|
Plagegeister aller Art und deren Bekämpfung: Rechner beim hochfahren sehr langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.06.2013, 17:35 | #1 |
| Rechner beim hochfahren sehr langsam Hallo, seit kurzem ist mein Rechner beim hochfahren sehr langsam. Auch bekomme ich die Meldung "Server ausgelastet" sowie Host versucht Fehler bitte an Uniblue wenden. CPU Auslastung ist sehr hoch ebenso die des Arbeitsspeichers. danke für Hilfe |
28.06.2013, 18:25 | #2 |
/// the machine /// TB-Ausbilder | Rechner beim hochfahren sehr langsam hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
28.06.2013, 19:40 | #3 |
| Rechner beim hochfahren sehr langsam FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-06-2013 Ran by sweety (administrator) on 28-06-2013 20:33:37 Running from C:\Users\sweety\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Secunia) C:\Program Files\Secunia\PSI\PSIA.exe (Buhl Data Service GmbH) C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Uniblue Systems Ltd) C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ODSoft multimedia) C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe () C:\Program Files\Launch Manager\LaunchAp.exe (Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe () C:\Program Files\Launch Manager\WButton.exe (Microsoft Corporation) D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Secure Banking) C:\Program Files\Secure Banking\SecureBanking.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe () C:\Program Files\Secure Banking\sbservice.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\system32\Taskmgr.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [630784 2006-11-22] (Motorola Inc.) HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-02-15] (Synaptics, Inc.) HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG) HKLM\...\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe [790016 2007-05-08] (ODSoft multimedia) HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [151552 2006-11-15] (Intel Corporation) HKLM\...\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" [32768 2005-07-25] () HKLM\...\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" [192512 2006-12-14] (Wistron) HKLM\...\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" [180224 2006-12-26] (Wistron Corp.) HKLM\...\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" [86016 2006-11-09] () HKLM\...\Run: [GrooveMonitor] "D:\Microsoft Office\Office12\GrooveMonitor.exe" [x] HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [111936 2008-09-03] (Apple Inc.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-09] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe [x] HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC) HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] () HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [295512 2013-05-09] (RealNetworks, Inc.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X] HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation) HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [143360 2006-12-23] (Nero AG) HKCU\...\Run: [SecureBanking] C:\Program Files\Secure Banking\SecureBanking.exe [372736 2012-09-10] (Secure Banking) HKCU\...\Policies\system: [DisableRegistryTools] 0 Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.f95.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU SearchScopes: DefaultScope {4C7024D6-8A52-4D28-864E-F6BEABB1B52D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3286379&CUI=UN24760459542724030&UM=2 SearchScopes: HKCU - {4C7024D6-8A52-4D28-864E-F6BEABB1B52D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3286379&CUI=UN24760459542724030&UM=2 BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} hxxp://www.ipix.com/viewers/ipixx.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-16] (SuperAdBlocker.com) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\20qd0ckc.default FF NetworkProxy: "no_proxies_on", "*.local" FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\sweety\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Microsoft .NET Framework Assistant - C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\20qd0ckc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM\...\Mozilla Firefox 21.0\Extensions: [Components] C:\Program Files\Mozilla Firefox\components FF Extension: No Name - C:\Program Files\Mozilla Firefox\components FF HKLM\...\Mozilla Firefox 21.0\Extensions: [Plugins] C:\Program Files\Mozilla Firefox\plugins FF Extension: No Name - C:\Program Files\Mozilla Firefox\plugins FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] C:\Users\sweety\AppData\Roaming\5025 FF Extension: <?xml version="1.0"?> <RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:id>{184AA5E6-741D-464a-820E-94B3ABC2F3B4}</em:id> <em:name>Java String Helper</em:name> <em:version>1.0</em:version> <em:type>2</em:type> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>1.7</em:minVersion> <em:maxVersion>*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Users\sweety\AppData\Roaming\5025 FF HKCU\...\Mozilla Firefox 21.0\Extensions: [Components] C:\Program Files\Mozilla Firefox\components FF Extension: No Name - C:\Program Files\Mozilla Firefox\components FF HKCU\...\Mozilla Firefox 21.0\Extensions: [Plugins] C:\Program Files\Mozilla Firefox\plugins FF Extension: No Name - C:\Program Files\Mozilla Firefox\plugins Chrome: ======= CHR Extension: (YouTube) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 CHR Extension: (Gmail) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0 ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-22] (SUPERAntiSpyware.com) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-04-01] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-01] (Avira Operations GmbH & Co. KG) S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-13] (Empolis GmbH) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 Microsoft Office Groove Audit Service; D:\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] () R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia) R2 srvcPVR; C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe [1600512 2007-05-04] (Buhl Data Service GmbH) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2006-11-17] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. ) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-07-26] () R1 Hotkey; C:\Windows\System32\Drivers\Hotkey.sys [9867 2003-04-28] () R3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [16024 2006-11-22] (InterVideo, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-16] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-16] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-02-07] () S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [98560 2010-04-27] (MCCI Corporation) S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [14848 2010-04-27] (MCCI Corporation) S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [123648 2010-04-27] (MCCI Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 dgderdrv; System32\drivers\dgderdrv.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S1 mailKmd; No ImagePath S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-28 20:32 - 2013-06-28 20:32 - 00000000 ____D C:\FRST 2013-06-28 20:31 - 2013-06-28 20:31 - 01371463 ____A (Farbar) C:\Users\sweety\Desktop\FRST.exe 2013-06-23 11:49 - 2013-06-28 18:23 - 00000380 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_sweety.job 2013-06-23 11:49 - 2013-06-23 14:51 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_sweety.job 2013-06-23 11:49 - 2013-06-23 14:51 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateXML_sweety.job 2013-06-22 07:27 - 2013-06-22 08:10 - 00000000 ____D C:\Users\sweety\AppData\Local\SecondLife 2013-06-22 07:27 - 2013-06-22 07:30 - 00000000 ____D C:\Users\sweety\AppData\Roaming\SecondLife 2013-06-22 07:27 - 2013-06-22 07:27 - 00000929 ____A C:\Users\Public\Desktop\Second Life Viewer.lnk 2013-06-22 07:25 - 2013-06-22 07:27 - 00000000 ____D C:\Program Files\SecondLifeViewer 2013-06-22 07:04 - 2013-06-28 18:23 - 00000270 ____A C:\Windows\Tasks\DriverScanner.job 2013-06-22 07:04 - 2013-06-22 07:04 - 00000000 ____D C:\ProgramData\Uniblue 2013-06-13 21:04 - 2013-06-13 21:05 - 00001673 ____A C:\AdwCleaner[S1].txt 2013-06-13 21:04 - 2013-06-13 21:04 - 00001611 ____A C:\AdwCleaner[R1].txt 2013-06-12 20:00 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 20:00 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 20:00 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 20:00 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 20:00 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 20:00 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-12 20:00 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-12 20:00 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 20:00 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 20:00 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-12 20:00 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-12 