVideo.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe () C:\Windows\PLFSetI.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (Realtek Semiconductor Corp.) C:\Users\NadineS\AppData\Local\Temp\RtkBtMnt.exe (Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Bandoo Media, inc) C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Acer Inc.) C:\Program Files\Acer\Acer VCM\acp2HID.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (acer) C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-02-22] (Synaptics, Inc.) HKLM\...\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [34040 2008-04-06] () HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13535776 2008-04-03] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-04-03] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [Skytel] Skytel.exe [x] HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2007-10-23] () HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe [793096 2008-04-01] (Dritek System Inc.) HKLM\...\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [544768 2008-03-07] (Acer Incorporated) HKLM\...\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated) HKLM\...\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-30] (Acer Inc.) HKLM\...\Run: [eRecoveryService] [x] HKLM\...\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [147456 2008-04-10] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [167936 2008-04-10] (CyberLink) HKLM\...\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [167936 2008-04-18] (Acer Corp.) HKLM\...\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM\...\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE [1694608 2012-03-12] (Bandoo Media, inc) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-10] (Microsoft Corporation) HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) MountPoints2: {5f7f6890-8f0f-11e1-8c6c-001d72c21f2e} - G:\SETUP.EXE HKU\Default\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [ 2007-08-21] () HKU\Default User\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [ 2007-08-21] () Startup: C:\ProgramData\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - {765B06E3-D966-4956-8B8D-7BE9E6DECE19} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F5B1CCF6-AB22-4A84-A1CC-5481E02A8116&apn_sauid=F42EE1D7-E4E4-4800-8737-A0F45744B1E6 SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms} BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\NadineS\AppData\Roaming\Mozilla\Firefox\Profiles\nlmm1se6.default FF NewTab: hxxp://www.google.com/firefox FF SearchEngine: Google FF Homepage: hxxp://www.searchnu.com/406 FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\NadineS\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files\Mozilla Firefox\components FF HKLM\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files\Mozilla Firefox\plugins Chrome: ======= CHR HomePage: hxxp://www.searchnu.com/406 CHR RestoreOnStartup: "hxxp://www.searchnu.com/406" CHR DefaultSearchURL: (Ask) - hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=F5B1CCF6-AB22-4A84-A1CC-5481E02A8116&apn_ptnrs=U3&apn_sauid=F42EE1D7-E4E4-4800-8737-A0F45744B1E6&apn_dtid=OSJ000YYDE&q={searchTerms} CHR DefaultSuggestURL: (Ask) - hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\NadineS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1 CHR Extension: (Google Search) - C:\Users\NadineS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1 CHR Extension: (Gmail) - C:\Users\NadineS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] () R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] () R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] () R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-03-21] (Acer, Inc.) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-04-18] (Cyberlink Corp.) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-28 07:28 - 2013-06-28 07:28 - 00000000 ____D C:\FRST 2013-06-28 07:26 - 2013-06-28 07:26 - 01371463 ____A (Farbar) C:\Users\NadineS\Desktop\FRST.exe 2013-06-28 01:01 - 2013-06-28 01:01 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum 2013-06-27 20:56 - 2013-06-27 20:56 - 00162289 ____A C:\Users\NadineS\Desktop\gmer.log 2013-06-27 20:10 - 2013-06-27 20:10 - 00377856 ____A C:\Users\NadineS\Desktop\gmer_2.1.19163.exe 2013-06-27 20:07 - 2013-06-27 20:07 - 00041386 ____A C:\Users\NadineS\Desktop\Extras.Txt 2013-06-27 20:02 - 2013-06-27 20:02 - 00072816 ____A C:\Users\NadineS\Desktop\OTL.Txt 2013-06-27 19:45 - 2013-06-27 19:46 - 00602112 ____A (OldTimer Tools) C:\Users\NadineS\Desktop\OTL.exe 2013-06-27 19:44 - 2013-06-27 19:45 - 00000476 ____A C:\Users\NadineS\Desktop\defogger_disable.log 2013-06-27 19:44 - 2013-06-27 19:44 - 00000000 ____A C:\Users\NadineS\defogger_reenable 2013-06-27 19:43 - 2013-06-27 19:43 - 00050477 ____A C:\Users\NadineS\Desktop\Defogger.exe 2013-06-26 19:12 - 2013-06-28 01:01 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum 2013-06-26 19:12 - 2013-06-28 01:01 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum 2013-06-26 02:40 - 2013-06-26 02:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-26 02:40 - 2013-06-26 02:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-26 02:12 - 2013-06-26 02:12 - 00001975 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-06-26 01:14 - 2013-06-26 01:13 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-06-26 01:13 - 2013-06-26 01:13 - 00000000 ____D C:\Program Files\Java 2013-06-26 01:07 - 2013-06-26 01:07 - 00000863 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-06-22 16:38 - 2013-06-22 16:40 - 00000000 ____D C:\Users\NadineS\Desktop\Stick 2013-06-13 03:26 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-13 03:26 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-13 03:26 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-13 03:26 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-13 03:26 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-13 03:26 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-13 03:26 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-13 03:26 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-13 03:26 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-13 03:26 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-13 03:26 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-13 03:26 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-13 03:25 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-13 03:25 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-13 03:25 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-13 03:25 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-12 06:11 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 06:11 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-06-12 06:11 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-06-12 06:11 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 06:11 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll 2013-06-12 06:11 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 06:11 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 06:11 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 06:11 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 06:11 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 06:11 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll ==================== One Month Modified Files and Folders ======== 2013-06-28 07:28 - 2013-06-28 07:28 - 00000000 ____D C:\FRST 2013-06-28 07:26 - 2013-06-28 07:26 - 01371463 ____A (Farbar) C:\Users\NadineS\Desktop\FRST.exe 2013-06-28 07:25 - 2006-11-02 14:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-28 07:25 - 2006-11-02 14:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-28 06:51 - 2012-04-25 19:14 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-28 01:54 - 2012-04-25 18:49 - 01375702 ____A C:\Windows\WindowsUpdate.log 