20:00 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 20:00 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 20:00 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-12 20:00 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 20:00 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-11 21:22 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 21:22 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 21:22 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 21:22 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 21:22 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 21:21 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 21:21 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-06-11 21:21 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-06-11 21:21 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 21:21 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll 2013-06-11 21:20 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll ==================== One Month Modified Files and Folders ======== 2013-06-28 20:32 - 2013-06-28 20:32 - 00000000 ____D C:\FRST 2013-06-28 20:31 - 2013-06-28 20:31 - 01371463 ____A (Farbar) C:\Users\sweety\Desktop\FRST.exe 2013-06-28 20:28 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-28 20:28 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-28 19:47 - 2012-04-09 19:19 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-28 18:55 - 2011-08-07 19:33 - 01777926 ____A C:\Windows\WindowsUpdate.log 2013-06-28 18:23 - 2013-06-23 11:49 - 00000380 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_sweety.job 2013-06-28 18:23 - 2013-06-22 07:04 - 00000270 ____A C:\Windows\Tasks\DriverScanner.job 2013-06-28 18:19 - 2013-05-09 07:31 - 00000330 ____A C:\Windows\Tasks\dsmonitor.job 2013-06-28 18:17 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-23 14:57 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-23 14:51 - 2013-06-23 11:49 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_sweety.job 2013-06-23 14:51 - 2013-06-23 11:49 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateXML_sweety.job 2013-06-22 08:10 - 2013-06-22 07:27 - 00000000 ____D C:\Users\sweety\AppData\Local\SecondLife 2013-06-22 07:30 - 2013-06-22 07:27 - 00000000 ____D C:\Users\sweety\AppData\Roaming\SecondLife 2013-06-22 07:27 - 2013-06-22 07:27 - 00000929 ____A C:\Users\Public\Desktop\Second Life Viewer.lnk 2013-06-22 07:27 - 2013-06-22 07:25 - 00000000 ____D C:\Program Files\SecondLifeViewer 2013-06-22 07:04 - 2013-06-22 07:04 - 00000000 ____D C:\ProgramData\Uniblue 2013-06-14 19:05 - 2013-05-20 09:37 - 00000000 ____D C:\Users\sweety\AppData\Roaming\vlc 2013-06-13 21:05 - 2013-06-13 21:04 - 00001673 ____A C:\AdwCleaner[S1].txt 2013-06-13 21:04 - 2013-06-13 21:04 - 00001611 ____A C:\AdwCleaner[R1].txt 2013-06-12 20:48 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2013-06-12 20:24 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE 2013-06-12 20:05 - 2007-06-20 14:02 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-12 19:47 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-06-11 21:47 - 2012-04-09 19:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-11 21:47 - 2011-06-25 23:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-01 07:23 - 2011-01-17 20:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-28 18:35 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-06-2013 Ran by sweety at 2013-06-28 20:38:54 Running from C:\Users\sweety\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer (Version: 1.0.0) 7-Zip 4.57 Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7) AIO_CDA_ProductContext (Version: 82.0.233.000) AIO_CDA_Software (Version: 82.0.233.000) AIO_Scan (Version: 82.0.173.000) Amazon MP3-Downloader 1.0.9 Apple Application Support (Version: 2.3) Apple Mobile Device Support (Version: 3.4.1.2) Apple Software Update (Version: 2.1.3.127) Avira Free Antivirus (Version: 13.0.0.3640) AVS Update Manager 1.0 Bonjour (Version: 2.0.5.0) BrettspielWelt BufferChm (Version: 82.0.173.000) C4100 (Version: 82.0.233.000) c4100_Help (Version: 82.0.233.000) ClearProg 1.5.0 Final (Version: 1.5.0 Final) CustomerResearchQFolder (Version: 1.00.0000) Debut Video Capture Software DivX Converter (Version: 7.1.0) DivX Plus DirectShow Filters DivX Version Checker (Version: 7.1.0.9) DivX-Setup (Version: 2.6.1.41) DriverScanner (Version: 4.0.10.0) Fax (Version: 82.0.188.000) Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (Version: 2.0.0.1) HiJackThis (Version: 1.0.0) HP Customer Participation Program 8.0 (Version: 8.0) HP Driver Diagnostics (Version: 1.02.0010) HP Photosmart.All-In-One Driver Software 8.0 .A (Version: 8.0) HP Update (Version: 5.002.001.004) Intel(R) Graphics Media Accelerator Driver Intel(R) Matrix Storage Manager InterVideo MediaOne Gallery InterVideo WinDVD 8 (Version: 8.0-B6.195) Java 7 Update 21 (Version: 7.0.210) Java Auto Updater (Version: 2.1.9.5) Launch Manager V1.3.9 (Version: 1.3.9) LetsTrade Komponenten LightScribe 1.4.124.1 (Version: 1.4.124.1) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) MarketResearch (Version: 82.0.174.000) MEDIONbox (Version: 1.09.0000.00050) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Works (Version: 08.05.0822) Microsoft XML Parser (Version: 8.0.7820.0) Microsoft XML Parser (Version: 8.20.8730.4) Motorola SM56 Data Fax Modem Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nero 7 Essentials (Version: 7.02.5182) Octoshape Streaming Services OutlookAddInNet3Setup (Version: 1.0.0) Pando Media Booster (Version: 2.6.0.2) Prism Video File Converter QuickTime (Version: 7.73.80.64) RealDownloader (Version: 1.3.1) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0) RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0) RealPlayer (Version: 16.0.0) Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000) Realtek High Definition Audio Driver (Version: 6.0.1.5374) REALTEK RTL8187B Wireless LAN Driver (Version: Package:1.00.0006 Driver:6.1095.705.2007) RealUpgrade 1.1 (Version: 1.1.0) Red Light Center 3D Client (Version: 1.9.3857) Ripened Peach Sex Sim (Version: 1.5) SAMSUNG USB Driver for Mobile Phones (Version: 1.3.850.0) Scan (Version: 8.1.0.0) Sceneo AbsolutTV SecondLifeViewer (remove only) Secunia PSI (2.0.0.3001) Secure Banking Version 1.5.1 (Version: 1.5.1) ShotOnline (Version: 1.0) SUPERAntiSpyware (Version: 4.48.1000) Suyin Live Camera (Version: 1.0.0.3) SUYIN webcam (Version: 1.0.1) Synaptics Pointing Device Driver (Version: 9.1.17.0) Systemsteuerung "MobileMe" (Version: 2.1.0.24) Toolbox (Version: 82.0.173.000) TVsweeper (Version: 3.0.2) Ulead PhotoImpact 12 (Version: 12.0) Ulead VideoStudio SE DVD (Version: 10.0) Unity Web Player (HKCU Version: ) UnloadSupport (Version: 1.00.0000) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Utherverse VWW Client (Version: 1.9.3857) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) VideoPad Video Editor VirtualDJ Home FREE (Version: 7.0.5) Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1) VLC media player 2.0.6 (Version: 2.0.6) WebReg (Version: 82.0.173.000) Winamp (Version: 5.621 ) Winamp Detector Plug-in (HKCU Version: 1.0.0.1) Windows Media Player Firefox Plugin (Version: 1.0.0.8) Xvid Video Codec (Version: 1.3.2) ==================== Restore Points ========================= 28-06-2013 16:21:50 Windows Update ==================== Scheduled Tasks (whitelisted) ============= Task: {07170F2F-E5B3-4268-917D-D8BE1A96D117} - System32\Tasks\User_Feed_Synchronization-{994A59FF-96F8-418D-861F-05EAAA5D9DF7} => C:\Windows\system32\msfeedssync.exe [2011-05-28] (Microsoft Corporation) Task: {112BCC17-64EA-4E46-9576-F6B561727042} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4191780963-2002099150-675310161-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2373751C-BB07-440C-B467-2ACA02E08947} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4191780963-2002099150-675310161-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {2987AF5F-28AB-4B7C-B36D-49DCB8B88D46} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation) Task: {34CEFACA-3F07-4EEF-BFCD-8B8A43F3CBB0} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4191780963-2002099150-675310161-1003 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {3BA444DD-800E-4B0B-B59C-E3F3D4D2E3BA} - System32\Tasks\RNUpgradeHelperLogonPrompt_sweety => C:\Users\sweety\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-23] (RealNetworks, Inc.) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {3E424977-7196-445E-86F1-8C715D13D457} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe No File Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation) Task: {4518AEB0-168E-41C1-A195-85F381DE35ED} - System32\Tasks\dsmonitor => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe [2013-01-16] (Uniblue Systems Ltd) Task: {4EB85BE6-DA7A-4D64-8E7E-BF88C9CFF420} - System32\Tasks\Microsoft\Windows\RestartManager\{344665FA-EE14-4e00-B038-CEFEC765E27D} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {5033E61B-BCA3-43F6-8E49-BC85EF6E1152} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4191780963-2002099150-675310161-1003 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-03-06] (RealNetworks, Inc.) Task: {56846398-7CA8-469F-9EC7-893BEE129E98} - System32\Tasks\NCH Software\debutShakeIcon => C:\Program Files\NCH Software\Debut\Debut.exe [2012-07-01] (NCH Software) Task: {6D6EDF3C-28FE-40DF-BED0-B9066D6DC8EA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4191780963-2002099150-675310161-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {7EC15B9D-799A-43C5-8DFB-09887A168961} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4191780963-2002099150-675310161-1003 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {8095DBCF-F4DE-45E1-87EC-62135FDC274A} - System32\Tasks\ReclaimerUpdateXML_sweety => C:\Users\sweety\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-23] (RealNetworks, Inc.) Task: {93285806-0492-491B-A6B6-8A4E632B66B5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4191780963-2002099150-675310161-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {936A0FAA-B39A-4B53-A409-19963F751414} - System32\Tasks\Test TimeTrigger => C:\Users\sweety\AppData\Local\Temp\Runner.exe No File Task: {94D359CB-653A-4F05-BA9D-0085AEE96D33} - System32\Tasks\RNUpgradeHelperResumePrompt_sweety => C:\Users\sweety\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-23] (RealNetworks, Inc.) Task: {9E7F963E-DFA2-48F1-919A-3B094A7671E9} - System32\Tasks\ReclaimerUpdateFiles_sweety => C:\Users\sweety\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-23] (RealNetworks, Inc.) Task: {A18807DB-C6F6-47CC-9CB5-38034B03D0A8} - System32\Tasks\QUAD => C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe No File Task: {A5BBEDA2-E01A-46FA-BC78-050570CEC6D3} - System32\Tasks\RunAsStdUser Task => C:\Users\sweety\AppData\Local\RavenBleuSA\bin\1.0.13.0\RavenBleuSA.exe No File Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation) Task: {BFEAFD3F-BA04-49C5-9245-7A371D651481} - System32\Tasks\DriverScanner => C:\Program Files\Uniblue\DriverScanner\driverscanner.exe [2013-01-16] (Uniblue Systems Ltd) Task: {CAFB64E0-51C8-474E-8775-A86E617963C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {D76161CB-17E6-4513-BAEE-D9AD60C08B01} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {DCA5C52A-0593-407A-A7EA-362D093CA167} - System32\Tasks\NCH Software\videopadShakeIcon => C:\Program Files\NCH Software\VideoPad\VideoPad.exe [2012-07-01] (NCH Software) Task: {E127EE87-C86C-4C35-86D4-58F0E09DF39D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation) Task: {E41997B4-7A30-4DCA-8C70-EDA95A3D8A29} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10] (Hewlett-Packard Co.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] () Task: {E7277458-AAC1-4A56-9418-4B54F9AD2F77} - System32\Tasks\NCH Software\prismShakeIcon => C:\Program Files\NCH Software\Prism\Prism.exe [2012-07-01] (NCH Software) Task: {F0E54844-CED4-42C3-AC9F-618A458E84DA} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.) Task: {F13F33F0-8C19-4A1F-9662-B3A9EE767D6D} - System32\Tasks\Java Update Scheduler => C:\Program Files\Java\jre6\bin\jusched.exe No File Task: {FF55B865-F243-4AA9-B49E-23E6383CF1C6} - System32\Tasks\Real Networks Scheduler => C:\Program Files\Common Files\Real\Update_OB\realsched.exe No File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DriverScanner.job => C:\Program Files\Uniblue\DriverScanner\driverscanner.exe Task: C:\Windows\Tasks\dsmonitor.job => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe Task: C:\Windows\Tasks\ReclaimerUpdateFiles_sweety.job => C:\Users\sweety\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe Task: C:\Windows\Tasks\ReclaimerUpdateXML_sweety.job => C:\Users\sweety\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_sweety.job => C:\Users\sweety\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/28/2013 08:30:57 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/28/2013 06:26:38 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log enthalten. Error: (06/28/2013 06:26:17 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden. Windows Installer kann nicht fortfahren. Error: (06/23/2013 02:13:35 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung TFC.exe, Version 3.1.9.0, Zeitstempel 0x2a425e19, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e, Ausnahmecode 0xc0000005, Fehleroffset 0x00004669, Prozess-ID 0x1770, Anwendungsstartzeit TFC.exe0. Error: (06/23/2013 09:00:45 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log enthalten. Error: (06/23/2013 09:00:24 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden. Windows Installer kann nicht fortfahren. Error: (06/22/2013 05:20:06 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SWEETY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (06/22/2013 05:20:06 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SWEETY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (06/22/2013 05:20:05 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SWEETY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (06/22/2013 05:20:05 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\SWEETY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) System errors: ============= Error: (06/28/2013 06:32:49 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "TV-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{E2538822-8FA8-4FB7-BABD-7A7E81D14206-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (06/28/2013 06:27:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202 Error: (06/28/2013 06:19:04 PM) (Source: Service Control Manager) (User: ) Description: mailKmd Error: (06/23/2013 02:57:24 PM) (Source: Service Control Manager) (User: ) Description: mailKmd Error: (06/23/2013 02:52:34 PM) (Source: Service Control Manager) (User: ) Description: mailKmd Error: (06/23/2013 09:14:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202 Error: (06/23/2013 08:46:37 AM) (Source: Service Control Manager) (User: ) Description: mailKmd Error: (06/22/2013 05:58:07 PM) (Source: Service Control Manager) (User: ) Description: mailKmd Error: (06/22/2013 00:11:23 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (06/22/2013 07:12:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-06-10 20:22:36.803 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-10 20:22:35.961 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-10 20:22:35.165 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-10 20:22:34.432 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-10 20:22:33.683 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-10 20:22:32.966 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-10 20:22:31.858 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-10 20:22:31.125 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-10 20:22:30.376 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-10 20:22:29.627 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 80% Total physical RAM: 2037.45 MB Available physical RAM: 387.17 MB Total Pagefile: 4312.17 MB Available Pagefile: 1951.33 MB Total Virtual: 2047.88 MB Available Virtual: 1904.3 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:60.63 GB) (Free:1.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATEN) (Fixed) (Total:29.18 GB) (Free:26.53 GB) NTFS Drive e: (MULTIMEDIA) (Fixed) (Total:29.19 GB) (Free:1.04 GB) NTFS Drive g: (USB-HDD) (Fixed) (Total:298.02 GB) (Free:82.91 GB) FAT32 Drive r: (RECOVER) (Fixed) (Total:30.04 GB) (Free:20.56 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 74BEA0E1) Partition 1: (Active) - (Size=61 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=29 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=30 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 298 GB) (Disk ID: A2C2ADF9) Partition 1: (Not Active) - (Size=298 GB) - (Type=0C) ==================== End Of Log ============================ |
29.06.2013, 08:49 | #4 |
/// the machine /// TB-Ausbilder | Rechner beim hochfahren sehr langsam Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.06.2013, 09:44 | #5 |