2013-06-28 01:51 - 2012-04-25 19:14 - 00001096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-28 01:01 - 2013-06-28 01:01 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum 2013-06-28 01:01 - 2013-06-26 19:12 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum 2013-06-28 01:01 - 2013-06-26 19:12 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum 2013-06-28 01:01 - 2013-03-19 04:37 - 00175176 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-06-28 01:01 - 2012-04-25 19:14 - 00369584 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-06-28 01:01 - 2012-04-25 19:13 - 00770344 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-06-27 21:05 - 2006-11-02 12:33 - 01445310 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-27 21:00 - 2012-04-25 19:19 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml 2013-06-27 21:00 - 2012-04-25 18:58 - 00068081 ____A C:\ProgramData\nvModes.001 2013-06-27 21:00 - 2008-05-07 20:04 - 00000147 ____A C:\Windows\System32\agent.log 2013-06-27 20:59 - 2012-04-25 18:56 - 00068081 ____A C:\ProgramData\nvModes.dat 2013-06-27 20:59 - 2008-01-21 04:47 - 03560998 ____A C:\Windows\PFRO.log 2013-06-27 20:59 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-27 20:58 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-27 20:56 - 2013-06-27 20:56 - 00162289 ____A C:\Users\NadineS\Desktop\gmer.log 2013-06-27 20:10 - 2013-06-27 20:10 - 00377856 ____A C:\Users\NadineS\Desktop\gmer_2.1.19163.exe 2013-06-27 20:07 - 2013-06-27 20:07 - 00041386 ____A C:\Users\NadineS\Desktop\Extras.Txt 2013-06-27 20:02 - 2013-06-27 20:02 - 00072816 ____A C:\Users\NadineS\Desktop\OTL.Txt 2013-06-27 19:46 - 2013-06-27 19:45 - 00602112 ____A (OldTimer Tools) C:\Users\NadineS\Desktop\OTL.exe 2013-06-27 19:45 - 2013-06-27 19:44 - 00000476 ____A C:\Users\NadineS\Desktop\defogger_disable.log 2013-06-27 19:44 - 2013-06-27 19:44 - 00000000 ____A C:\Users\NadineS\defogger_reenable 2013-06-27 19:44 - 2012-04-25 18:56 - 00000000 ____D C:\users\NadineS 2013-06-27 19:43 - 2013-06-27 19:43 - 00050477 ____A C:\Users\NadineS\Desktop\Defogger.exe 2013-06-26 18:56 - 2012-04-25 19:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-06-26 02:40 - 2013-06-26 02:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-26 02:40 - 2013-06-26 02:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-26 02:40 - 2012-04-25 20:28 - 00000000 ____D C:\Users\NadineS\AppData\Local\Adobe 2013-06-26 02:28 - 2013-05-17 22:38 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-06-26 02:28 - 2012-04-25 19:18 - 00000850 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-06-26 02:12 - 2013-06-26 02:12 - 00001975 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-06-26 01:13 - 2013-06-26 01:14 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-06-26 01:13 - 2013-06-26 01:13 - 00000000 ____D C:\Program Files\Java 2013-06-26 01:13 - 2012-08-30 03:00 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-06-26 01:13 - 2012-08-30 03:00 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-06-26 01:08 - 2012-04-26 15:57 - 00000000 ____D C:\Users\NadineS\AppData\Roaming\vlc 2013-06-26 01:07 - 2013-06-26 01:07 - 00000863 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-06-22 16:40 - 2013-06-22 16:38 - 00000000 ____D C:\Users\NadineS\Desktop\Stick 2013-06-19 03:15 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-06-13 04:04 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2013-06-13 03:45 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE 2013-06-13 03:29 - 2008-05-07 19:46 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-13 03:03 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe Files to move or delete: ==================== C:\ProgramData\nvModes.dat ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-27 21:05 ==================== End Of Log ============================ und die Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-06-2013 Ran by NadineS at 2013-06-28 07:30:16 Running from C:\Users\NadineS\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) 7-Zip 9.20 Acer Arcade Deluxe (Version: 2.0.5225) Acer Crystal Eye Webcam 3.0.3.1 (Version: 3.0.3.1) Acer eAudio Management (Version: 3.0.3007) Acer eDataSecurity Management (Version: 3.0.3060) Acer Empowering Technology (Version: 3.0.3006) Acer ePower Management (Version: 3.0.3009) Acer eRecovery Management (Version: 3.0.3010) Acer eSettings Management (Version: 3.0.3006) Acer GameZone Console 2.0.1.1 Acer GridVista (Version: 2.72.317) Acer Mobility Center Plug-In (Version: 3.0.3000) Acer ScreenSaver (Version: 1.11.0506) Acer VCM (Version: 3.1.3000) Activation Assistant for the 2007 Microsoft Office suites Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7) Agatha Christie Death on the Nile Agere Systems HDA Modem Alice Greenfingers avast! Free Antivirus (Version: 8.0.1489.0) Azada Backspin Billiards Big Kahuna Reef Bing Bar (Version: 7.1.391.0) Bricks of Egypt Cake Mania Chicken Invaders 3 Chuzzle Diner Dash Flo on the Go eSobi v2 (Version: 2.0.3.000189) Free Audio Converter version 5.0.24.430 (Version: 5.0.24.430) Google Chrome (Version: 27.0.1453.116) Google Update Helper (Version: 1.3.21.145) HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (Version: 22.0.334.0) HP Deskjet 2050 J510 series Hilfe (Version: 140.0.61.61) HP Photo Creations (Version: 1.0.0.3341) HP Update (Version: 5.002.005.003) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Jewel Quest Solitaire JMicron JMB38X Flash Media Controller (Version: 1.00.11.02) Kick N Rush Launch Manager LightScribe 1.4.142.1 (Version: 1.4.142.1) Mahjong Escape Ancient China Mahjongg Artifacts Marvell Miniport Driver (Version: 10.55.3.3) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Works (Version: 08.05.0822) Mozilla Firefox 22.0 (x86 de) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Mystery Case Files - Huntsville Mystery Solitaire - Secret Island NTI Backup Now 5 (Version: 5.1.2.503) NTI Backup Now Standard (Version: 5.1.2.503) NTI Media Maker 8 (Version: 8.0.2.6322) NVIDIA Drivers OpenOffice.org 3.4 (Version: 3.4.9590) Orion (Version: 2.0.1) PhotoNow! (Version: 1.1.4619) PowerDirector (Version: 6.5.2713) Realtek High Definition Audio Driver (Version: 6.0.1.5610) Searchqu Toolbar (Version: 3.0.0.122375) Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten (Version: 22.0.334.0) Synaptics Pointing Device Driver (Version: 11.0.2.0) Turbo Pizza Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) VLC media player 2.0.7 (Version: 2.0.7) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) Yahoo! Toolbar Zuma Deluxe ==================== Restore Points ========================= 07-06-2013 20:25:45 Windows Update 08-06-2013 15:44:06 Geplanter Prüfpunkt 09-06-2013 07:31:19 Geplanter Prüfpunkt 11-06-2013 07:01:05 Windows Update 13-06-2013 01:00:23 Windows Update 15-06-2013 08:14:55 Geplanter Prüfpunkt 18-06-2013 02:56:11 Geplanter Prüfpunkt 18-06-2013 19:15:37 Windows Update 19-06-2013 01:00:12 Windows Update 21-06-2013 07:11:02 Geplanter Prüfpunkt 25-06-2013 17:12:16 Windows Update 25-06-2013 23:11:36 Installed Java 7 Update 25 ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2B01D3E7-F6F4-4280-A601-749C576E6545} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-25] (Google Inc.) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {562D43E2-134C-4E02-AEFE-049B8956CAC1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {76A6BBCD-7DC0-4A91-ACCD-B1669CA1B5B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-25] (Google Inc.) Task: {87C87609-754B-445C-A127-4C32CF7217F3} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {C115F165-AAAC-40C3-97FF-B856F7603FD4} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation) Task: {C3C09A4D-67EB-46B7-9075-6D707D12E8E5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {E569AE39-7ED6-4BB7-9CB9-552B831030B0} - System32\Tasks\User_Feed_Synchronization-{05FD1E10-2C37-4931-95BF-39B33867D94F} => C:\Windows\system32\msfeedssync.exe [2012-04-27] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/27/2013 09:00:17 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2013 08:41:48 PM) (Source: Perflib) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (06/27/2013 08:19:58 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, fehlerhaftes Modul gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00012288, Prozess-ID 0xbdc, Anwendungsstartzeit gmer_2.1.19163.exe0. Error: (06/27/2013 06:59:35 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2013 06:57:42 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/26/2013 03:23:09 AM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung firefox.exe, Version 22.0.0.4917, Zeitstempel 0x51c06b1b, fehlerhaftes Modul xul.dll, Version 22.0.0.4917, Zeitstempel 0x51c06a5b, Ausnahmecode 0xc0000005, Fehleroffset 0x00173668, Prozess-ID 0x11a8, Anwendungsstartzeit firefox.exe0. Error: (06/26/2013 02:13:18 AM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\NADINES\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NLMM1SE6.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (06/26/2013 02:13:18 AM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\NADINES\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NLMM1SE6.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (06/26/2013 02:13:18 AM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\NADINES\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NLMM1SE6.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (06/26/2013 02:13:18 AM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\NADINES\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NLMM1SE6.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) System errors: ============= Error: (06/27/2013 09:00:19 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (06/27/2013 06:59:35 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (06/26/2013 06:57:43 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (06/25/2013 08:08:54 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (06/25/2013 08:00:42 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (06/25/2013 05:49:44 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (06/25/2013 05:35:08 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (06/25/2013 05:34:21 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 25.06.2013 um 17:31:45 unerwartet heruntergefahren. Error: (06/24/2013 10:22:04 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (06/23/2013 05:57:42 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2012-05-26 15:41:15.559 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-05-26 15:41:15.450 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-05-26 15:41:15.345 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-05-26 15:41:15.194 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-05-26 15:41:14.967 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-05-26 15:41:14.846 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-05-26 15:41:14.727 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-05-26 15:41:14.578 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-05-04 23:49:06.606 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-05-04 23:49:06.520 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 52% Total physical RAM: 3066.12 MB Available physical RAM: 1458.01 MB Total Pagefile: 6336.49 MB Available Pagefile: 4595.45 MB Total Virtual: 2047.88 MB Available Virtual: 1900.72 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:142.65 GB) (Free:47.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:142.67 GB) (Free:45.08 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 9D0A5489) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=143 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=143 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=3 GB) - (Type=12) ==================== End Of Log ============================ |
28.06.2013, 08:11 | #4 | |
/// the machine /// TB-Ausbilder | CPU-Auslastung sehr hochCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.06.2013, 13:27 | #5 |
| CPU-Auslastung sehr hoch Hey, ich habe das Jetzt durchgeführt, aber jetzt wird mir gesagt, dass mein Windows-Defender aufgrund eines anderen Programms nicht ausgeführt werden kann. Bei der Antispyware-Software von Avast war das zuerst auch, aber mittlerweile geht es wieder. Ist das normal? Hier die Datei Code:
ATTFilter ComboFix 13-06-28.01 - NadineS 28.06.2013 13:47:50.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1892 [GMT 2:00] ausgeführt von:: c:\users\NadineS\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\NadineS\Documents\~WRL1759.tmp c:\users\NadineS\Documents\~WRL2383.tmp c:\users\NadineS\Documents\~WRL2863.tmp c:\users\NadineS\Documents\~WRL3124.tmp c:\users\NadineS\Documents\~WRL3655.tmp c:\users\NadineS\Documents\~WRL3995.tmp c:\users\NadineS\Documents\~WRL4060.tmp D:\install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-28 bis 2013-06-28 )))))))))))))))))))))))))))))) . . 2013-06-28 12:01 . 2013-06-28 12:02 -------- d-----w- c:\users\NadineS\AppData\Local\temp 2013-06-28 12:01 . 2013-06-28 12:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-28 05:28 . 2013-06-28 05:28 -------- d-----w- C:\FRST 2013-06-28 00:00 . 2013-06-28 00:00 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C91349B8-86EB-4727-8D03-BBC1E2D7E648}\offreg.dll 2013-06-26 00:40 . 2013-06-26 00:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-26 00:40 . 2013-06-26 00:40 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-25 23:13 . 2013-06-25 23:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-06-25 23:13 . 2013-06-25 23:13 -------- d-----w- c:\program files\Java 2013-06-25 17:13 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C91349B8-86EB-4727-8D03-BBC1E2D7E648}\mpengine.dll 2013-06-13 01:25 . 2013-05-16 22:27 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-06-12 04:11 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 04:11 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 04:11 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll 2013-06-12 04:11 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 04:11 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 04:11 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 04:11 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 04:11 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 04:11 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-12 04:11 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-12 04:11 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-27 23:01 . 2013-03-19 02:37 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-06-27 23:01 . 2012-04-25 17:14 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-27 23:01 . 2012-04-25 17:13 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-25 23:13 . 2012-08-30 01:00 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-25 23:13 . 2012-08-30 01:00 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-05-09 08:59 . 2013-03-19 02:37 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59 . 2012-04-25 17:13 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2012-04-25 17:13 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-05-09 08:59 . 2012-04-25 17:13 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:59 . 2012-04-25 17:14 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:58 . 2012-04-25 17:12 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2012-04-25 17:12 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-02 00:06 . 2012-04-26 14:48 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-15 14:20 . 2013-05-15 19:32 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-13 10:56 . 