| Rechner beim hochfahren sehr langsam AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 29/06/2013 um 10:21:13 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : sweety - NOTEBOOK # Bootmodus : Normal # Ausgeführt unter : C:\Users\sweety\Contacts\Links\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16490 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\20qd0ckc.default\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\wbpr6jl1.default-1340989836190\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [1611 octets] - [13/06/2013 21:04:16] AdwCleaner[S1].txt - [1673 octets] - [13/06/2013 21:04:57] AdwCleaner[S2].txt - [1184 octets] - [29/06/2013 10:21:13] ########## EOF - C:\AdwCleaner[S2].txt - [1244 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows Vista (TM) Home Premium x86 Ran by sweety on 29.06.2013 at 10:46:03,31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4C7024D6-8A52-4D28-864E-F6BEABB1B52D} ~~~ Files Successfully deleted: [File] "C:\Windows\tasks\driverscanner.job" ~~~ Folders Successfully deleted: [Folder] "C:\Users\sweety\appdata\locallow\imvu_inc" Successfully deleted: [Folder] "C:\Program Files\icqtoolbar" ~~~ FireFox Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{184AA5E6-741D-464A-820E-94B3ABC2F3B4} Emptied folder: C:\Users\sweety\AppData\Roaming\mozilla\firefox\profiles\20qd0ckc.default\minidumps [10 files] Emptied folder: C:\Users\sweety\AppData\Roaming\mozilla\firefox\profiles\wbpr6jl1.default-1340989836190\minidumps [23 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29.06.2013 at 10:48:15,88 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2013 Ran by sweety (administrator) on 29-06-2013 10:58:53 Running from C:\Users\sweety\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Secunia) C:\Program Files\Secunia\PSI\PSIA.exe (Buhl Data Service GmbH) C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ODSoft multimedia) C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe () C:\Program Files\Launch Manager\LaunchAp.exe (Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe () C:\Program Files\Launch Manager\WButton.exe (Microsoft Corporation) D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Secure Banking) C:\Program Files\Secure Banking\SecureBanking.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe () C:\Program Files\Secure Banking\sbservice.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [630784 2006-11-22] (Motorola Inc.) HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-02-15] (Synaptics, Inc.) HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG) HKLM\...\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe [790016 2007-05-08] (ODSoft multimedia) HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [151552 2006-11-15] (Intel Corporation) HKLM\...\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" [32768 2005-07-25] () HKLM\...\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" [192512 2006-12-14] (Wistron) HKLM\...\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" [180224 2006-12-26] (Wistron Corp.) HKLM\...\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" [86016 2006-11-09] () HKLM\...\Run: [GrooveMonitor] "D:\Microsoft Office\Office12\GrooveMonitor.exe" [x] HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [111936 2008-09-03] (Apple Inc.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-09] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe [x] HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC) HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] () HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [295512 2013-05-09] (RealNetworks, Inc.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X] HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation) HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [143360 2006-12-23] (Nero AG) HKCU\...\Run: [SecureBanking] C:\Program Files\Secure Banking\SecureBanking.exe [372736 2012-09-10] (Secure Banking) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.f95.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-16] (SuperAdBlocker.com) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\20qd0ckc.default FF NetworkProxy: "no_proxies_on", "*.local" FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\sweety\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Microsoft .NET Framework Assistant - C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\20qd0ckc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 Chrome: ======= CHR Extension: (YouTube) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 CHR Extension: (Gmail) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0 ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-22] (SUPERAntiSpyware.com) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-04-01] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-01] (Avira Operations GmbH & Co. KG) S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-13] (Empolis GmbH) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 Microsoft Office Groove Audit Service; D:\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] () R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia) R2 srvcPVR; C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe [1600512 2007-05-04] (Buhl Data Service GmbH) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2006-11-17] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. ) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-07-26] () R1 Hotkey; C:\Windows\System32\Drivers\Hotkey.sys [9867 2003-04-28] () R3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [16024 2006-11-22] (InterVideo, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-16] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-16] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-02-07] () S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [98560 2010-04-27] (MCCI Corporation) S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [14848 2010-04-27] (MCCI Corporation) S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [123648 2010-04-27] (MCCI Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 dgderdrv; System32\drivers\dgderdrv.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S1 mailKmd; No ImagePath S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-29 10:58 - 2013-06-29 10:58 - 01372101 ____A (Farbar) C:\Users\sweety\Desktop\FRST.exe.383f2ja.partial 2013-06-29 10:58 - 2013-06-29 10:58 - 01372101 ____A (Farbar) C:\Users\sweety\Desktop\FRST.exe 2013-06-29 10:48 - 2013-06-29 10:48 - 00001384 ____A C:\Users\sweety\Desktop\JRT.txt 2013-06-29 10:45 - 2013-06-29 10:45 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\sweety\Desktop\JRT.exe 2013-06-29 10:45 - 2013-06-29 10:45 - 00000000 ____D C:\JRT 2013-06-29 10:21 - 2013-06-29 10:22 - 00001313 ____A C:\AdwCleaner[S2].txt 2013-06-28 20:35 - 2013-06-28 20:40 - 00026763 ____A C:\Users\sweety\Desktop\Addition.txt 2013-06-28 20:32 - 2013-06-28 20:32 - 00000000 ____D C:\FRST 2013-06-23 11:49 - 2013-06-29 10:52 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_sweety.job 2013-06-23 11:49 - 2013-06-29 10:38 - 00000380 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_sweety.job 2013-06-23 11:49 - 2013-06-23 14:51 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateXML_sweety.job 2013-06-22 07:27 - 2013-06-22 08:10 - 00000000 ____D C:\Users\sweety\AppData\Local\SecondLife 2013-06-22 07:27 - 2013-06-22 07:30 - 00000000 ____D C:\Users\sweety\AppData\Roaming\SecondLife 2013-06-22 07:27 - 2013-06-22 07:27 - 00000929 ____A C:\Users\Public\Desktop\Second Life Viewer.lnk 2013-06-22 07:25 - 2013-06-22 07:27 - 00000000 ____D C:\Program Files\SecondLifeViewer 2013-06-22 07:04 - 2013-06-22 07:04 - 00000000 ____D C:\ProgramData\Uniblue 2013-06-13 21:04 - 2013-06-13 21:05 - 00001673 ____A C:\AdwCleaner[S1].txt 2013-06-13 21:04 - 2013-06-13 21:04 - 00001611 ____A C:\AdwCleaner[R1].txt 2013-06-12 20:00 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 20:00 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 20:00 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 20:00 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 20:00 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 20:00 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-12 20:00 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-12 20:00 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 20:00 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 20:00 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-12 20:00 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-12 20:00 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 20:00 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 20:00 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-12 20:00 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 20:00 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-11 21:22 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 21:22 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 21:22 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 21:22 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 21:22 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 21:21 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 21:21 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-06-11 21:21 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-06-11 21:21 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 21:21 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll 2013-06-11 21:20 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll ==================== One Month Modified Files and Folders ======== 2013-06-29 10:58 - 2013-06-29 10:58 - 01372101 ____A (Farbar) C:\Users\sweety\Desktop\FRST.exe.383f2ja.partial 2013-06-29 10:58 - 2013-06-29 10:58 - 01372101 ____A (Farbar) C:\Users\sweety\Desktop\FRST.exe 2013-06-29 10:52 - 2013-06-23 11:49 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_sweety.job 2013-06-29 10:48 - 2013-06-29 10:48 - 00001384 ____A C:\Users\sweety\Desktop\JRT.txt 2013-06-29 10:47 - 2012-04-09 19:19 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-29 10:46 - 2013-05-09 07:31 - 00000330 ____A C:\Windows\Tasks\dsmonitor.job 2013-06-29 10:45 - 2013-06-29 10:45 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\sweety\Desktop\JRT.exe 2013-06-29 10:45 - 2013-06-29 10:45 - 00000000 ____D C:\JRT 2013-06-29 10:45 - 2013-05-12 15:53 - 00000000 ____D C:\Windows\ERUNT 2013-06-29 10:38 - 2013-06-23 11:49 - 00000380 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_sweety.job 2013-06-29 10:28 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-29 10:28 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-29 10:28 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-29 10:27 - 2011-08-07 19:33 - 01845784 ____A C:\Windows\WindowsUpdate.log 2013-06-29 10:27 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-29 10:22 - 2013-06-29 10:21 - 00001313 ____A C:\AdwCleaner[S2].txt 2013-06-28 20:40 - 2013-06-28 20:35 - 00026763 ____A C:\Users\sweety\Desktop\Addition.txt 2013-06-28 20:32 - 2013-06-28 20:32 - 00000000 ____D C:\FRST 2013-06-23 14:51 - 2013-06-23 11:49 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateXML_sweety.job 2013-06-22 08:10 - 2013-06-22 07:27 - 00000000 ____D C:\Users\sweety\AppData\Local\SecondLife 2013-06-22 07:30 - 2013-06-22 07:27 - 00000000 ____D C:\Users\sweety\AppData\Roaming\SecondLife 2013-06-22 07:27 - 2013-06-22 07:27 - 00000929 ____A C:\Users\Public\Desktop\Second Life Viewer.lnk 2013-06-22 07:27 - 2013-06-22 07:25 - 00000000 ____D C:\Program Files\SecondLifeViewer 2013-06-22 07:04 - 2013-06-22 07:04 - 00000000 ____D C:\ProgramData\Uniblue 2013-06-14 19:05 - 2013-05-20 09:37 - 00000000 ____D C:\Users\sweety\AppData\Roaming\vlc 2013-06-13 21:05 - 2013-06-13 21:04 - 00001673 ____A C:\AdwCleaner[S1].txt 2013-06-13 21:04 - 2013-06-13 21:04 - 00001611 ____A C:\AdwCleaner[R1].txt 2013-06-12 20:48 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2013-06-12 20:24 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE 2013-06-12 20:05 - 2007-06-20 14:02 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-12 19:47 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-06-11 21:47 - 2012-04-09 19:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-11 21:47 - 2011-06-25 23:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-01 07:23 - 2011-01-17 20:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-29 10:43 ==================== End Of Log ============================ --- --- --- |
29.06.2013, 11:37 | #6 |
/// the machine /// TB-Ausbilder | Rechner beim hochfahren sehr langsam Supi Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST LOg bitte. Noch Probleme?
__________________ --> Rechner beim hochfahren sehr langsam |
06.07.2013, 05:55 | #7 |
| Rechner beim hochfahren sehr langsamCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=29799d2fdfdf8f4d9790386e45c67ef6 # engine=14212 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-06-30 09:34:59 # local_time=2013-06-30 11:34:59 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1799 16775165 100 97 23395 238047789 16098 0 # compatibility_mode=5892 16776574 100 100 180870 210160827 0 0 # scanned=199509 # found=0 # cleaned=0 # scan_time=21475 Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Secunia PSI (2.0.0.3001) Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 21.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013 Ran by sweety (administrator) on 06-07-2013 07:35:27 Running from C:\Users\sweety\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Secunia) C:\Program Files\Secunia\PSI\PSIA.exe (Buhl Data Service GmbH) C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Uniblue Systems Ltd) C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ODSoft multimedia) C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe () C:\Program Files\Launch Manager\LaunchAp.exe (Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe () C:\Program Files\Launch Manager\WButton.exe (Microsoft Corporation) D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Secure Banking) C:\Program Files\Secure Banking\SecureBanking.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe () C:\Program Files\Secure Banking\sbservice.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) c:\program files\real\realplayer\RealPlay.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [630784 2006-11-22] (Motorola Inc.) HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-02-15] (Synaptics, Inc.) HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG) HKLM\...\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe [790016 2007-05-08] (ODSoft multimedia) HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [151552 2006-11-15] (Intel Corporation) HKLM\...\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" [32768 2005-07-25] () HKLM\...\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" [192512 2006-12-14] (Wistron) HKLM\...\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" [180224 2006-12-26] (Wistron Corp.) HKLM\...\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" [86016 2006-11-09] () HKLM\...\Run: [GrooveMonitor] "D:\Microsoft Office\Office12\GrooveMonitor.exe" [x] HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [111936 2008-09-03] (Apple Inc.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-06] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe [x] HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC) HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] () HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [295512 2013-05-09] (RealNetworks, Inc.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X] HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation) HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [143360 2006-12-23] (Nero AG) HKCU\...\Run: [SecureBanking] C:\Program Files\Secure Banking\SecureBanking.exe [372736 2012-09-10] (Secure Banking) HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.f95.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-16] (SuperAdBlocker.com) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\wbpr6jl1.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\sweety\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\sweety\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: No Name - C:\Users\sweety\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 Chrome: ======= CHR Extension: (YouTube) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 CHR Extension: (Gmail) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0 ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-22] (SUPERAntiSpyware.com) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-06] (Avira Operations GmbH & Co. KG) S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-13] (Empolis GmbH) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 Microsoft Office Groove Audit Service; D:\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] () R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia) R2 srvcPVR; C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe [1600512 2007-05-04] (Buhl Data Service GmbH) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2006-11-17] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. ) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-07-26] () R1 Hotkey; C:\Windows\System32\Drivers\Hotkey.sys [9867 2003-04-28] () R3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [16024 2006-11-22] (InterVideo, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-16] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-16] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-02-07] () S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [98560 2010-04-27] (MCCI Corporation) S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [14848 2010-04-27] (MCCI Corporation) S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [123648 2010-04-27] (MCCI Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 dgderdrv; System32\drivers\dgderdrv.