2013-05-15 19:32 37376 ----a-w- c:\windows\system32\cdd.dll 2013-04-09 01:36 . 2013-05-15 19:32 2049024 ----a-w- c:\windows\system32\win32k.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 6111232] "Skytel"="Skytel.exe" [2007-11-21 1826816] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-01 793096] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2012-4-25 1216512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-26 00:11 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 17:14] . 2013-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 17:14] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.bing.com mStart Page = hxxp://de.intl.acer.yahoo.com IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\NadineS\AppData\Roaming\Mozilla\Firefox\Profiles\nlmm1se6.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406 FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q= . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-10 - (no file) HKLM-Run-eRecoveryService - (no file) SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-06-28 14:02 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2013-06-28 14:05:27 ComboFix-quarantined-files.txt 2013-06-28 12:05 . Vor Suchlauf: 11 Verzeichnis(se), 55.430.254.592 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 55.985.479.680 Bytes frei . - - End Of File - - E0885776FBDCDC27988626B039D25161 BB9D3A6A13C5010348DA7C900BB6AF50 |
28.06.2013, 17:10 | #6 |
/// the machine /// TB-Ausbilder | CPU-Auslastung sehr hoch Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier. und ein frisches FRST Log bitte
__________________ --> CPU-Auslastung sehr hoch |
28.06.2013, 19:34 | #7 |
| CPU-Auslastung sehr hoch Hey, alles erledigt. Hier die Ergebnisse. ADW-Cleaner Code:
ATTFilter # AdwCleaner v2.303 - Datei am 28/06/2013 um 19:54:58 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : NadineS - NADINES-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\NadineS\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml Datei Gelöscht : C:\Users\NadineS\AppData\Roaming\Mozilla\Firefox\Profiles\nlmm1se6.default\searchplugins\Askcom.xml Datei Gelöscht : C:\Users\NadineS\AppData\Roaming\Mozilla\Firefox\Profiles\nlmm1se6.default\searchplugins\Search_Results.xml Gelöscht mit Neustart : C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} Ordner Gelöscht : C:\Program Files\Searchqu Toolbar Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\Users\NadineS\AppData\Local\Ilivid Player Ordner Gelöscht : C:\Users\NadineS\AppData\LocalLow\searchquband Ordner Gelöscht : C:\Users\NadineS\AppData\LocalLow\Searchqutoolbar Ordner Gelöscht : C:\Users\NadineS\AppData\Roaming\Mozilla\Firefox\Profiles\nlmm1se6.default\Searchqutoolbar ***** [Registrierungsdatenbank] ***** Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16490 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v22.0 (de) Datei : C:\Users\NadineS\AppData\Roaming\Mozilla\Firefox\Profiles\nlmm1se6.default\prefs.js Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406"); Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q="); -\\ Google Chrome v27.0.1453.116 Datei : C:\Users\NadineS\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.23] : icon_url = "hxxp://www.ask.com/favicon.ico", Gelöscht [l.26] : keyword = "ask.com", Gelöscht [l.30] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=F5[...] Gelöscht [l.31] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...] Gelöscht [l.1308] : homepage = "hxxp://www.searchnu.com/406", Gelöscht [l.1484] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ] ************************* AdwCleaner[S1].txt - [4979 octets] - [28/06/2013 19:54:58] ########## EOF - C:\AdwCleaner[S1].txt - [5039 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows Vista (TM) Home Premium x86 Ran by NadineS on 28.06.2013 at 20:06:29,34 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{765B06E3-D966-4956-8B8D-7BE9E6DECE19} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\NadineS\AppData\Roaming\big fish games" Successfully deleted: [Folder] "C:\Users\NadineS\appdata\locallow\datamngr" ~~~ FireFox Failed to delete: [Folder] "C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" Emptied folder: C:\Users\NadineS\AppData\Roaming\mozilla\firefox\profiles\nlmm1se6.default\minidumps [178 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 28.06.2013 at 20:11:15,79 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Farbar Service Scanner Version: 27-06-2013 Ran by NadineS (administrator) on 28-06-2013 at 20:20:46 Running from "C:\Users\NadineS\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2013-06-12 06:11] - [2013-05-08 06:37] - 0905576 ____A (Microsoft Corporation) 548E198BAE21EFC21F8B5F0C1728AD27 C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll [2013-06-12 06:11] - [2013-04-24 06:00] - 0133120 ____A (Microsoft Corporation) 3EDE4C1F9672C972479201544969ADCB C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\ipnathlp.dll => MD5 is legit C:\Windows\system32\iphlpsvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-06-2013 Ran by NadineS (administrator) on 28-06-2013 20:22:41 Running from C:\Users\NadineS\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe () C:\Windows\PLFSetI.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Agere Systems) C:\Windows\system32\agrsmsvc.exe (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Realtek Semiconductor Corp.) C:\Users\NadineS\AppData\Local\Temp\RtkBtMnt.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Acer\Mobility Center\MobilityService.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () C:\Program Files\Cyberlink\Shared files\RichVideo.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Acer Inc.) C:\Program Files\Acer\Acer VCM\acp2HID.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-02-22] (Synaptics, Inc.) HKLM\...\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [34040 2008-04-06] () HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13535776 2008-04-03] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-04-03] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [Skytel] Skytel.exe [x] HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2007-10-23] () HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe [793096 2008-04-01] (Dritek System Inc.) HKLM\...\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [544768 2008-03-07] (Acer Incorporated) HKLM\...\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated) HKLM\...\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-30] (Acer Inc.) HKLM\...\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [147456 2008-04-10] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [167936 2008-04-10] (CyberLink) HKLM\...\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [167936 2008-04-18] (Acer Corp.) HKLM\...\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-10] (Microsoft Corporation) HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKU\Default\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [ 2007-08-21] () HKU\Default User\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [ 2007-08-21] () Startup: C:\ProgramData\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\NadineS\AppData\Roaming\Mozilla\Firefox\Profiles\nlmm1se6.default FF NewTab: hxxp://www.google.com/firefox FF SearchEngine: Google FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\NadineS\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files\Mozilla Firefox\components FF HKLM\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files\Mozilla Firefox\plugins Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchURL: (Ask) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\NadineS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1 CHR Extension: (Google Search) - C:\Users\NadineS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1 CHR Extension: (Gmail) - C:\Users\NadineS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] () R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] () R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] () R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-03-21] (Acer, Inc.) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-04-18] (Cyberlink Corp.) S3 catchme; \??\C:\Users\NadineS\AppData\Local\Temp\catchme.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-28 20:20 - 2013-06-28 20:20 - 00002537 ____A C:\Users\NadineS\Desktop\FSS.txt 2013-06-28 20:19 - 2013-06-28 20:19 - 00356397 ____A (Farbar) C:\Users\NadineS\Desktop\FSS.exe 2013-06-28 20:11 - 2013-06-28 20:11 - 00001192 ____A C:\Users\NadineS\Desktop\JRT.txt 2013-06-28 20:06 - 2013-06-28 20:06 - 00000000 ____D C:\Windows\ERUNT 2013-06-28 20:06 - 2013-06-28 20:06 - 00000000 ____D C:\JRT 2013-06-28 20:04 - 2013-06-28 20:04 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\NadineS\Desktop\JRT.exe 2013-06-28 20:01 - 2013-06-28 20:01 - 00005108 ____A C:\Users\NadineS\Desktop\AdwCleaner[S1].txt 2013-06-28 19:55 - 2013-06-28 19:55 - 00000150 ____A C:\Windows\DeleteOnReboot.bat 2013-06-28 19:54 - 2013-06-28 19:55 - 00005108 ____A C:\AdwCleaner[S1].txt 2013-06-28 19:53 - 2013-06-28 19:53 - 00648201 ____A C:\Users\NadineS\Desktop\adwcleaner.exe 2013-06-28 14:08 - 2013-06-28 14:08 - 00010822 ____A C:\Users\NadineS\Desktop\Combofix.txt 2013-06-28 14:05 - 2013-06-28 14:05 - 00010822 ____A C:\ComboFix.txt 2013-06-28 13:44 - 2013-06-28 14:05 - 00000000 ____D C:\ComboFix 2013-06-28 13:44 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe 2013-06-28 13:44 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe 2013-06-28 13:44 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-06-28 13:44 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-06-28 13:44 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-06-28 13:44 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe 2013-06-28 13:44 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe 2013-06-28 13:44 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe 2013-06-28 13:43 - 2013-06-28 14:05 - 00000000 ___AD C:\Qoobox 2013-06-28 13:43 - 2013-06-28 14:03 - 00000000 ____D C:\Windows\erdnt 2013-06-28 13:41 - 2013-06-28 13:41 - 05083661 ____R (Swearware) C:\Users\NadineS\Desktop\ComboFix.exe 2013-06-28 07:30 - 2013-06-28 07:31 - 00017749 ____A C:\Users\NadineS\Desktop\Addition.txt 2013-06-28 07:28 - 2013-06-28 07:28 - 00000000 ____D C:\FRST 2013-06-28 07:26 - 2013-06-28 07:26 - 01371463 ____A (Farbar) C:\Users\NadineS\Desktop\FRST.exe 2013-06-28 01:01 - 2013-06-28 01:01 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum 2013-06-27 20:56 - 2013-06-27 20:56 - 00162289 ____A C:\Users\NadineS\Desktop\gmer.log 2013-06-27 20:10 - 2013-06-27 20:10 - 00377856 ____A C:\Users\NadineS\Desktop\gmer_2.1.19163.exe 2013-06-27 20:07 - 2013-06-27 20:07 - 00041386 ____A C:\Users\NadineS\Desktop\Extras.Txt 2013-06-27 20:02 - 2013-06-27 20:02 - 00072816 ____A C:\Users\NadineS\Desktop\OTL.Txt 2013-06-27 19:45 - 2013-06-27 19:46 - 00602112 ____A (OldTimer Tools) C:\Users\NadineS\Desktop\OTL.exe 2013-06-27 19:44 - 2013-06-27 19:45 - 00000476 ____A C:\Users\NadineS\Desktop\defogger_disable.log 2013-06-27 19:44 - 2013-06-27 19:44 - 00000000 ____A C:\Users\NadineS\defogger_reenable 2013-06-27 19:43 - 2013-06-27 19:43 - 00050477 ____A C:\Users\NadineS\Desktop\Defogger.exe 2013-06-26 19:12 - 2013-06-28 01:01 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum 2013-06-26 19:12 - 2013-06-28 01:01 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum 2013-06-26 02:40 - 2013-06-26 02:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-26 02:40 - 2013-06-26 02:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-26 01:14 - 2013-06-26 01:13 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-06-26 01:13 - 2013-06-26 01:13 - 00000000 ____D C:\Program Files\Java 2013-06-26 01:07 - 2013-06-26 01:07 - 00000863 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-06-22 16:38 - 2013-06-22 16:40 - 00000000 ____D C:\Users\NadineS\Desktop\Stick 2013-06-13 03:26 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-13 03:26 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-13 03:26 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-13 03:26 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-13 03:26 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-13 03:26 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-13 03:26 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-13 03:26 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-13 03:26 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-13 03:26 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-13 03:26 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-13 03:26 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-13 03:25 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-13 03:25 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-13 03:25 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-13 03:25 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-12 06:11 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 06:11 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-06-12 06:11 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-06-12 06:11 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 06:11 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll 2013-06-12 06:11 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 06:11 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 06:11 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 06:11 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 06:11 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 06:11 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll ==================== One Month Modified Files and Folders ======== 2013-06-28 20:20 - 2013-06-28 20:20 - 00002537 ____A C:\Users\NadineS\Desktop\FSS.txt 2013-06-28 20:20 - 2012-04-25 18:49 - 01440492 ____A C:\Windows\WindowsUpdate.log 2013-06-28 20:19 - 2013-06-28 20:19 - 00356397 ____A (Farbar) C:\Users\NadineS\Desktop\FSS.exe 2013-06-28 20:16 - 2012-04-25 19:19 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml 2013-06-28 20:16 - 2012-04-25 19:14 - 00001096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-28 20:16 - 2012-04-25 18:58 - 00068081 ____A C:\ProgramData\nvModes.001 2013-06-28 20:16 - 2012-04-25 18:56 - 00068081 ____A C:\ProgramData\nvModes.dat 2013-06-28 20:16 - 2008-05-07 20:04 - 00000147 ____A C:\Windows\System32\agent.log 2013-06-28 20:16 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-28 20:16 - 2006-11-02 14:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-28 20:16 - 2006-11-02 14:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-28 20:15 - 2008-01-21 04:47 - 03598944 ____A C:\Windows\PFRO.log 2013-06-28 20:14 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-28 20:11 - 2013-06-28 20:11 - 00001192 ____A C:\Users\NadineS\Desktop\JRT.txt 2013-06-28 20:06 - 2013-06-28 20:06 - 00000000 ____D C:\Windows\ERUNT 2013-06-28 20:06 - 2013-06-28 20:06 - 00000000 ____D C:\JRT 2013-06-28 20:05 - 2006-11-02 12:33 - 01445310 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-28 20:04 - 2013-06-28 20:04 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\NadineS\Desktop\JRT.exe 2013-06-28 20:01 - 2013-06-28 20:01 - 00005108 ____A C:\Users\NadineS\Desktop\AdwCleaner[S1].txt 2013-06-28 19:55 - 2013-06-28 19:55 - 00000150 ____A C:\Windows\DeleteOnReboot.bat 2013-06-28 19:55 - 2013-06-28 19:54 - 00005108 ____A C:\AdwCleaner[S1].txt 2013-06-28 19:53 - 2013-06-28 19:53 - 00648201 ____A C:\Users\NadineS\Desktop\adwcleaner.exe 2013-06-28 19:51 - 2012-04-25 19:14 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-28 14:16 - 2006-11-02 12:23 - 00002577 ____A C:\Windows\System32\config.nt 