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S1 mailKmd; No ImagePath S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-06 07:32 - 2013-07-06 07:32 - 01373373 ____A (Farbar) C:\Users\sweety\Desktop\FRST.exe 2013-07-06 06:59 - 2013-07-06 06:59 - 00890988 ____A C:\Users\sweety\Desktop\SecurityCheck.exe 2013-06-30 17:34 - 2013-06-30 17:34 - 00000000 ____D C:\Program Files\ESET 2013-06-29 10:58 - 2013-06-29 10:58 - 01372101 ____A (Farbar) C:\Users\sweety\Desktop\FRST.exe.383f2ja.partial 2013-06-29 10:48 - 2013-06-29 10:48 - 00001384 ____A C:\Users\sweety\Desktop\JRT.txt 2013-06-29 10:45 - 2013-06-29 10:45 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\sweety\Desktop\JRT.exe 2013-06-29 10:45 - 2013-06-29 10:45 - 00000000 ____D C:\JRT 2013-06-29 10:21 - 2013-06-29 10:22 - 00001313 ____A C:\AdwCleaner[S2].txt 2013-06-28 20:35 - 2013-06-28 20:40 - 00026763 ____A C:\Users\sweety\Desktop\Addition.txt 2013-06-28 20:32 - 2013-06-28 20:32 - 00000000 ____D C:\FRST 2013-06-22 07:27 - 2013-06-22 08:10 - 00000000 ____D C:\Users\sweety\AppData\Local\SecondLife 2013-06-22 07:27 - 2013-06-22 07:30 - 00000000 ____D C:\Users\sweety\AppData\Roaming\SecondLife 2013-06-22 07:27 - 2013-06-22 07:27 - 00000929 ____A C:\Users\Public\Desktop\Second Life Viewer.lnk 2013-06-22 07:25 - 2013-06-22 07:27 - 00000000 ____D C:\Program Files\SecondLifeViewer 2013-06-22 07:04 - 2013-06-22 07:04 - 00000000 ____D C:\ProgramData\Uniblue 2013-06-13 21:04 - 2013-06-13 21:05 - 00001673 ____A C:\AdwCleaner[S1].txt 2013-06-13 21:04 - 2013-06-13 21:04 - 00001611 ____A C:\AdwCleaner[R1].txt 2013-06-12 20:00 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 20:00 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 20:00 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 20:00 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 20:00 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 20:00 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-12 20:00 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-12 20:00 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 20:00 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 20:00 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-12 20:00 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-12 20:00 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 20:00 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 20:00 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-12 20:00 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 20:00 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-11 21:22 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 21:22 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 21:22 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 21:22 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 21:22 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 21:21 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 21:21 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-06-11 21:21 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-06-11 21:21 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 21:21 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll 2013-06-11 21:20 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll ==================== One Month Modified Files and Folders ======== 2013-07-06 07:32 - 2013-07-06 07:32 - 01373373 ____A (Farbar) C:\Users\sweety\Desktop\FRST.exe 2013-07-06 07:19 - 2011-08-07 19:33 - 02023718 ____A C:\Windows\WindowsUpdate.log 2013-07-06 06:59 - 2013-07-06 06:59 - 00890988 ____A C:\Users\sweety\Desktop\SecurityCheck.exe 2013-07-06 06:50 - 2013-05-09 07:31 - 00000330 ____A C:\Windows\Tasks\dsmonitor.job 2013-07-06 06:48 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-06 06:48 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-06 06:48 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-01 06:38 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-01 05:47 - 2012-04-09 19:19 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-30 17:34 - 2013-06-30 17:34 - 00000000 ____D C:\Program Files\ESET 2013-06-29 10:58 - 2013-06-29 10:58 - 01372101 ____A (Farbar) C:\Users\sweety\Desktop\FRST.exe.383f2ja.partial 2013-06-29 10:48 - 2013-06-29 10:48 - 00001384 ____A C:\Users\sweety\Desktop\JRT.txt 2013-06-29 10:45 - 2013-06-29 10:45 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\sweety\Desktop\JRT.exe 2013-06-29 10:45 - 2013-06-29 10:45 - 00000000 ____D C:\JRT 2013-06-29 10:45 - 2013-05-12 15:53 - 00000000 ____D C:\Windows\ERUNT 2013-06-29 10:22 - 2013-06-29 10:21 - 00001313 ____A C:\AdwCleaner[S2].txt 2013-06-28 20:40 - 2013-06-28 20:35 - 00026763 ____A C:\Users\sweety\Desktop\Addition.txt 2013-06-28 20:32 - 2013-06-28 20:32 - 00000000 ____D C:\FRST 2013-06-22 08:10 - 2013-06-22 07:27 - 00000000 ____D C:\Users\sweety\AppData\Local\SecondLife 2013-06-22 07:30 - 2013-06-22 07:27 - 00000000 ____D C:\Users\sweety\AppData\Roaming\SecondLife 2013-06-22 07:27 - 2013-06-22 07:27 - 00000929 ____A C:\Users\Public\Desktop\Second Life Viewer.lnk 2013-06-22 07:27 - 2013-06-22 07:25 - 00000000 ____D C:\Program Files\SecondLifeViewer 2013-06-22 07:04 - 2013-06-22 07:04 - 00000000 ____D C:\ProgramData\Uniblue 2013-06-14 19:05 - 2013-05-20 09:37 - 00000000 ____D C:\Users\sweety\AppData\Roaming\vlc 2013-06-13 21:05 - 2013-06-13 21:04 - 00001673 ____A C:\AdwCleaner[S1].txt 2013-06-13 21:04 - 2013-06-13 21:04 - 00001611 ____A C:\AdwCleaner[R1].txt 2013-06-12 20:48 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2013-06-12 20:24 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE 2013-06-12 20:05 - 2007-06-20 14:02 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-12 19:47 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-06-11 21:47 - 2012-04-09 19:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-11 21:47 - 2011-06-25 23:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-06 07:25 ==================== End Of Log ============================ --- --- --- --- --- --- [/code] die "Host" Fehlermeldung kommt immer noch - bei Browergames ist die Auslastung des Arbeitsspeicher immer noch relativ hoch |
06.07.2013, 09:05 | #8 |
/// the machine /// TB-Ausbilder | Rechner beim hochfahren sehr langsam Java, Adobe und Firefox bitte updaten. Zeig mal nen Screenshot von der Fehlermeldung.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.07.2013, 18:13 | #9 |
| Rechner beim hochfahren sehr langsam screenshot hochgeladen |
08.07.2013, 18:31 | #10 |
/// the machine /// TB-Ausbilder | Rechner beim hochfahren sehr langsam Warum issen das Fenster aus dem Screenshot oben links auf Chinesisch? Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
09.07.2013, 05:40 | #11 |
| Rechner beim hochfahren sehr langsam OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.07.2013 21:38:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sweety\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,64 Gb Available Physical Memory | 32,13% Memory free 4,21 Gb Paging File | 1,81 Gb Available in Paging File | 43,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,63 Gb Total Space | 1,22 Gb Free Space | 2,01% Space Free | Partition Type: NTFS Drive D: | 29,18 Gb Total Space | 26,53 Gb Free Space | 90,91% Space Free | Partition Type: NTFS Drive E: | 29,19 Gb Total Space | 1,04 Gb Free Space | 3,55% Space Free | Partition Type: NTFS Drive G: | 298,02 Gb Total Space | 79,82 Gb Free Space | 26,78% Space Free | Partition Type: FAT32 Drive R: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32 Computer Name: NOTEBOOK | User Name: sweety | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- Reg Error: Key error. File not found .cmd [@ = cmdfile] -- Reg Error: Key error. File not found .com [@ = comfile] -- Reg Error: Key error. File not found .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .pif [@ = piffile] -- Reg Error: Key error. File not found .vbs [@ = VBSFile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{35F68AF2-3C32-467E-AA94-A7E1EDA7E959}" = lport=2869 | protocol=6 | dir=in | app=system | "{5E7E378A-AED3-4010-9978-57620F97446C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C6B8240D-F89D-46B0-9D9D-DE8536DA8BFE}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BF5CD14-5181-4A4E-8E15-1BBA5CBD9B5F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{22C1BE2D-396A-420F-AA7C-E27722218501}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{3CA601D8-3C21-45BE-804B-FC62A5D8028D}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe | "{7A538BF3-4397-4AD2-805C-B796C9AB03A1}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{866307CB-FD4E-48AD-964D-1F2A05BCD207}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{867BF6F4-3A54-4197-888E-182F2076FFBC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{AF2B32D8-1B76-438F-97DE-4C8A94230619}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AF760623-A9E3-4D0F-AC87-7118320EFA08}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{CFF6D2C4-CADF-425B-A086-9CED5169131D}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe | "{D2F4D050-7FFD-4852-8995-CF49CB35F9E1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F1932307-EF6D-4C51-8C4F-B5FF85D1EAAD}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe | "{F79210B1-08C0-4640-89D7-2EDE132A9B94}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe | "TCP Query User{047F9EC0-7FBD-41DD-B6C3-EA2679086702}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{07A780C9-D91F-4310-BB6A-889D71CC1878}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{6E0C693F-76D2-4A00-AFC4-F3386D103351}C:\program files\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=6 | dir=in | app=c:\program files\utherverse digital inc\utherverse vww client\utherverse.exe | "TCP Query User{D38CF0CC-A153-4D6E-8C77-911043FFFA69}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{ECFFEFCB-C4A7-4A53-A998-775DD40DA5A6}C:\program files\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer\slvoice.exe | "TCP Query User{FAABFAA0-B938-4350-9AA4-4C63AAFF934A}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{24CE6550-B49F-4BFE-A95B-9DA00C2995E7}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{31E54061-DB22-4FD1-AA20-C6C319CC8FE1}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{47268DE1-7368-4E0C-8910-4F1D1789C40E}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{5876BCDC-643A-4AD6-BDC0-0A66C4FC6B33}C:\program files\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=17 | dir=in | app=c:\program files\utherverse digital inc\utherverse vww client\utherverse.exe | "UDP Query User{6D4B2C7E-8966-46D5-A480-E5495C4120BC}C:\program files\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer\slvoice.exe | "UDP Query User{E867CB07-ACA5-4FB7-927B-D6E4202C1CF7}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{207E9B74-F4D3-4FD7-8142-16FF41825BC4}_is1" = Secure Banking Version 1.5.1 "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help "{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Live Camera "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup "{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE "{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100 "{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe" "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7B63B2922B174135AFC0E1377DD81EC2}" = "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AA047D7C-5E7C-4878-B75C-77589151B563}" = SUYIN webcam "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = DriverScanner "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9 "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader "{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}" = HP Driver Diagnostics "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "7-Zip" = 7-Zip 4.57 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira Free Antivirus "AVS Update Manager_is1" = AVS Update Manager 1.0 "BSW" = BrettspielWelt "ClearProg" = ClearProg 1.5.0 Final "Debut" = Debut Video Capture Software "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup" = DivX-Setup "ENTERPRISER" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "HDMI" = Intel(R) Graphics Media Accelerator Driver "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "LetsTrade" = LetsTrade Komponenten "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Prism" = Prism Video File Converter "RealPlayer 16.0" = RealPlayer "Red Light Center 3D Client" = Red Light Center 3D Client "SecondLifeViewer" = SecondLifeViewer (remove only) "Secunia PSI" = Secunia PSI (2.0.0.3001) "Sex Sim1.5" = Ripened Peach Sex Sim "ShotOnline" = ShotOnline "SMSERIAL" = Motorola SM56 Data Fax Modem "SynTPDeinstKey" = Synaptics Pointing Device Driver "Utherverse VWW Client" = Utherverse VWW Client "VideoPad" = VideoPad Video Editor "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "VLC media player" = VLC media player 2.0.6 "Winamp" = Winamp "Xvid Video Codec 1.3.1" = Xvid Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape Streaming Services" = Octoshape Streaming Services "UnityWebPlayer" = Unity Web Player "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30.06.2013 11:08:40 | Computer Name = notebook | Source = MsiInstaller | ID = 11706 Description = Error - 30.06.2013 11:08:54 | Computer Name = notebook | Source = MsiInstaller | ID = 1023 Description = Error - 30.06.2013 21:02:08 | Computer Name = notebook | Source = MsiInstaller | ID = 11706 Description = Error - 30.06.2013 21:02:16 | Computer Name = notebook | Source = MsiInstaller | ID = 1023 Description = Error - 06.07.2013 01:01:46 | Computer Name = notebook | Source = MsiInstaller | ID = 11706 Description = Error - 06.07.2013 01:01:54 | Computer Name = notebook | Source = MsiInstaller | ID = 1023 Description = Error - 08.07.2013 12:13:13 | Computer Name = notebook | Source = MsiInstaller | ID = 11706 Description = Error - 08.07.2013 12:13:27 | Computer Name = notebook | Source = MsiInstaller | ID = 1023 Description = Error - 08.07.2013 13:36:36 | Computer Name = notebook | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16490 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 18c4 Anfangszeit: 01ce7bfe587dae01 Zeitpunkt der Beendigung: 209 [ System Events ] Error - 06.07.2013 01:07:23 | Computer Name = notebook | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 06.07.2013 01:19:55 | Computer Name = notebook | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 06.07.2013 02:02:53 | Computer Name = notebook | Source = DCOM | ID = 10010 Description = Error - 06.07.2013 11:17:17 | Computer Name = notebook | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 06.07.2013 11:18:51 | Computer Name = notebook | Source = Service Control Manager | ID = 7026 Description = Error - 06.07.2013 11:26:42 | Computer Name = notebook | Source = Service Control Manager | ID = 7009 Description = Error - 06.07.2013 11:26:42 | Computer Name = notebook | Source = Service Control Manager | ID = 7000 Description = Error - 06.07.2013 11:26:42 | Computer Name = notebook | Source = DCOM | ID = 10005 Description = Error - 08.07.2013 12:05:33 | Computer Name = notebook | Source = Service Control Manager | ID = 7026 Description = Error - 08.07.2013 12:22:30 | Computer Name = notebook | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = [ TuneUp Events ] Error - 21.08.2010 17:26:03 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 21.08.2010 17:26:08 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 03.10.2010 03:31:04 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 03.10.2010 03:31:10 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 20.10.2010 14:57:51 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 26.10.2010 13:11:01 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 05.11.2010 13:28:41 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 05.11.2010 13:28:41 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 05.11.2010 13:28:47 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 05.11.2010 13:31:37 | Computer Name = notebook | Source = TuneUp Program Statistics | ID = 131840 Description = < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.07.2013 21:38:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sweety\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,64 Gb Available Physical Memory | 32,13% Memory free 4,21 Gb Paging File | 1,81 Gb Available in Paging File | 43,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,63 Gb Total Space | 1,22 Gb Free Space | 2,01% Space Free | Partition Type: NTFS Drive D: | 29,18 Gb Total Space | 26,53 Gb Free Space | 90,91% Space Free | Partition Type: NTFS Drive E: | 29,19 Gb Total Space | 1,04 Gb Free Space | 3,55% Space Free | Partition Type: NTFS Drive G: | 298,02 Gb Total Space | 79,82 Gb Free Space | 26,78% Space Free | Partition Type: FAT32 Drive R: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32 Computer Name: NOTEBOOK | User Name: sweety | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\sweety\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avnotify.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.) PRC - C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Ltd) PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\Secure Banking\SecureBanking.exe (Secure Banking) PRC - C:\Programme\Secure Banking\sbservice.exe () PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia) PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\WButton.exe () PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\Launch Manager\LaunchAp.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\Secure Banking\sbservice.exe () MOD - C:\Programme\Secure Banking\SecureBanking.dll () MOD - C:\Programme\Secure Banking\funcs.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56ita.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56esp.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56brz.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56kor.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56ger.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56fra.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56dnk.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56jpn.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56cht.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56chs.dll () MOD - C:\Programme\Launch Manager\WButton.exe () MOD - C:\Programme\Launch Manager\LaunchAp.exe () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (RealNetworks Downloader Resolver Service) -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (Microsoft Office Groove Audit Service) -- D:\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (srvcPVR) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (mailKmd) -- File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.f95.