2013-06-28 14:08 - 2013-06-28 14:08 - 00010822 ____A C:\Users\NadineS\Desktop\Combofix.txt 2013-06-28 14:05 - 2013-06-28 14:05 - 00010822 ____A C:\ComboFix.txt 2013-06-28 14:05 - 2013-06-28 13:44 - 00000000 ____D C:\ComboFix 2013-06-28 14:05 - 2013-06-28 13:43 - 00000000 ___AD C:\Qoobox 2013-06-28 14:05 - 2006-11-02 13:18 - 00000000 __RHD C:\users\Default 2013-06-28 14:05 - 2006-11-02 13:18 - 00000000 ___RD C:\users\Public 2013-06-28 14:03 - 2013-06-28 13:43 - 00000000 ____D C:\Windows\erdnt 2013-06-28 14:02 - 2006-11-02 12:23 - 00000215 ____A C:\Windows\system.ini 2013-06-28 13:41 - 2013-06-28 13:41 - 05083661 ____R (Swearware) C:\Users\NadineS\Desktop\ComboFix.exe 2013-06-28 07:31 - 2013-06-28 07:30 - 00017749 ____A C:\Users\NadineS\Desktop\Addition.txt 2013-06-28 07:28 - 2013-06-28 07:28 - 00000000 ____D C:\FRST 2013-06-28 07:26 - 2013-06-28 07:26 - 01371463 ____A (Farbar) C:\Users\NadineS\Desktop\FRST.exe 2013-06-28 01:01 - 2013-06-28 01:01 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum 2013-06-28 01:01 - 2013-06-26 19:12 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum 2013-06-28 01:01 - 2013-06-26 19:12 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum 2013-06-28 01:01 - 2013-03-19 04:37 - 00175176 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-06-28 01:01 - 2012-04-25 19:14 - 00369584 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-06-28 01:01 - 2012-04-25 19:13 - 00770344 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-06-27 20:56 - 2013-06-27 20:56 - 00162289 ____A C:\Users\NadineS\Desktop\gmer.log 2013-06-27 20:10 - 2013-06-27 20:10 - 00377856 ____A C:\Users\NadineS\Desktop\gmer_2.1.19163.exe 2013-06-27 20:07 - 2013-06-27 20:07 - 00041386 ____A C:\Users\NadineS\Desktop\Extras.Txt 2013-06-27 20:02 - 2013-06-27 20:02 - 00072816 ____A C:\Users\NadineS\Desktop\OTL.Txt 2013-06-27 19:46 - 2013-06-27 19:45 - 00602112 ____A (OldTimer Tools) C:\Users\NadineS\Desktop\OTL.exe 2013-06-27 19:45 - 2013-06-27 19:44 - 00000476 ____A C:\Users\NadineS\Desktop\defogger_disable.log 2013-06-27 19:44 - 2013-06-27 19:44 - 00000000 ____A C:\Users\NadineS\defogger_reenable 2013-06-27 19:44 - 2012-04-25 18:56 - 00000000 ____D C:\users\NadineS 2013-06-27 19:43 - 2013-06-27 19:43 - 00050477 ____A C:\Users\NadineS\Desktop\Defogger.exe 2013-06-26 18:56 - 2012-04-25 19:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-06-26 02:40 - 2013-06-26 02:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-26 02:40 - 2013-06-26 02:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-26 02:40 - 2012-04-25 20:28 - 00000000 ____D C:\Users\NadineS\AppData\Local\Adobe 2013-06-26 02:28 - 2013-05-17 22:38 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-06-26 02:28 - 2012-04-25 19:18 - 00000850 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-06-26 01:13 - 2013-06-26 01:14 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-06-26 01:13 - 2013-06-26 01:13 - 00000000 ____D C:\Program Files\Java 2013-06-26 01:13 - 2012-08-30 03:00 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-06-26 01:13 - 2012-08-30 03:00 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-06-26 01:08 - 2012-04-26 15:57 - 00000000 ____D C:\Users\NadineS\AppData\Roaming\vlc 2013-06-26 01:07 - 2013-06-26 01:07 - 00000863 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-06-22 16:40 - 2013-06-22 16:38 - 00000000 ____D C:\Users\NadineS\Desktop\Stick 2013-06-19 03:15 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-06-13 04:04 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2013-06-13 03:45 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE 2013-06-13 03:29 - 2008-05-07 19:46 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-13 03:03 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe Files to move or delete: ==================== C:\ProgramData\nvModes.dat ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-28 20:22 ==================== End Of Log ============================ |
29.06.2013, 08:53 | #8 |
/// the machine /// TB-Ausbilder | CPU-Auslastung sehr hochESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST Log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.06.2013, 23:44 | #9 |
| CPU-Auslastung sehr hoch Hi, hier schonmal das Eset. Das andere folgt später Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=bb144e0c163b8f449a61542d8c97c8ed # engine=14206 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-06-29 10:37:14 # local_time=2013-06-30 12:37:14 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=774 16777213 85 93 123692 149258906 0 0 # compatibility_mode=5892 16776574 100 100 122295 210078162 0 0 # scanned=144332 # found=0 # cleaned=0 # scan_time=7673 Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (22.0) Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-06-2013 Ran by NadineS (administrator) on 30-06-2013 00:58:33 Running from C:\Users\NadineS\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe () C:\Windows\PLFSetI.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Agere Systems) C:\Windows\system32\agrsmsvc.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Acer\Mobility Center\MobilityService.exe (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Realtek Semiconductor Corp.) C:\Users\NadineS\AppData\Local\Temp\RtkBtMnt.exe () C:\Program Files\Cyberlink\Shared files\RichVideo.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Acer Inc.) C:\Program Files\Acer\Acer VCM\acp2HID.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (acer) C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-02-22] (Synaptics, Inc.) HKLM\...\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [34040 2008-04-06] () HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13535776 2008-04-03] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-04-03] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [Skytel] Skytel.exe [x] HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2007-10-23] () HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe [793096 2008-04-01] (Dritek System Inc.) HKLM\...\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [544768 2008-03-07] (Acer Incorporated) HKLM\...\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated) HKLM\...\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-30] (Acer Inc.) HKLM\...\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [147456 2008-04-10] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [167936 2008-04-10] (CyberLink) HKLM\...\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [167936 2008-04-18] (Acer Corp.) HKLM\...\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-10] (Microsoft Corporation) HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKU\Default\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [ 2007-08-21] () HKU\Default User\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [ 2007-08-21] () Startup: C:\ProgramData\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\NadineS\AppData\Roaming\Mozilla\Firefox\Profiles\nlmm1se6.default FF NewTab: hxxp://www.google.com/firefox FF SearchEngine: Google FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\NadineS\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files\Mozilla Firefox\components FF HKLM\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files\Mozilla Firefox\plugins Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchURL: (Ask) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\NadineS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1 CHR Extension: (Google Search) - C:\Users\NadineS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1 CHR Extension: (Gmail) - C:\Users\NadineS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] () R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] () R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] () R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-03-21] (Acer, Inc.) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-04-18] (Cyberlink Corp.) S3 catchme; \??\C:\Users\NadineS\AppData\Local\Temp\catchme.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-30 00:56 - 2013-06-30 00:56 - 00000839 ____A C:\Users\NadineS\Desktop\checkup.txt 2013-06-30 00:47 - 2013-06-30 00:48 - 00890988 ____A C:\Users\NadineS\Desktop\SecurityCheck.exe 2013-06-29 22:22 - 2013-06-29 22:22 - 02347384 ____A (ESET) C:\Users\NadineS\Desktop\esetsmartinstaller_enu.exe 2013-06-28 20:29 - 2013-06-28 20:29 - 00029604 ____A C:\Users\NadineS\Desktop\FRST1.txt 2013-06-28 20:20 - 2013-06-28 20:20 - 00002537 ____A C:\Users\NadineS\Desktop\FSS.txt 2013-06-28 20:19 - 2013-06-28 20:19 - 00356397 ____A (Farbar) C:\Users\NadineS\Desktop\FSS.exe 2013-06-28 20:11 - 2013-06-28 20:11 - 00001192 ____A C:\Users\NadineS\Desktop\JRT.txt 2013-06-28 20:06 - 2013-06-28 20:06 - 00000000 ____D C:\Windows\ERUNT 2013-06-28 20:06 - 2013-06-28 20:06 - 00000000 ____D C:\JRT 2013-06-28 20:04 - 2013-06-28 20:04 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\NadineS\Desktop\JRT.exe 2013-06-28 20:01 - 2013-06-28 20:01 - 00005108 ____A C:\Users\NadineS\Desktop\AdwCleaner[S1].txt 2013-06-28 19:55 - 2013-06-28 19:55 - 00000150 ____A C:\Windows\DeleteOnReboot.bat 2013-06-28 19:54 - 2013-06-28 19:55 - 00005108 ____A C:\AdwCleaner[S1].txt 2013-06-28 19:53 - 2013-06-28 19:53 - 00648201 ____A C:\Users\NadineS\Desktop\adwcleaner.exe 2013-06-28 14:08 - 2013-06-28 14:08 - 00010822 ____A C:\Users\NadineS\Desktop\Combofix.txt 2013-06-28 14:05 - 2013-06-28 14:05 - 00010822 ____A C:\ComboFix.txt 2013-06-28 13:44 - 2013-06-28 14:05 - 00000000 ____D C:\ComboFix 2013-06-28 13:44 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe 2013-06-28 13:44 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe 2013-06-28 13:44 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-06-28 13:44 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-06-28 13:44 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-06-28 13:44 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe 2013-06-28 13:44 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe 2013-06-28 13:44 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe 2013-06-28 13:43 - 2013-06-28 14:05 - 00000000 ___AD C:\Qoobox 2013-06-28 13:43 - 2013-06-28 14:03 - 00000000 ____D C:\Windows\erdnt 2013-06-28 13:41 - 2013-06-28 13:41 - 05083661 ____R (Swearware) C:\Users\NadineS\Desktop\ComboFix.exe 2013-06-28 07:30 - 2013-06-28 07:31 - 00017749 ____A C:\Users\NadineS\Desktop\Addition.txt 2013-06-28 07:28 - 2013-06-28 07:28 - 00000000 ____D C:\FRST 2013-06-28 07:26 - 2013-06-28 07:26 - 01371463 ____A (Farbar) C:\Users\NadineS\Desktop\FRST.exe 2013-06-28 01:01 - 2013-06-28 01:01 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum 2013-06-27 20:56 - 2013-06-27 20:56 - 00162289 ____A C:\Users\NadineS\Desktop\gmer.log 2013-06-27 20:10 - 2013-06-27 20:10 - 00377856 ____A C:\Users\NadineS\Desktop\gmer_2.1.19163.exe 2013-06-27 20:07 - 2013-06-27 20:07 - 00041386 ____A C:\Users\NadineS\Desktop\Extras.Txt 2013-06-27 20:02 - 2013-06-27 20:02 - 00072816 ____A C:\Users\NadineS\Desktop\OTL.Txt 2013-06-27 19:45 - 2013-06-27 19:46 - 00602112 ____A (OldTimer Tools) C:\Users\NadineS\Desktop\OTL.exe 2013-06-27 19:44 - 2013-06-27 19:45 - 00000476 ____A C:\Users\NadineS\Desktop\defogger_disable.log 2013-06-27 19:44 - 2013-06-27 19:44 - 00000000 ____A C:\Users\NadineS\defogger_reenable 2013-06-27 19:43 - 2013-06-27 19:43 - 00050477 ____A C:\Users\NadineS\Desktop\Defogger.exe 2013-06-26 19:12 - 2013-06-28 01:01 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum 2013-06-26 19:12 - 2013-06-28 01:01 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum 2013-06-26 02:40 - 2013-06-26 02:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-26 02:40 - 2013-06-26 02:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-26 01:14 - 2013-06-26 01:13 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-06-26 01:13 - 2013-06-26 01:13 - 00000000 ____D C:\Program Files\Java 2013-06-26 01:07 - 2013-06-26 01:07 - 00000863 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-06-22 16:38 - 2013-06-22 16:40 - 00000000 ____D C:\Users\NadineS\Desktop\Stick 2013-06-13 03:26 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-13 03:26 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-13 03:26 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-13 03:26 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-13 03:26 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-13 03:26 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-13 03:26 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-13 03:26 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-13 03:26 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-13 03:26 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-13 03:26 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-13 03:26 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-13 03:25 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-13 03:25 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-13 03:25 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-13 03:25 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-12 06:11 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 06:11 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-06-12 06:11 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-06-12 06:11 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 06:11 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll 2013-06-12 06:11 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 06:11 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 06:11 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 06:11 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 06:11 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 06:11 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll ==================== One Month Modified Files and Folders ======== 2013-06-30 00:56 - 2013-06-30 00:56 - 00000839 ____A C:\Users\NadineS\Desktop\checkup.txt 2013-06-30 00:51 - 2012-04-25 19:14 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-30 00:48 - 2013-06-30 00:47 - 00890988 ____A C:\Users\NadineS\Desktop\SecurityCheck.exe 2013-06-30 00:02 - 2006-11-02 14:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-30 00:02 - 2006-11-02 14:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-29 23:58 - 2012-04-25 18:49 - 01475201 ____A C:\Windows\WindowsUpdate.log 2013-06-29 22:26 - 2012-04-25 18:58 - 00068081 ____A C:\ProgramData\nvModes.001 2013-06-29 22:26 - 2012-04-25 18:56 - 00068081 ____A C:\ProgramData\nvModes.dat 2013-06-29 22:24 - 2006-11-02 12:33 - 01445310 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-29 22:22 - 2013-06-29 22:22 - 02347384 ____A (ESET) C:\Users\NadineS\Desktop\esetsmartinstaller_enu.exe 2013-06-29 22:02 - 2012-04-25 19:19 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml 2013-06-29 22:02 - 2012-04-25 19:14 - 00001096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-29 22:02 - 2008-05-07 20:04 - 00000147 ____A C:\Windows\System32\agent.log 2013-06-29 22:02 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-29 22:01 - 2008-01-21 04:47 - 03599830 ____A C:\Windows\PFRO.log 2013-06-29 17:00 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-28 20:29 - 2013-06-28 20:29 - 00029604 ____A C:\Users\NadineS\Desktop\FRST1.txt 2013-06-28 20:20 - 2013-06-28 20:20 - 00002537 ____A C:\Users\NadineS\Desktop\FSS.txt 2013-06-28 20:19 - 2013-06-28 20:19 - 00356397 ____A (Farbar) C:\Users\NadineS\Desktop\FSS.exe 2013-06-28 20:11 - 2013-06-28 20:11 - 00001192 ____A C:\Users\NadineS\Desktop\JRT.txt 2013-06-28 20:06 - 2013-06-28 20:06 - 00000000 ____D C:\Windows\ERUNT 2013-06-28 20:06 - 2013-06-28 20:06 - 00000000 ____D C:\JRT 2013-06-28 20:04 - 2013-06-28 20:04 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\NadineS\Desktop\JRT.exe 2013-06-28 20:01 - 2013-06-28 20:01 - 00005108 ____A C:\Users\NadineS\Desktop\AdwCleaner[S1].txt 2013-06-28 19:55 - 2013-06-28 19:55 - 00000150 ____A C:\Windows\DeleteOnReboot.bat 2013-06-28 19:55 - 2013-06-28 19:54 - 00005108 ____A C:\AdwCleaner[S1].txt 2013-06-28 19:53 - 2013-06-28 19:53 - 00648201 ____A C:\Users\NadineS\Desktop\adwcleaner.exe 2013-06-28 14:16 - 2006-11-02 12:23 - 00002577 ____A C:\Windows\System32\config.nt 2013-06-28 14:08 - 2013-06-28 14:08 - 00010822 ____A C:\Users\NadineS\Desktop\Combofix.txt 2013-06-28 14:05 - 2013-06-28 14:05 - 00010822 ____A C:\ComboFix.txt 2013-06-28 14:05 - 2013-06-28 13:44 - 00000000 ____D C:\ComboFix 2013-06-28 14:05 - 2013-06-28 13:43 - 00000000 ___AD C:\Qoobox 2013-06-28 14:05 - 2006-11-02 13:18 - 00000000 __RHD C:\users\Default 2013-06-28 14:05 - 2006-11-02 13:18 - 00000000 ___RD C:\users\Public 2013-06-28 14:03 - 2013-06-28 13:43 - 00000000 ____D C:\Windows\erdnt 2013-06-28 14:02 - 2006-11-02 12:23 - 00000215 ____A C:\Windows\system.ini 2013-06-28 13:41 - 2013-06-28 13:41 - 05083661 ____R (Swearware) C:\Users\NadineS\Desktop\ComboFix.exe 2013-06-28 07:31 - 2013-06-28 07:30 - 00017749 ____A C:\Users\NadineS\Desktop\Addition.txt 2013-06-28 07:28 - 2013-06-28 07:28 - 00000000 ____D C:\FRST 2013-06-28 07:26 - 2013-06-28 07:26 - 01371463 ____A (Farbar) C:\Users\NadineS\Desktop\FRST.exe 2013-06-28 01:01 - 2013-06-28 01:01 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum 2013-06-28 01:01 - 2013-06-26 19:12 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum 2013-06-28 01:01 - 2013-06-26 19:12 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum 2013-06-28 01:01 - 2013-03-19 04:37 - 00175176 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-06-28 01:01 - 2012-04-25 19:14 - 00369584 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-06-28 01:01 - 2012-04-25 19:13 - 00770344 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-06-27 20:56 - 2013-06-27 20:56 - 00162289 ____A C:\Users\NadineS\Desktop\gmer.log 2013-06-27 20:10 - 2013-06-27 20:10 - 00377856 ____A C:\Users\NadineS\Desktop\gmer_2.1.19163.exe 2013-06-27 20:07 - 2013-06-27 20:07 - 00041386 ____A C:\Users\NadineS\Desktop\Extras.Txt 2013-06-27 20:02 - 2013-06-27 20:02 - 00072816 ____A C:\Users\NadineS\Desktop\OTL.Txt 2013-06-27 19:46 - 2013-06-27 19:45 - 00602112 ____A (OldTimer Tools) C:\Users\NadineS\Desktop\OTL.exe 2013-06-27 19:45 - 2013-06-27 19:44 - 00000476 ____A C:\Users\NadineS\Desktop\defogger_disable.log 2013-06-27 19:44 - 2013-06-27 19:44 - 00000000 ____A C:\Users\NadineS\defogger_reenable 2013-06-27 19:44 - 2012-04-25 18:56 - 00000000 ____D C:\users\NadineS 2013-06-27 19:43 - 2013-06-27 19:43 - 00050477 ____A C:\Users\NadineS\Desktop\Defogger.exe 2013-06-26 18:56 - 2012-04-25 19:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-06-26 02:40 - 2013-06-26 02:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-26 02:40 - 2013-06-26 02:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-26 02:40 - 2012-04-25 20:28 - 00000000 ____D C:\Users\NadineS\AppData\Local\Adobe 2013-06-26 02:28 - 2013-05-17 22:38 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-06-26 02:28 - 2012-04-25 19:18 - 00000850 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-06-26 01:13 - 2013-06-26 01:14 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-26 01:13 - 2013-06-26 01:13 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-06-26 01:13 - 2013-06-26 01:13 - 00000000 ____D C:\Program Files\Java 2013-06-26 01:13 - 2012-08-30 03:00 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-06-26 01:13 - 2012-08-30 03:00 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-06-26 01:08 - 2012-04-26 15:57 - 00000000 ____D C:\Users\NadineS\AppData\Roaming\vlc 2013-06-26 01:07 - 2013-06-26 01:07 - 00000863 ____A C:\Users\Public\Desktop\VLC media player.lnk 2013-06-22 16:40 - 2013-06-22 16:38 - 00000000 ____D C:\Users\NadineS\Desktop\Stick 2013-06-19 03:15 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-06-13 04:04 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2013-06-13 03:45 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE 2013-06-13 03:29 - 2008-05-07 19:46 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-13 03:03 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe Files to move or delete: ==================== C:\ProgramData\nvModes.dat ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-29 22:08 ==================== End Of Log ============================ --- --- --- Die Auslastung ist schon besser geworden, aber in Verbindung mit dem Adobe Flash Player geht sie immer noch sehr hoch, auf bis zu 98%, sinkt dann aber wieder ein bisschen ab. Sorry für den zweiten Post, er wollte mich den ersten irgendwie nicht mehr bearbeiten lassen und nochmal vielen vielen Dank für deine Hilfe. Ich find das echt super was ihr hier macht Geändert von Nana86 (30.06.2013 um 00:05 Uhr) |
30.06.2013, 07:23 | #10 |
/// the machine /// TB-Ausbilder | CPU-Auslastung sehr hoch Adobe Reader bitte updaten, Flash Player deinstallieren und neu installieren. TEste nochmal
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.06.2013, 09:09 | #11 |
| CPU-Auslastung sehr hoch Hey, ich habe beide deinstalliert und dann neu installiert. Beim Reader hat er mir erzählt, dass ich schon die neueste Version installiert hätte, das macht er jetzt immer noch, aber mir wird angezeigt bei den Add-ons, das ich eine veraltete Version habe. Keine Ahnung was das soll. Ich krieg es auf jeden Fall nicht weg. Die Auslastung geht immer noch bis zu 90-98%, wenn er etwas läd, wenns geladen ist liegt sie bei durchschnittlich 60%. Außerdem hat mein Avast nach den Neuinstallationen beim Öffnen des Browsers 12mal gesagt, das eine Bedrohung gefunden wurde, auf diversen Internetseiten u.a. auch hier. Es steht da "bösartige website blockiert", hat er eben wieder gemacht. Edit: In dem Avast-Fenster steht: "Bösartige Website Blockiert avast! Netzwerk-Schutz hat eine schädliche Website oder Datei blockiert. Objekt:hxxp://www.googletagservices.com/tag/js/gpt/js Infektion: URL:Mal Prozess: C:/Program Files/Mozilla Firefox/firefox.exe" Manchmal steht bei Objekt auch nur hxxp:// Okay. Manchmal bin ich ein bisschen Doof. Das Problem mit Avast hat sich gelegt, nach einem Update vom Adobe Reader. Es ist aber immer noch nicht die aktuellste Version. Die anderen Probleme bestehen auch noch. Geändert von Nana86 (30.06.2013 um 09:23 Uhr) |
30.06.2013, 13:59 | #12 |
/// the machine /// TB-Ausbilder | CPU-Auslastung sehr hoch Hi, bitte Avast deinstallieren und nochmal testen. Vorher das: Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.06.2013, 14:24 | #13 |
| CPU-Auslastung sehr hoch Ich habe das TFC gemacht. Musste den Rechner dann neustarten. Die andere Anweisung verstehe ich leider nicht so ganz. Soll ich avast feinstallieren und dann neu installieren? Und was genau soll ich dann testen. Die Bedrohungsmeldung gibt er mir ja jetzt nicht mehr. Hilfe ich bin verwirrt |
30.06.2013, 14:29 | #14 |
/// the machine /// TB-Ausbilder | CPU-Auslastung sehr hoch Avast deinstallieren, ein AV PRogramm ist gerne dafür die die Auslastung nach oben zu treiben. Flash ohn av Programm testen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.06.2013, 14:45 | #15 |
| CPU-Auslastung sehr hoch Okay, danke schön hab ich gemacht. Die Auslastugn ist jetzt wieder gestiegen und ist jetzt zwischen 80 und 100%. Ich mache Avast jetzt wieder drauf. |
Themen zu CPU-Auslastung sehr hoch |
avast, bildschirm, browser, computer, computern, cpu-auslastung, erkannt, explorer, fehler, festgestellt, firefox, formatieren, funktioniert, funktioniert nicht, gereinigt, grafikkarte, internet, internet explorer, laptop, lösung, meldungen, neu, programm, virus, vista, windows, youtube |