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\sweety\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\sweety\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.05.09 07:58:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.05.17 20:44:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.06 07:46:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.07.06 07:46:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.06 07:46:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.07.06 07:46:15 | 000,000,000 | ---D | M] [2010.01.19 20:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sweety\AppData\Roaming\mozilla\Extensions [2013.04.12 18:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\20qd0ckc.default\extensions [2010.04.27 21:13:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\20qd0ckc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.05.19 08:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\wbpr6jl1.default-1340989836190\extensions [2013.05.19 08:16:19 | 000,000,000 | ---D | M] (WOT) -- C:\Users\sweety\AppData\Roaming\mozilla\Firefox\Profiles\wbpr6jl1.default-1340989836190\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.03.02 10:59:23 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\sweety\AppData\Roaming\mozilla\firefox\profiles\wbpr6jl1.default-1340989836190\extensions\firefox@mega.co.nz.xpi [2013.07.06 07:46:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.07.06 07:46:42 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.09 07:55:26 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - homepage: CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: CHR - Extension: No name found = C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: No name found = C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\ CHR - Extension: No name found = C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: No name found = C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.11.16 19:35:50 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe File not found O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe () O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [SecureBanking] C:\Programme\Secure Banking\SecureBanking.exe (Secure Banking) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-22/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-22/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivX Plus Web Player Object) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab (AldiSuedActiveFormX Element) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8590110B-763D-4E08-9C0B-016D5E8DC03F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2538822-8FA8-4FB7-BABD-7A7E81D14206}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.08 21:18:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sweety\Desktop\OTL.exe [2013.07.06 07:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.07.06 07:32:18 | 001,373,373 | ---- | C] (Farbar) -- C:\Users\sweety\Desktop\FRST.exe [2013.06.30 17:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.06.29 10:58:03 | 001,372,101 | ---- | C] (Farbar) -- C:\Users\sweety\Desktop\FRST.exe.383f2ja.partial [2013.06.29 10:45:41 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.29 10:45:01 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\sweety\Desktop\JRT.exe [2013.06.28 20:32:53 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.22 07:27:57 | 000,000,000 | ---D | C] -- C:\Users\sweety\AppData\Roaming\SecondLife [2013.06.22 07:27:51 | 000,000,000 | ---D | C] -- C:\Users\sweety\AppData\Local\SecondLife [2013.06.22 07:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer [2013.06.22 07:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\SecondLifeViewer [2013.06.22 07:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue [2013.06.12 20:00:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.06.12 20:00:16 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.06.12 20:00:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.06.12 20:00:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.06.12 20:00:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.06.12 20:00:13 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.06.12 20:00:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.06.12 20:00:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.06.11 21:22:02 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2013.06.11 21:22:01 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll [2013.06.11 21:21:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll [2013.06.11 21:21:04 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.06.11 21:21:03 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.06.11 21:20:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll ========== Files - Modified Within 30 Days ========== [2013.07.08 21:47:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.08 21:19:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sweety\Desktop\OTL.exe [2013.07.08 20:04:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.08 20:04:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.08 19:11:12 | 000,020,015 | ---- | M] () -- C:\Users\sweety\Desktop\Unbenannt.jpg [2013.07.08 18:07:04 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\dsmonitor.job [2013.07.08 18:04:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.06 07:32:19 | 001,373,373 | ---- | M] (Farbar) -- C:\Users\sweety\Desktop\FRST.exe [2013.07.06 06:59:14 | 000,890,988 | ---- | M] () -- C:\Users\sweety\Desktop\SecurityCheck.exe [2013.06.29 10:58:03 | 001,372,101 | ---- | M] (Farbar) -- C:\Users\sweety\Desktop\FRST.exe.383f2ja.partial [2013.06.29 10:45:01 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\sweety\Desktop\JRT.exe [2013.06.22 07:27:36 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk [2013.06.11 21:47:44 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.06.11 21:47:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.07.08 19:11:11 | 000,020,015 | ---- | C] () -- C:\Users\sweety\Desktop\Unbenannt.jpg [2013.07.06 06:59:10 | 000,890,988 | ---- | C] () -- C:\Users\sweety\Desktop\SecurityCheck.exe [2013.06.22 07:27:35 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk [2012.06.29 18:37:16 | 000,000,000 | ---- | C] () -- C:\Users\sweety\defogger_reenable [2012.05.28 07:54:18 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.05.28 07:54:17 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.12.11 20:48:10 | 000,000,000 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\ASC001.bin [2011.08.07 16:52:55 | 000,000,552 | ---- | C] () -- C:\Users\sweety\AppData\Local\d3d8caps.dat [2011.08.07 16:41:49 | 000,001,356 | ---- | C] () -- C:\Users\sweety\AppData\Local\d3d9caps.dat [2007.10.14 20:16:09 | 000,057,344 | ---- | C] () -- C:\Users\sweety\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.16 17:26:32 | 000,000,000 | ---- | C] () -- C:\Users\sweety\AppData\Roaming\wklnhst.dat [2007.09.06 21:28:44 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.09.06 15:44:14 | 000,000,094 | ---- | C] () -- C:\Users\sweety\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
09.07.2013, 07:26 | #12 |
/// the machine /// TB-Ausbilder | Rechner beim hochfahren sehr langsamFixen mit OTL
Code:
ATTFilter :Commands [resethosts] [emptytemp]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.07.2013, 11:40 | #13 |
| Rechner beim hochfahren sehr langsamCode:
ATTFilter All processes killed ========== COMMANDS ========== File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Error: Unble to create default HOSTS file! [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: sweety ->Temp folder emptied: 55591 bytes ->Temporary Internet Files folder emptied: 76704900 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 56563206 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 4978 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 22487901 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 149,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 07142013_120126 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. File\Folder C:\Users\sweety\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKW8WMPZ\index_hoch1[1].htm not found! File\Folder C:\Windows\temp\HFI8E9.tmp.html not found! File\Folder C:\Windows\temp\JETA968.tmp not found! C:\Windows\temp\JETCDB9.tmp moved successfully. C:\Windows\temp\KB2840628_20130714_120557720-Microsoft .NET Framework 4 Client Profile-MSP0.txt moved successfully. C:\Windows\temp\KB2840628_20130714_120557720.html moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
14.07.2013, 12:50 | #14 |
/// the machine /// TB-Ausbilder | Rechner beim hochfahren sehr langsam Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.07.2013, 17:10 | #15 |
| Rechner beim hochfahren sehr langsam die Fehlermeldung kommt immer noch, ansosten scheint es schneller zu sein |
Themen zu Rechner beim hochfahren sehr langsam |
ausgelastet, auslastung, cpu, cpu auslastung, fehler, hochfahren, kurzem, langsam, meldung, rechner, sehr langsam, server, server ausgelastet, uniblue, versuch, versucht |